Scanning for known vulnerabilities using kube-hunter
Security advisories and announcements (https://kubernetes.io/docs/reference/issues-security/security/) published by Kubernetes are the best way to keep track of new security vulnerabilities found in Kubernetes. The announcements and advisory emails can get a bit overwhelming and it's always possible to miss an important vulnerability. To avoid these situations, a tool that periodically checks the cluster for any known CVEs comes to the rescue. kube-hunter is an open source tool that is developed and maintained by Aqua that helps identify known security issues in your Kubernetes cluster.
The steps to set up kube-hunter are as follows:
- Clone the repository:
$git clone https://github.com/aquasecurity/kube-hunter
- Run the
kube-hunterpod in your cluster:$ ./kubectl create -f job.yaml
- View the logs to find any issues with your cluster:
$ ./kubectl get pods NAMEÂ Â Â Â Â Â Â Â Â ...
