From b4b3ebe99cdb7700d79c6e44388da3a987d1489a Mon Sep 17 00:00:00 2001 From: Abubakr-Sadik Nii Nai Davis Date: Tue, 15 May 2018 04:40:41 +0000 Subject: [PATCH] Add instruction for running kube-bench against a kubernetes cluster. #218 --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index ac9ebae..43e0e02 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,19 @@ You can even use your own configs by mounting them over the default ones in `/op docker run --pid=host -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest ``` +### Running in a kubernetes cluster +Run the master check + +``` +kubectl run --rm -i -t kube-bench-master --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true, \"nodeSelector\": { \"kubernetes.io/role\": \"master\" }, \"tolerations\": [ { \"key\": \"node-role.kubernetes.io/master\", \"operator\": \"Exists\", \"effect\": \"NoSchedule\" } ] } }" -- master --version 1.8 +``` + +Run the node check + +``` +kubectl run --rm -i -t kube-bench-node --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true } }" -- node --version 1.8 +``` + ### Installing from a container This command copies the kube-bench binary and configuration files to your host from the Docker container: