• Need to run kube-bench on a vSphere Kubernetes Cluster to assess the security configuration of your VKS environment against the Center for Internet Security (CIS) Kubernetes Benchmark.

• vSphere Kubernetes Service

Follow the below steps to execute kube-bench on a VKS Cluster:

1. Login to a Guest Cluster controlplane/worker node as vmware-system-user. Reference KB: Accessing vSphere with Tanzu workload clusters using SSH

2. Run the command: sudo -i

3. Create a new directory:
   
   mkdir /home/kube-bench

4. Run the curl command to download the kube-bench.tar:
   
   curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.13.0/kube-bench_0.13.0_linux_amd64.tar.gz -o /home/kube-bench/kube-bench.tar

5. Untar the file:
   
   tar -xvf /home/kube-bench/kube-bench.tar -C /home/kube-bench

6. Move the file to /usr/local/bin:
   
   sudo mv /home/kube-bench/kube-bench /usr/local/bin/

7. Execute kube-bench and redirect the output to a file:
   
   sudo kube-bench --config-dir /home/kube-bench/cfg --config /home/kube-bench/cfg/config.yaml > kube-bench.report

8. Validate the kube-bench.report file.