Known Issues and Mitigations
kube-bench
analyses security-related aspects of your cluster, and creates alerts when your Kubernetes cluster is not compliant with the best practices established in the CIS benchmark.
Some of the issue alerts relate to elements of clusters that were created with Konvoy, DKP’s provisioning tool.
For customers who require CIS Benchmark compliance, this page provides an overview of how to mitigate these known alerts, or provide an explanation of why it is not feasible to address the issue.
For issues that can be mitigated, create patch files with the mitigations, then create a cluster kustomization that references these patch files, and, lastly, create a new cluster based on the kustomization file as shown in Mitigate Issues by Creating Custom Clusters.
For issues that cannot be mitigated, see the List of CIS Benchmark Explanations.