From cb7ee765a3a709198ccbab959988db59d77d31d1 Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 7 Jul 2021 16:21:30 +0100 Subject: [PATCH] K8s Job Command Clean (#923) * Update commands * oopsy on run command * update reference version for iks to be 120 Co-authored-by: Yoav Rotem --- job-ack.yaml | 2 +- job-aks.yaml | 2 +- job-eks-asff.yaml | 5 +++-- job-eks.yaml | 2 +- job-gke.yaml | 2 +- job-iks.yaml | 2 +- job-master.yaml | 2 +- job-node.yaml | 2 +- 8 files changed, 10 insertions(+), 9 deletions(-) diff --git a/job-ack.yaml b/job-ack.yaml index 08e0914..ecc1819 100644 --- a/job-ack.yaml +++ b/job-ack.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "--benchmark", "ack-1.0", "run", "--targets", "node,policies,managedservices"] + command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "ack-1.0"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-aks.yaml b/job-aks.yaml index 766ae55..329c86b 100644 --- a/job-aks.yaml +++ b/job-aks.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "node", "--benchmark", "aks-1.0"] + command: ["kube-bench", "run", "--targets", "node", "--benchmark", "aks-1.0"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-eks-asff.yaml b/job-eks-asff.yaml index 741e282..ecde08d 100644 --- a/job-eks-asff.yaml +++ b/job-eks-asff.yaml @@ -31,8 +31,9 @@ spec: containers: - name: kube-bench # Push the image to your ECR and then refer to it here - image: - command: ["kube-bench", "node", "--benchmark", "eks-1.0", "--asff"] + # image: + image: aquasec/kube-bench:latest + command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0", "--asff"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-eks.yaml b/job-eks.yaml index 720c428..cbad7f2 100644 --- a/job-eks.yaml +++ b/job-eks.yaml @@ -13,7 +13,7 @@ spec: # image: image: aquasec/kube-bench:latest # To send findings to AWS Security Hub, refer to `job-eks-asff.yaml` instead - command: ["kube-bench", "node", "--benchmark", "eks-1.0"] + command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-gke.yaml b/job-gke.yaml index 7a92c7e..3c38722 100644 --- a/job-gke.yaml +++ b/job-gke.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "--benchmark", "gke-1.0", "run", "--targets", "node,policies,managedservices"] + command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "gke-1.0"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-iks.yaml b/job-iks.yaml index 3d3d072..a67ad40 100644 --- a/job-iks.yaml +++ b/job-iks.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "--version", "1.13", "node"] + command: ["kube-bench", "run", "--targets", "node", "--version", "1.20"] volumeMounts: - name: var-lib-kubelet mountPath: /var/lib/kubelet diff --git a/job-master.yaml b/job-master.yaml index 55ab698..e3be12b 100644 --- a/job-master.yaml +++ b/job-master.yaml @@ -16,7 +16,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "run", "--targets=master"] + command: ["kube-bench", "run", "--targets", "master"] volumeMounts: - name: var-lib-etcd mountPath: /var/lib/etcd diff --git a/job-node.yaml b/job-node.yaml index a930748..b452317 100644 --- a/job-node.yaml +++ b/job-node.yaml @@ -10,7 +10,7 @@ spec: containers: - name: kube-bench image: aquasec/kube-bench:latest - command: ["kube-bench", "run", "--targets=node"] + command: ["kube-bench", "run", "--targets", "node"] volumeMounts: - name: var-lib-etcd mountPath: /var/lib/etcd