diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index ce3978d88e120a37d421a1045e1f0365b9997bc0..31c237eb854b86b1a3d76aa20b41c5109a6e649e 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -1,5 +1,3 @@
-# Default OAS config dir on the cluster
-configuration_directory: "/etc/OpenAppStack"
 # Directory to store generated configuration and cluster state.
 data_directory: "/var/lib/OpenAppStack"
 
@@ -51,21 +49,15 @@ helm:
   # We use the official helm install script for now which has no checksum.
   version: '3.1.1'
 
+kube_bench:
+  version: 0.3.0
+  checksum: 'sha256:e9ecd3be4b91ebd728caa352cf95e819ddadf8cbe5bf641da46534e1baac99a2'
+
 krew:
   # https://github.com/kubernetes-sigs/krew/releases
   version: '0.2.1'
   checksum: 'sha256:dc2f2e1ec8a0acb6f3e23580d4a8b38c44823e948c40342e13ff6e8e12edb15a'
 
-rke:
-  # You can change the kubernetes version used by rke in
-  # `ansible/group_vars/all/settings.yml.example`
-  #
-  # https://github.com/rancher/rke/releases
-  version: '1.1.1'
-  # Also possible:
-  # checksum: 'sha256:https://github.com/rancher/rke/releases/download/v1.1.1/sha256sum.txt'
-  checksum: 'sha256:8b28540ddd58b9c2eebfbf0c59a512205bf96ef7368853504e8cf76e524e7197'
-
 cert_manager:
   # cert-manager requires custom resource definitions applied before installing
   # the helm chart. See https://hub.helm.sh/charts/jetstack/cert-manager for
diff --git a/ansible/group_vars/all/settings.yml.example b/ansible/group_vars/all/settings.yml.example
index 77eb12223a6e8ea6a9c8e708f830d7b4071ab5e4..5d2640593ea9af3cdbd80611ab2a2489132402e1 100644
--- a/ansible/group_vars/all/settings.yml.example
+++ b/ansible/group_vars/all/settings.yml.example
@@ -29,21 +29,3 @@ enabled_applications:
   - 'prometheus'
   - 'rocketchat'
   - 'wordpress'
-
-# Optional, custom rke config.
-# I.e. you can set the desired Kubernetes version but please be aware of
-# the [every rke release has only a few supported kubernetes versions](https://rancher.com/docs/rke/latest/en/config-options/#kubernetes-version).
-# See also https://rancher.com/blog/2019/keeping-k8s-current-with-rancher
-#
-# rke_custom_config:
-#   kubernetes_version: "v1.14.3-rancher1-1"
-#
-# Another example is allowing to disable ipv6 in pods by
-# passing adding an additional argument to the kubelet:
-# `--allowed-unsafe-sysctls net.ipv6.conf.all.disable_ipv6`
-#
-# rke_custom_config:
-#   services:
-#     kubelet:
-#       extra_args:
-#         allowed-unsafe-sysctls: 'net.ipv6.conf.all.disable_ipv6'
diff --git a/ansible/roles/pre-configure/tasks/main.yml b/ansible/roles/pre-configure/tasks/main.yml
index 787d720f162895e8f5266d8345391f0e38e27f0c..3daa0e4bbcb6b7c7204355b66d6319c4d4c71d59 100644
--- a/ansible/roles/pre-configure/tasks/main.yml
+++ b/ansible/roles/pre-configure/tasks/main.yml
@@ -102,5 +102,28 @@
   command: /usr/local/bin/get-helm --version v{{ helm.version }}
   when: helm_version.stdout != helm.version
 
+- name: Check if kube-bench is installed
+  command: dpkg-query -W kube-bench
+  register: kube_bench_check_deb
+  failed_when: kube_bench_check_deb.rc > 1
+  changed_when: kube_bench_check_deb.rc == 1
+
+- name: Download kube-bench binary
+  tags:
+    - kube-bench
+  get_url:
+    url: "https://github.com/aquasecurity/kube-bench/releases/download/v{{ kube_bench.version }}/kube-bench_{{ kube_bench.version }}_linux_amd64.deb"
+    checksum: '{{ kube_bench.checksum }}'
+    dest: /tmp/kube-bench_{{ kube_bench.version }}_linux_amd64.deb
+    force: yes
+    mode: '0755'
+  when: kube_bench_check_deb.rc == 1
+  become: true
+
+- name: Install my_package
+  apt: deb="/tmp/kube-bench_{{ kube_bench.version }}_linux_amd64.deb"
+  become: true
+  when: kube_bench_check_deb.rc == 1
+
 - name: Configure firewall
   import_tasks: journald.yml
diff --git a/test/pytest/test_system.py b/test/pytest/test_system.py
index 3be40fe1b8328f5734b05be1e219c669c75cea97..8b232ebffb6e2e4c6b6898e18651a195f91b2bbe 100644
--- a/test/pytest/test_system.py
+++ b/test/pytest/test_system.py
@@ -52,15 +52,7 @@ def test_kubernetes_setup(host):
     check_arg = ",".join(tests)
 
     result = host.run(" ".join([
-        "docker",
-        "run",
-        "--pid=host",
-        "-v",
-        "/etc:/etc:ro",
-        "-v",
-        "/var:/var:ro",
-        "-t",
-        "aquasec/kube-bench:latest",
+        "kube-bench",
         "--version=1.15",
         '--check="{}"'.format(check_arg),
         "--noremediations",