Auditing Kubernetes with Kubeaudit - Introduction and setup

Riyaz Walikar
Feature image


Kubernetes clusters can quickly become complicated in terms of setup and management based on the requirements of your workloads. More often than not, security misconfigurations can wreak havoc if exploited by attackers or simply cause a compliance failure.

kubeaudit, an open source tool created by the folks at Shopify, can be used to perform a security audit of Kubernetes clusters to find common low hanging fruits that are often exploited by attackers.


kubeaudit is available as a Go package from https://github.com/Shopify/kubeaudit. Multiple installation options are available from the GitHub repository. We will show 3 of the more common ways of running kubeaudit in this article.

Using a release binary

  1. From https://github.com/Shopify/kubeaudit/releases, under Assets, download the binary for your target operating system. For our example, since we are using an Ubuntu 20.04 machine, we will download the kubeaudit_version_linux_amd64.tar.gz release.

  2. Run tar -xzvf kubeaudit_0.21.0_linux_amd64.tar.gz to unpack the binary and run ./kubeaudit version to confirm it runs.

    kubeaudit unpack and run

Using go get

You need to have Go installed on your system. To install Go on Ubuntu, you can use

sudo apt update
sudo apt install golang-go

To install kubeaudit using Go

  1. From a terminal run

    go get -v github.com/Shopify/kubeaudit
  2. Run kubeaudit version to confirm the program is setup properly.

    kubeaudit version

Using docker

The published docker version of kubeaudit was built for the arm platform. To run kubeaudit using docker, we will need to build it for the amd64 platform.

  1. Download the source from the releases page at https://github.com/Shopify/kubeaudit/releases

  2. Unzip the source using unzip filename.zip and then switch to the unzipped directory

  3. Run the following command to build an amd64 build of kubeaudit

    docker build --platform linux/amd64 --tag amd64kubeaudit .
  4. You can run the docker image using the following

    docker run --name kubeaudit --platform linux/amd64 --rm --privileged amd64kubeaudit:latest version

    kubeaudit local docker build run

← Back to Academy