Add instruction for running kube-bench against a kubernetes cluster.

#218
2024-11-22 08:08:07 +00:00 · 2018-05-15 04:40:41 +00:00 · 2018-05-15 04:40:41 +00:00 · b4b3ebe99c
commit b4b3ebe99c
parent 609335510a
1 changed files with 13 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -37,6 +37,19 @@ You can even use your own configs by mounting them over the default ones in `/op
 docker run --pid=host -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
 ```

+### Running in a kubernetes cluster
+Run the master check
+
+```
+kubectl run --rm -i -t kube-bench-master --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true, \"nodeSelector\": { \"kubernetes.io/role\": \"master\" }, \"tolerations\": [ { \"key\": \"node-role.kubernetes.io/master\", \"operator\": \"Exists\", \"effect\": \"NoSchedule\" } ] } }" -- master --version 1.8
+```
+
+Run the node check
+
+```
+kubectl run --rm -i -t kube-bench-node --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true } }" -- node --version 1.8
+```
+
 ### Installing from a container

 This command copies the kube-bench binary and configuration files to your host from the Docker container: