mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-22 14:48:07 +00:00
Add instruction for running kube-bench against a kubernetes cluster.
#218
This commit is contained in:
parent
609335510a
commit
b4b3ebe99c
13
README.md
13
README.md
@ -37,6 +37,19 @@ You can even use your own configs by mounting them over the default ones in `/op
|
||||
docker run --pid=host -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
|
||||
```
|
||||
|
||||
### Running in a kubernetes cluster
|
||||
Run the master check
|
||||
|
||||
```
|
||||
kubectl run --rm -i -t kube-bench-master --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true, \"nodeSelector\": { \"kubernetes.io/role\": \"master\" }, \"tolerations\": [ { \"key\": \"node-role.kubernetes.io/master\", \"operator\": \"Exists\", \"effect\": \"NoSchedule\" } ] } }" -- master --version 1.8
|
||||
```
|
||||
|
||||
Run the node check
|
||||
|
||||
```
|
||||
kubectl run --rm -i -t kube-bench-node --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true } }" -- node --version 1.8
|
||||
```
|
||||
|
||||
### Installing from a container
|
||||
|
||||
This command copies the kube-bench binary and configuration files to your host from the Docker container:
|
||||
|
Loading…
Reference in New Issue
Block a user