Banzai Cloud is now part of Cisco

Learn More

About Cisco

Banzai Cloud Logo Close
Home Products
Overview Backyards Pipeline One Eye Supertubes Kubernetes distribution Bank-Vaults Logging operator Kafka operator Istio operator
Benefits Blog Company Contact
Get Started
Banzai Cloud Home BANZAICLOUD
Banzai Cloud Home BANZAICLOUD
Home
Products
Overview Backyards Pipeline One Eye Supertubes Kubernetes distribution Bank-Vaults Logging operator Kafka operator Istio operator
Company Blog Contact

Banzai Cloud PKE CIS Kubernetes benchmark

security (44) pke (17) CIS (1) certified (4) kubernetes (213)
Author Ferenc Hernadi

The content of this page hasn't been updated for years and might refer to discontinued products and projects.

At Banzai Cloud we strive to enable a secure software supply chain which ensures that applications deployed with the Pipeline platform and Pipeline Kubernetes Engine are secure, without reducing developer productivity across all environments (on-premise, multi-, hybrid-, and edge-cloud). While we have our own internal processes and a dedicated security team working full time on hardening the entire application platform stack, it also makes sense to provide confidence to our customers following industry standard benchmarks.

Today we are happy to announce that our own CNCF certified Kubernetes distribution, PKE has passed the CIS Benchmark for Kubernetes. For those unfamiliar with the CIS benchmark, it’s an industry standard and objective, consensus-driven security guidelines for Kubernetes-based Software.

Below are a few highlights of the Banzai Cloud Pipeline security approach:
All secrets, certificates are stored and generated by Vault
Secrets are dynamically injected in Pods
Pipeline and PKE is integrated with Dex to support multiple auth backends
Provider agnostic authentication and authorization for Pipeline and PKE

Obviously there are lots more, if you are interested to learn more please get in touch with us, we’d be happy to chat.

Pipeline

The Banzai Cloud PKE CIS Benchmark for Kubernetes test results are available here.

The CIS Benchmark for Kubernetes 🔗︎

While there are quite a few tests and manual guidelines available, we decided to use the automated kube-bench open source tool, made by the great folks from Aqua Security. kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. The tool is now wired into our own internal release process and running continuously against PKE clusters.

Hunting for security weaknesses in Kubernetes clusters 🔗︎

Passing the CIS benchmarks was a great start, and provides confidence to our customers, however we are doing even more. The Aqua Security folks have open sourced another security tool - kube-hunter to increase awareness and visibility for security issues in Kubernetes environments.

PKE clusters are continuously tested with kube-hunter as well, in both remote/internal scanning and also in active hunting mode, in order to attempt to exploit vulnerabilities that the tool finds. We are happy to disclose that there were no vulnerabilities found and also that we are using the tool in the Pipeline Kubernetes Engine release process.

Related resources
Introduction to Istio access control
article
Image
Bringing Kafka ACLs to Kubernetes the declarative way
article
Image
Deploying Istio with restricted Pod Security Policies
article
Image
Documentation
Contacts
Terms & Conditions
Privacy Statement
Cookies
Trademarks
© 2017–2023 Banzai Cloud