mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-22 08:08:07 +00:00
docs: Clarify how to run Job on OpenShift (#1401)
Signed-off-by: Jack Henschel <jackdev@mailbox.org>
This commit is contained in:
parent
7aeb6c3977
commit
0decc8a53f
@ -34,7 +34,7 @@ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -t -v path/to/my-config.ya
|
|||||||
|
|
||||||
You can run kube-bench inside a pod, but it will need access to the host's PID namespace in order to check the running processes, as well as access to some directories on the host where config files and other files are stored.
|
You can run kube-bench inside a pod, but it will need access to the host's PID namespace in order to check the running processes, as well as access to some directories on the host where config files and other files are stored.
|
||||||
|
|
||||||
The supplied `job.yaml` file can be applied to run the tests as a job. For example:
|
The `job.yaml` file (available in the root directory of the repository) can be applied to run the tests as a Kubernetes `Job`. For example:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ kubectl apply -f job.yaml
|
$ kubectl apply -f job.yaml
|
||||||
@ -140,6 +140,14 @@ kube-bench includes a set of test files for Red Hat's OpenShift hardening guide
|
|||||||
|
|
||||||
`kube-bench` supports auto-detection, when you run the `kube-bench` command it will autodetect if running in openshift environment.
|
`kube-bench` supports auto-detection, when you run the `kube-bench` command it will autodetect if running in openshift environment.
|
||||||
|
|
||||||
|
Since running `kube-bench` requires elevated privileges, the `privileged` SecurityContextConstraint needs to be applied to the ServiceAccount used for the `Job`:
|
||||||
|
|
||||||
|
```
|
||||||
|
oc create namespace kube-bench
|
||||||
|
oc adm policy add-scc-to-user privileged --serviceaccount default
|
||||||
|
oc apply -f job.yaml
|
||||||
|
```
|
||||||
|
|
||||||
### Running in a GKE cluster
|
### Running in a GKE cluster
|
||||||
|
|
||||||
| CIS Benchmark | Targets |
|
| CIS Benchmark | Targets |
|
||||||
|
Loading…
Reference in New Issue
Block a user