Kubernetes clusters can quickly become complicated in terms of setup and management based on the requirements of your workloads. More often than not, security misconfigurations can wreak havoc if exploited by attackers or simply cause a compliance failure.
kubeaudit, an open source tool created by the folks at Shopify, can be used to perform a security audit of Kubernetes clusters to find common low hanging fruits that are often exploited by attackers.
kubeaudit is available as a Go package from https://github.com/Shopify/kubeaudit. Multiple installation options are available from the GitHub repository. We will show 3 of the more common ways of running kubeaudit in this article.
From https://github.com/Shopify/kubeaudit/releases, under Assets, download the binary for your target operating system. For our example, since we are using an Ubuntu 20.04 machine, we will download the kubeaudit_version_linux_amd64.tar.gz release.
Run tar -xzvf kubeaudit_0.21.0_linux_amd64.tar.gz to unpack the binary and run ./kubeaudit version to confirm it runs.
You need to have Go installed on your system. To install Go on Ubuntu, you can use
sudo apt update
sudo apt install golang-goTo install kubeaudit using Go
From a terminal run
go get -v github.com/Shopify/kubeauditRun kubeaudit version to confirm the program is setup properly.
kubeaudit versionThe published docker version of kubeaudit was built for the arm platform. To run kubeaudit using docker, we will need to build it for the amd64 platform.
Download the source from the releases page at https://github.com/Shopify/kubeaudit/releases
Unzip the source using unzip filename.zip and then switch to the unzipped directory
Run the following command to build an amd64 build of kubeaudit
docker build --platform linux/amd64 --tag amd64kubeaudit .You can run the docker image using the following
docker run --name kubeaudit --platform linux/amd64 --rm --privileged amd64kubeaudit:latest version