mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-25 09:28:16 +00:00
Script needs to actually install kube-bench & its config!
This commit is contained in:
parent
3ee43235b5
commit
b26b23e573
12
README.md
12
README.md
@ -17,11 +17,15 @@ kube-bench supports the tests for multiple versions of Kubernetes (1.6, 1.7 and
|
|||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
You can either install kube-bench through a dedicated container, install the latest binaries from the [Releases page](https://github.com/aquasecurity/kube-bench/releases), or compile it from source.
|
You can choose to
|
||||||
|
* run kube-bench from inside a container (sharing PID namespace with the host)
|
||||||
|
* run a container that installs kube-bench on the host, and then run kube-bench directly on the host
|
||||||
|
* install the latest binaries from the [Releases page](https://github.com/aquasecurity/kube-bench/releases),
|
||||||
|
* compile it from source.
|
||||||
|
|
||||||
### Running inside a container
|
### Running inside a container
|
||||||
|
|
||||||
You can avoid installing kube-bench entirely by running it inside a container using the host PID namespace.
|
You can avoid installing kube-bench on the host by running it inside a container using the host PID namespace.
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run --pid=host aquasec/kube-bench:latest <master|node>
|
docker run --pid=host aquasec/kube-bench:latest <master|node>
|
||||||
@ -35,12 +39,12 @@ docker run --pid=host -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml
|
|||||||
|
|
||||||
### Installing from a container
|
### Installing from a container
|
||||||
|
|
||||||
If you want to install a pre-built kube-bench, you can copy the kube-bench binary and configuration files to your host from the Docker container:
|
This command copies the kube-bench binary and configuration files to your host from the Docker container:
|
||||||
```
|
```
|
||||||
docker run --rm -v `pwd`:/host aquasec/kube-bench:latest install
|
docker run --rm -v `pwd`:/host aquasec/kube-bench:latest install
|
||||||
```
|
```
|
||||||
|
|
||||||
You can then run `./kube-bench <master|node>`. This should work for any Linux distribution, including Alpine.
|
You can then run `./kube-bench <master|node>`.
|
||||||
|
|
||||||
### Installing from sources
|
### Installing from sources
|
||||||
|
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
if [ "$1" == "install" ]; then
|
if [ "$1" == "install" ]; then
|
||||||
if [ -d /host ]; then
|
if [ -d /host ]; then
|
||||||
mkdir -p /host/cfg/
|
mkdir -p /host/cfg/
|
||||||
yes | cp -rf /cfg/* /host/cfg/
|
yes | cp -rf cfg/* /host/cfg/
|
||||||
yes | cp -rf /kube-bench /host/
|
yes | cp -rf /usr/local/bin/kube-bench /host/
|
||||||
echo "==============================================="
|
echo "==============================================="
|
||||||
echo "kube-bench is now installed on your host "
|
echo "kube-bench is now installed on your host "
|
||||||
echo "Run ./kube-bench to perform a security check "
|
echo "Run ./kube-bench to perform a security check "
|
||||||
|
Loading…
Reference in New Issue
Block a user