See the project's README (opens new window) for notes and caveats.
Kube-bench can run in two different modes:
cronjobwill run kube-bench on a single node
daemonsetwill run kube-bench on all nodes
If you're confident that your nodes are all using the same configuration,
cronjob mode should
suffice. But if you want to be certain,
daemonset mode will check every node in your cluster
against the CIS benchmark.