1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-20 21:58:06 +00:00

Merge pull request #119 from aquasecurity/fix-install

Script needs to actually install kube-bench & its config
This commit is contained in:
Liz Rice 2018-05-11 15:45:14 +01:00 committed by GitHub
commit 5be0a9fbdf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 6 deletions

View File

@ -17,11 +17,15 @@ kube-bench supports the tests for multiple versions of Kubernetes (1.6, 1.7 and
## Installation
You can either install kube-bench through a dedicated container, install the latest binaries from the [Releases page](https://github.com/aquasecurity/kube-bench/releases), or compile it from source.
You can choose to
* run kube-bench from inside a container (sharing PID namespace with the host)
* run a container that installs kube-bench on the host, and then run kube-bench directly on the host
* install the latest binaries from the [Releases page](https://github.com/aquasecurity/kube-bench/releases),
* compile it from source.
### Running inside a container
You can avoid installing kube-bench entirely by running it inside a container using the host PID namespace.
You can avoid installing kube-bench on the host by running it inside a container using the host PID namespace.
```
docker run --pid=host aquasec/kube-bench:latest <master|node>
@ -35,12 +39,12 @@ docker run --pid=host -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml
### Installing from a container
If you want to install a pre-built kube-bench, you can copy the kube-bench binary and configuration files to your host from the Docker container:
This command copies the kube-bench binary and configuration files to your host from the Docker container:
```
docker run --rm -v `pwd`:/host aquasec/kube-bench:latest install
```
You can then run `./kube-bench <master|node>`. This should work for any Linux distribution, including Alpine.
You can then run `./kube-bench <master|node>`.
### Installing from sources

View File

@ -2,8 +2,8 @@
if [ "$1" == "install" ]; then
if [ -d /host ]; then
mkdir -p /host/cfg/
yes | cp -rf /cfg/* /host/cfg/
yes | cp -rf /kube-bench /host/
yes | cp -rf cfg/* /host/cfg/
yes | cp -rf /usr/local/bin/kube-bench /host/
echo "==============================================="
echo "kube-bench is now installed on your host "
echo "Run ./kube-bench to perform a security check "