mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-22 16:18:07 +00:00
read config files from host /etc
I don't see how kube-bench can check the permissions on files unless it has access to them on the host, so I think we need to be mounting the /etc directory from the host
This commit is contained in:
parent
5fe702edbe
commit
ba9985047c
@ -25,16 +25,16 @@ You can choose to
|
|||||||
|
|
||||||
### Running inside a container
|
### Running inside a container
|
||||||
|
|
||||||
You can avoid installing kube-bench on the host by running it inside a container using the host PID namespace.
|
You can avoid installing kube-bench on the host by running it inside a container using the host PID namespace and mounting the `/etc` directory where the configuration files are located .
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run --pid=host -t aquasec/kube-bench:latest <master|node>
|
docker run --pid=host -v /etc:/etc -t aquasec/kube-bench:latest <master|node>
|
||||||
```
|
```
|
||||||
|
|
||||||
You can even use your own configs by mounting them over the default ones in `/opt/kube-bench/cfg/`
|
You can even use your own configs by mounting them over the default ones in `/opt/kube-bench/cfg/`
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run --pid=host -t -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
|
docker run --pid=host -v /etc:/etc -t -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
|
||||||
```
|
```
|
||||||
|
|
||||||
> Note: the tests require either the kubelet or kubectl binary in the path in order to know the Kubernetes version. You can pass `-v $(which kubectl):/usr/bin/kubectl` to the above invocations to resolve this.
|
> Note: the tests require either the kubelet or kubectl binary in the path in order to know the Kubernetes version. You can pass `-v $(which kubectl):/usr/bin/kubectl` to the above invocations to resolve this.
|
||||||
|
Loading…
Reference in New Issue
Block a user