crc VS kube-bench

The issue is currently being worked on here is the link with the workaround.

Yessss . Just incase Git hub releases: https://github.com/crc-org/crc/releases

You can try running https://github.com/crc-org/crc with the podman preset (!) to test it. It would not be exactly the same how podman machine will use it eventualky, but might help to give an idea of performance or issues we can imorove on first. We have seen a lot of users being more than content as it also works in a vpn environment. Note that the CRC tool primarily aims at OpenShift deployment... This is a different preset (resource intensive). Only available as an installer with our tray (sorry about this).

The driver we use is https://github.com/crc-org/vfkit and I am sure Christophe could share a method to just run the VM with our driver. HMU by email if you prefer.

CodeReady Containers which allows you to spin up a reduced OpenShift node in a single VM on a desktop/laptop for getting familiar with the platform. It disables quite a few operators so it's not a full experience, but enough for a developer to get going. It doesn't have the lightest requirements but it works for the most part. By default it's recommended to have 4 cores, 12GB of memory and the disk expands to 35GB. These can be tweaked through the setup, though.

I'm having issues as described in https://github.com/code-ready/crc/issues/2945

GitHub - code-ready/crc: Red Hat CodeReady Containers is a tool that manages a local OpenShift 4.x cluster optimized for testing and development purposes

Appears to be possible but definitely more on the DiY side. https://github.com/code-ready/crc/issues/2480

However, no matter how well our applications are secured, the security of our entire IT environment ultimately depends on the security of our infrastructure. Therefore, in the lab to follow, we will shift our focus away from Kubernetes workloads and instead explore how we can evaluate and improve upon the security of our Kubernetes clusters with kube-bench, the industry-leading Kubernetes benchmarking solution developed by Aqua.

The official repository can be found here with detailed installation instructions.

curl -L [https://github.com/aquasecurity/kube-bench/releases/download/v0.6.10/kube-bench_0.6.10_linux_amd64.deb](https://github.com/aquasecurity/kube-bench/releases/download/v0.6.2/kube-bench_0.6.2_linux_amd64.deb) -o kube-bench_0.6.10_linux_amd64.deb

I haven't used Kubernetes for a while, but shouldn't kube-bench (1) be enough? Do you have to check anything manually?

(1) https://github.com/aquasecurity/kube-bench

kube-bench checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. We can deploy kube-bench as a Job that runs daily and consume its report in CI/CD to pass or fail the pipeline based on the level of severity.

kube-bench can be executed as a simple command on the host, as a container on the host using Docker command, or as a job inside Kubernetes Cluster. In case it is run inside a container/pod, it will need access to the PID namespace of the host system. The methods to run kube-bench in AKS, EKS, GKE, On-prem cluster, Openshift and ACK (Alibaba Cloud Container Service For Kubernetes) are different but well documented.

Check this out: kube-bench - CIS Benchmark

Kube-bench, written as a Go application, is deployable as a container. Ready-made job.yaml files make it easy to run Kube-bench inside a Kubernetes cluster or on a managed Kubernetes service, such as Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), or OpenShift. Here's a link to Kube-Bench on Github

kube-bench - Checks whether Kubernetes is deployed securely by running CIS Kubernetes Benchmark