In this session we explore how InSpec can be used to validate security and compliance settings on Kubernetes clusters. To scan all relevant security settings on a cluster that is managed in the Cloud this typically involves running checks against the Cloud Provider’s API, the Kubernetes API as well as each node’s local filesystem. We are going see a demonstration of how to run InSpec for security and compliance validation of a Kubernetes cluster with the example of the CIS benchmark for Google Kubernetes Engine (GKE).
– Konrad Schieban (Google)
– Aaron Lippold (MITRE)