arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00
Code Issues Releases Wiki Activity

mount /etc/passwd and /etc/group for etcd ownership related checks (#868)

Browse Source
This commit is contained in:
Huang Huang 2021-05-09 19:25:14 +08:00 committed by GitHub
parent a1bd51db99
commit 182e64753e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
job-master.yaml
View File

@ -53,6 +53,12 @@ spec:
- name: opt-cni-bin - name: opt-cni-bin
mountPath: /opt/cni/bin/ mountPath: /opt/cni/bin/
readOnly: true readOnly: true
- name: etc-passwd
mountPath: /etc/passwd
readOnly: true
- name: etc-group
mountPath: /etc/group
readOnly: true
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: var-lib-etcd - name: var-lib-etcd
@ -88,3 +94,9 @@ spec:
- name: opt-cni-bin - name: opt-cni-bin
hostPath: hostPath:
path: "/opt/cni/bin/" path: "/opt/cni/bin/"
- name: etc-passwd
hostPath:
path: "/etc/passwd"
- name: etc-group
hostPath:
path: "/etc/group"