kubebox VS kube-bench

To anyone visiting here, I got a lot of feedback for new tools (which I haven't tried yet), both on Youtube and here, so I compiled it into a list: A comment on Lens: Initially I wanted to include Lens in the video but decided it's a bit different in that it's not a CLI / TUI. Many users shared bad experience with Lens, mainly around performance and a large amount of requests it shoots at the cluster API to a point where some companies banned it. These are the tools (I may add a video review on if anyone thinks it's worth it): * https://github.com/kubermatic/fubectl - for an improved kubectl experience * https://github.com/particledecay/kconf - for those with complex kubeconfig changes requirements * https://github.com/MuhammedKalkan/OpenLens - an open version of Lens (note the above before using) * https://github.com/hidetatz/kubecolor - colored kubectl output :) * https://github.com/astefanutti/kubebox - the K9s little brother? * https://github.com/bergerx/kubectl-status - human friendly resource status output

If that later becomes problematic, maybe I'll switch to https://github.com/astefanutti/kubebox

2. Kubebench: https://github.com/aquasecurity/kube-bench Kubebench is an open-source tool that checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark.

However, no matter how well our applications are secured, the security of our entire IT environment ultimately depends on the security of our infrastructure. Therefore, in the lab to follow, we will shift our focus away from Kubernetes workloads and instead explore how we can evaluate and improve upon the security of our Kubernetes clusters with kube-bench, the industry-leading Kubernetes benchmarking solution developed by Aqua.

The official repository can be found here with detailed installation instructions.

curl -L [https://github.com/aquasecurity/kube-bench/releases/download/v0.6.10/kube-bench_0.6.10_linux_amd64.deb](https://github.com/aquasecurity/kube-bench/releases/download/v0.6.2/kube-bench_0.6.2_linux_amd64.deb) -o kube-bench_0.6.10_linux_amd64.deb

I haven't used Kubernetes for a while, but shouldn't kube-bench (1) be enough? Do you have to check anything manually?

(1) https://github.com/aquasecurity/kube-bench

kube-bench checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. We can deploy kube-bench as a Job that runs daily and consume its report in CI/CD to pass or fail the pipeline based on the level of severity.

kube-bench can be executed as a simple command on the host, as a container on the host using Docker command, or as a job inside Kubernetes Cluster. In case it is run inside a container/pod, it will need access to the PID namespace of the host system. The methods to run kube-bench in AKS, EKS, GKE, On-prem cluster, Openshift and ACK (Alibaba Cloud Container Service For Kubernetes) are different but well documented.

Check this out: kube-bench - CIS Benchmark

Kube-bench, written as a Go application, is deployable as a container. Ready-made job.yaml files make it easy to run Kube-bench inside a Kubernetes cluster or on a managed Kubernetes service, such as Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), or OpenShift. Here's a link to Kube-Bench on Github