1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-25 01:18:12 +00:00

docs: Clarify how to run Job on OpenShift (#1401)

Signed-off-by: Jack Henschel <jackdev@mailbox.org>
This commit is contained in:
Jack Henschel 2023-03-18 18:30:19 +01:00 committed by GitHub
parent 7aeb6c3977
commit 0decc8a53f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -34,7 +34,7 @@ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -t -v path/to/my-config.ya
You can run kube-bench inside a pod, but it will need access to the host's PID namespace in order to check the running processes, as well as access to some directories on the host where config files and other files are stored.
The supplied `job.yaml` file can be applied to run the tests as a job. For example:
The `job.yaml` file (available in the root directory of the repository) can be applied to run the tests as a Kubernetes `Job`. For example:
```bash
$ kubectl apply -f job.yaml
@ -140,6 +140,14 @@ kube-bench includes a set of test files for Red Hat's OpenShift hardening guide
`kube-bench` supports auto-detection, when you run the `kube-bench` command it will autodetect if running in openshift environment.
Since running `kube-bench` requires elevated privileges, the `privileged` SecurityContextConstraint needs to be applied to the ServiceAccount used for the `Job`:
```
oc create namespace kube-bench
oc adm policy add-scc-to-user privileged --serviceaccount default
oc apply -f job.yaml
```
### Running in a GKE cluster
| CIS Benchmark | Targets |