mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-27 08:58:06 +00:00
Advise the use to mount /etc & /var read only for docker usage
This commit is contained in:
parent
21f7902288
commit
af7ad90477
@ -28,13 +28,13 @@ You can choose to
|
|||||||
You can avoid installing kube-bench on the host by running it inside a container using the host PID namespace and mounting the `/etc` and `/var` directories where the configuration and other files are located on the host, so that kube-bench can check their existence and permissions.
|
You can avoid installing kube-bench on the host by running it inside a container using the host PID namespace and mounting the `/etc` and `/var` directories where the configuration and other files are located on the host, so that kube-bench can check their existence and permissions.
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run --pid=host -v /etc:/etc -v /var:/var -t aquasec/kube-bench:latest <master|node>
|
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -t aquasec/kube-bench:latest <master|node>
|
||||||
```
|
```
|
||||||
|
|
||||||
You can even use your own configs by mounting them over the default ones in `/opt/kube-bench/cfg/`
|
You can even use your own configs by mounting them over the default ones in `/opt/kube-bench/cfg/`
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run --pid=host -v /etc:/etc -v /var:/var -t -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
|
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -t -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
|
||||||
```
|
```
|
||||||
|
|
||||||
> Note: the tests require either the kubelet or kubectl binary in the path in order to know the Kubernetes version. You can pass `-v $(which kubectl):/usr/bin/kubectl` to the above invocations to resolve this.
|
> Note: the tests require either the kubelet or kubectl binary in the path in order to know the Kubernetes version. You can pass `-v $(which kubectl):/usr/bin/kubectl` to the above invocations to resolve this.
|
||||||
|
Loading…
Reference in New Issue
Block a user