1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-29 11:28:14 +00:00

Merge pull request #190 from Congelli501/patch-2

Advise the use to mount /etc & /var read only for docker usage
This commit is contained in:
Liz Rice 2019-01-02 10:29:58 +00:00 committed by GitHub
commit bfdd921f3d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -28,13 +28,13 @@ You can choose to
You can avoid installing kube-bench on the host by running it inside a container using the host PID namespace and mounting the `/etc` and `/var` directories where the configuration and other files are located on the host, so that kube-bench can check their existence and permissions.
```
docker run --pid=host -v /etc:/etc -v /var:/var -t aquasec/kube-bench:latest <master|node>
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -t aquasec/kube-bench:latest <master|node>
```
You can even use your own configs by mounting them over the default ones in `/opt/kube-bench/cfg/`
```
docker run --pid=host -v /etc:/etc -v /var:/var -t -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -t -v path/to/my-config.yaml:/opt/kube-bench/cfg/config.yaml aquasec/kube-bench:latest <master|node>
```
> Note: the tests require either the kubelet or kubectl binary in the path in order to know the Kubernetes version. You can pass `-v $(which kubectl):/usr/bin/kubectl` to the above invocations to resolve this.