Announcing CIS Benchmark Compliance: Enhanced Security by Default for SIGHUP Distribution

We are excited to announce a significant milestone for the SIGHUP Distribution (formerly Kubernetes Fury Distribution): we have implemented a solution in accordance with the CIS Kubernetes Benchmark. 

Security is often a complex balancing act between usability and protection. With this latest update, we are making that balance easier for you to maintain. Our distribution now comes with our opinionated implementation of the Center for Internet Security (CIS) standards, ensuring that your clusters are built on a foundation of vetted, globally recognized security best practices.

What This Means for You

The CIS Kubernetes Benchmark is widely considered the gold standard for securing Kubernetes environments. By aligning with these benchmarks, we are providing you with a platform that is secure by design.

Our latest release for the on-premise clusters allows your installation to be hardened by default, you no longer need to spend days manually tuning configurations to meet basic security baselines—we’ve done the heavy lifting for you.

Key benefits include:

• Reduced Attack Surface: Our defaults now enforce restrictive permissions, secure authentication methods, and safer configurations across the board, minimizing potential vulnerabilities.
• Automated Validation: We haven't just applied these settings once; we have integrated kube-bench, Aqua Security's automated benchmarking tool, directly into our release pipelines. This ensures that every new version we release maintains this high security standard.
• Peace of Mind: Whether it’s the control plane, worker nodes, or etcd storage, you can trust that your infrastructure is provisioned in accordance with rigorous industry recommendations to protect against common misconfigurations and threats.

Committed to Security

Adopting the CIS Benchmark is part of our ongoing commitment to providing a production-grade Kubernetes distribution that doesn't just work, but works safely. We believe that security shouldn't be an afterthought or an add-on; it should be the starting point of every deployment.

For a deeper dive into how we achieve this compliance and the specific areas we cover, see our full documentation.

Read more about our CIS Benchmark Compliance here and check our kube-bench configuration.