diff --git a/job.yaml b/job.yaml index 879fba1..a7e7aaf 100644 --- a/job.yaml +++ b/job.yaml @@ -9,79 +9,77 @@ spec: labels: app: kube-bench spec: - hostPID: true containers: - - name: kube-bench - image: docker.io/aquasec/kube-bench:v0.6.15 - command: ["kube-bench"] + - command: ["kube-bench"] + image: docker.io/aquasec/kube-bench:vv0.6.16-rc + name: kube-bench volumeMounts: - - name: var-lib-etcd - mountPath: /var/lib/etcd + - mountPath: /var/lib/etcd + name: var-lib-etcd readOnly: true - - name: var-lib-kubelet - mountPath: /var/lib/kubelet + - mountPath: /var/lib/kubelet + name: var-lib-kubelet readOnly: true - - name: var-lib-kube-scheduler - mountPath: /var/lib/kube-scheduler + - mountPath: /var/lib/kube-scheduler + name: var-lib-kube-scheduler readOnly: true - - name: var-lib-kube-controller-manager - mountPath: /var/lib/kube-controller-manager + - mountPath: /var/lib/kube-controller-manager + name: var-lib-kube-controller-manager readOnly: true - - name: etc-systemd - mountPath: /etc/systemd + - mountPath: /etc/systemd + name: etc-systemd readOnly: true - - name: lib-systemd - mountPath: /lib/systemd/ + - mountPath: /lib/systemd/ + name: lib-systemd readOnly: true - - name: srv-kubernetes - mountPath: /srv/kubernetes/ + - mountPath: /srv/kubernetes/ + name: srv-kubernetes readOnly: true - - name: etc-kubernetes - mountPath: /etc/kubernetes + - mountPath: /etc/kubernetes + name: etc-kubernetes readOnly: true - # /usr/local/mount-from-host/bin is mounted to access kubectl / kubelet, for auto-detecting the Kubernetes version. - # You can omit this mount if you specify --version as part of the command. - - name: usr-bin - mountPath: /usr/local/mount-from-host/bin + - mountPath: /usr/local/mount-from-host/bin + name: usr-bin readOnly: true - - name: etc-cni-netd - mountPath: /etc/cni/net.d/ + - mountPath: /etc/cni/net.d/ + name: etc-cni-netd readOnly: true - - name: opt-cni-bin - mountPath: /opt/cni/bin/ + - mountPath: /opt/cni/bin/ + name: opt-cni-bin readOnly: true + hostPID: true restartPolicy: Never volumes: - - name: var-lib-etcd - hostPath: - path: "/var/lib/etcd" - - name: var-lib-kubelet - hostPath: - path: "/var/lib/kubelet" - - name: var-lib-kube-scheduler - hostPath: - path: "/var/lib/kube-scheduler" - - name: var-lib-kube-controller-manager - hostPath: - path: "/var/lib/kube-controller-manager" - - name: etc-systemd - hostPath: - path: "/etc/systemd" - - name: lib-systemd - hostPath: - path: "/lib/systemd" - - name: srv-kubernetes - hostPath: - path: "/srv/kubernetes" - - name: etc-kubernetes - hostPath: - path: "/etc/kubernetes" - - name: usr-bin - hostPath: - path: "/usr/bin" - - name: etc-cni-netd - hostPath: - path: "/etc/cni/net.d/" - - name: opt-cni-bin - hostPath: - path: "/opt/cni/bin/" + - hostPath: + path: /var/lib/etcd + name: var-lib-etcd + - hostPath: + path: /var/lib/kubelet + name: var-lib-kubelet + - hostPath: + path: /var/lib/kube-scheduler + name: var-lib-kube-scheduler + - hostPath: + path: /var/lib/kube-controller-manager + name: var-lib-kube-controller-manager + - hostPath: + path: /etc/systemd + name: etc-systemd + - hostPath: + path: /lib/systemd + name: lib-systemd + - hostPath: + path: /srv/kubernetes + name: srv-kubernetes + - hostPath: + path: /etc/kubernetes + name: etc-kubernetes + - hostPath: + path: /usr/bin + name: usr-bin + - hostPath: + path: /etc/cni/net.d/ + name: etc-cni-netd + - hostPath: + path: /opt/cni/bin/ + name: opt-cni-bin