mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-22 08:08:07 +00:00
K8s Job Command Clean (#923)
* Update commands * oopsy on run command * update reference version for iks to be 120 Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
This commit is contained in:
parent
016d67bade
commit
cb7ee765a3
@ -10,7 +10,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: kube-bench
|
- name: kube-bench
|
||||||
image: aquasec/kube-bench:latest
|
image: aquasec/kube-bench:latest
|
||||||
command: ["kube-bench", "--benchmark", "ack-1.0", "run", "--targets", "node,policies,managedservices"]
|
command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "ack-1.0"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-kubelet
|
- name: var-lib-kubelet
|
||||||
mountPath: /var/lib/kubelet
|
mountPath: /var/lib/kubelet
|
||||||
|
@ -10,7 +10,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: kube-bench
|
- name: kube-bench
|
||||||
image: aquasec/kube-bench:latest
|
image: aquasec/kube-bench:latest
|
||||||
command: ["kube-bench", "node", "--benchmark", "aks-1.0"]
|
command: ["kube-bench", "run", "--targets", "node", "--benchmark", "aks-1.0"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-kubelet
|
- name: var-lib-kubelet
|
||||||
mountPath: /var/lib/kubelet
|
mountPath: /var/lib/kubelet
|
||||||
|
@ -31,8 +31,9 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: kube-bench
|
- name: kube-bench
|
||||||
# Push the image to your ECR and then refer to it here
|
# Push the image to your ECR and then refer to it here
|
||||||
image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
|
# image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
|
||||||
command: ["kube-bench", "node", "--benchmark", "eks-1.0", "--asff"]
|
image: aquasec/kube-bench:latest
|
||||||
|
command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0", "--asff"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-kubelet
|
- name: var-lib-kubelet
|
||||||
mountPath: /var/lib/kubelet
|
mountPath: /var/lib/kubelet
|
||||||
|
@ -13,7 +13,7 @@ spec:
|
|||||||
# image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
|
# image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
|
||||||
image: aquasec/kube-bench:latest
|
image: aquasec/kube-bench:latest
|
||||||
# To send findings to AWS Security Hub, refer to `job-eks-asff.yaml` instead
|
# To send findings to AWS Security Hub, refer to `job-eks-asff.yaml` instead
|
||||||
command: ["kube-bench", "node", "--benchmark", "eks-1.0"]
|
command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-kubelet
|
- name: var-lib-kubelet
|
||||||
mountPath: /var/lib/kubelet
|
mountPath: /var/lib/kubelet
|
||||||
|
@ -10,7 +10,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: kube-bench
|
- name: kube-bench
|
||||||
image: aquasec/kube-bench:latest
|
image: aquasec/kube-bench:latest
|
||||||
command: ["kube-bench", "--benchmark", "gke-1.0", "run", "--targets", "node,policies,managedservices"]
|
command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "gke-1.0"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-kubelet
|
- name: var-lib-kubelet
|
||||||
mountPath: /var/lib/kubelet
|
mountPath: /var/lib/kubelet
|
||||||
|
@ -10,7 +10,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: kube-bench
|
- name: kube-bench
|
||||||
image: aquasec/kube-bench:latest
|
image: aquasec/kube-bench:latest
|
||||||
command: ["kube-bench", "--version", "1.13", "node"]
|
command: ["kube-bench", "run", "--targets", "node", "--version", "1.20"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-kubelet
|
- name: var-lib-kubelet
|
||||||
mountPath: /var/lib/kubelet
|
mountPath: /var/lib/kubelet
|
||||||
|
@ -16,7 +16,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: kube-bench
|
- name: kube-bench
|
||||||
image: aquasec/kube-bench:latest
|
image: aquasec/kube-bench:latest
|
||||||
command: ["kube-bench", "run", "--targets=master"]
|
command: ["kube-bench", "run", "--targets", "master"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-etcd
|
- name: var-lib-etcd
|
||||||
mountPath: /var/lib/etcd
|
mountPath: /var/lib/etcd
|
||||||
|
@ -10,7 +10,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- name: kube-bench
|
- name: kube-bench
|
||||||
image: aquasec/kube-bench:latest
|
image: aquasec/kube-bench:latest
|
||||||
command: ["kube-bench", "run", "--targets=node"]
|
command: ["kube-bench", "run", "--targets", "node"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: var-lib-etcd
|
- name: var-lib-etcd
|
||||||
mountPath: /var/lib/etcd
|
mountPath: /var/lib/etcd
|
||||||
|
Loading…
Reference in New Issue
Block a user