This recipe showed you how to quickly run CIS Kubernetes Benchmarks on your cluster using kube-bench.
In the Running kube-bench on Kubernetes recipe, in step 1, after you executed the checks, kube-bench accessed the configuration files that were kept in the following directories: /var/lib/etcd, /var/lib/kubelet, /etc/systemd, /etc/kubernetes, and /usr/bin. Therefore, the user who runs the checks needs to provide root/sudo access to all the config files.
If the configuration files can't be found in their default directories, the checks will fail. The most common issue is the missing kubectl binary in the /usr/bin directory. kubectl is used to detect the Kubernetes version. You can skip this directory by specifying the Kubernetes version using --version as part of the command, similar to the following:
$ kube-bench master --version 1.14
Step 1 will return four different states. The PASS and FAIL states are self-explanatory as they indicate whether the tests were run successfully or failed. WARN indicates that the test requires manual validation, which means it requires attention. Finally, INFO means that no further action is required.