1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-29 03:18:27 +00:00

Script needs to actually install kube-bench & its config!

This commit is contained in:
Liz Rice 2018-05-11 15:39:11 +01:00
parent 3ee43235b5
commit b26b23e573
2 changed files with 10 additions and 6 deletions

View File

@ -17,11 +17,15 @@ kube-bench supports the tests for multiple versions of Kubernetes (1.6, 1.7 and
## Installation ## Installation
You can either install kube-bench through a dedicated container, install the latest binaries from the [Releases page](https://github.com/aquasecurity/kube-bench/releases), or compile it from source. You can choose to
* run kube-bench from inside a container (sharing PID namespace with the host)
* run a container that installs kube-bench on the host, and then run kube-bench directly on the host
* install the latest binaries from the [Releases page](https://github.com/aquasecurity/kube-bench/releases),
* compile it from source.
### Running inside a container ### Running inside a container
You can avoid installing kube-bench entirely by running it inside a container using the host PID namespace. You can avoid installing kube-bench on the host by running it inside a container using the host PID namespace.
``` ```
docker run --pid=host aquasec/kube-bench:latest <master|node> docker run --pid=host aquasec/kube-bench:latest <master|node>
@ -35,12 +39,12 @@ docker run --pid=host -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml
### Installing from a container ### Installing from a container
If you want to install a pre-built kube-bench, you can copy the kube-bench binary and configuration files to your host from the Docker container: This command copies the kube-bench binary and configuration files to your host from the Docker container:
``` ```
docker run --rm -v `pwd`:/host aquasec/kube-bench:latest install docker run --rm -v `pwd`:/host aquasec/kube-bench:latest install
``` ```
You can then run `./kube-bench <master|node>`. This should work for any Linux distribution, including Alpine. You can then run `./kube-bench <master|node>`.
### Installing from sources ### Installing from sources

View File

@ -2,8 +2,8 @@
if [ "$1" == "install" ]; then if [ "$1" == "install" ]; then
if [ -d /host ]; then if [ -d /host ]; then
mkdir -p /host/cfg/ mkdir -p /host/cfg/
yes | cp -rf /cfg/* /host/cfg/ yes | cp -rf cfg/* /host/cfg/
yes | cp -rf /kube-bench /host/ yes | cp -rf /usr/local/bin/kube-bench /host/
echo "===============================================" echo "==============================================="
echo "kube-bench is now installed on your host " echo "kube-bench is now installed on your host "
echo "Run ./kube-bench to perform a security check " echo "Run ./kube-bench to perform a security check "