diff --git a/job-ack.yaml b/job-ack.yaml index 08e0914..ecc1819 100644 --- a/job-ack.yaml +++ b/job-ack.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "--benchmark", "ack-1.0", "run", "--targets", "node,policies,managedservices"] + command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "ack-1.0"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-aks.yaml b/job-aks.yaml index 766ae55..329c86b 100644 --- a/job-aks.yaml +++ b/job-aks.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "node", "--benchmark", "aks-1.0"] + command: ["kube-bench", "run", "--targets", "node", "--benchmark", "aks-1.0"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-eks-asff.yaml b/job-eks-asff.yaml index 741e282..ecde08d 100644 --- a/job-eks-asff.yaml +++ b/job-eks-asff.yaml @@ -31,8 +31,9 @@ spec: containers: - name: kube-bench # Push the image to your ECR and then refer to it here - image: - command: ["kube-bench", "node", "--benchmark", "eks-1.0", "--asff"] + # image: + image: aquasec/kube-bench:latest + command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0", "--asff"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-eks.yaml b/job-eks.yaml index 720c428..cbad7f2 100644 --- a/job-eks.yaml +++ b/job-eks.yaml @@ -13,7 +13,7 @@ spec: # image: image: aquasec/kube-bench:latest # To send findings to AWS Security Hub, refer to `job-eks-asff.yaml` instead - command: ["kube-bench", "node", "--benchmark", "eks-1.0"] + command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-gke.yaml b/job-gke.yaml index 7a92c7e..3c38722 100644 --- a/job-gke.yaml +++ b/job-gke.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "--benchmark", "gke-1.0", "run", "--targets", "node,policies,managedservices"] + command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "gke-1.0"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-iks.yaml b/job-iks.yaml index 3d3d072..a67ad40 100644 --- a/job-iks.yaml +++ b/job-iks.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "--version", "1.13", "node"] + command: ["kube-bench", "run", "--targets", "node", "--version", "1.20"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-master.yaml b/job-master.yaml index 55ab698..e3be12b 100644 --- a/job-master.yaml +++ b/job-master.yaml @@ -16,7 +16,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "run", "--targets=master"] + command: ["kube-bench", "run", "--targets", "master"] volumeMounts: - name: var-lib-etcd mountPath: /var/lib/etcd diff --git a/job-node.yaml b/job-node.yaml index a930748..b452317 100644 --- a/job-node.yaml +++ b/job-node.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "run", "--targets=node"] + command: ["kube-bench", "run", "--targets", "node"] volumeMounts: - name: var-lib-etcd mountPath: /var/lib/etcd