1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-25 01:18:12 +00:00

K8s Job Command Clean (#923)

* Update commands

* oopsy on run command

* update reference version for iks to be 120

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
This commit is contained in:
Nick 2021-07-07 16:21:30 +01:00 committed by GitHub
parent 016d67bade
commit cb7ee765a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 10 additions and 9 deletions

View File

@ -10,7 +10,7 @@ spec:
containers: containers:
- name: kube-bench - name: kube-bench
image: aquasec/kube-bench:latest image: aquasec/kube-bench:latest
command: ["kube-bench", "--benchmark", "ack-1.0", "run", "--targets", "node,policies,managedservices"] command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "ack-1.0"]
volumeMounts: volumeMounts:
- name: var-lib-kubelet - name: var-lib-kubelet
mountPath: /var/lib/kubelet mountPath: /var/lib/kubelet

View File

@ -10,7 +10,7 @@ spec:
containers: containers:
- name: kube-bench - name: kube-bench
image: aquasec/kube-bench:latest image: aquasec/kube-bench:latest
command: ["kube-bench", "node", "--benchmark", "aks-1.0"] command: ["kube-bench", "run", "--targets", "node", "--benchmark", "aks-1.0"]
volumeMounts: volumeMounts:
- name: var-lib-kubelet - name: var-lib-kubelet
mountPath: /var/lib/kubelet mountPath: /var/lib/kubelet

View File

@ -31,8 +31,9 @@ spec:
containers: containers:
- name: kube-bench - name: kube-bench
# Push the image to your ECR and then refer to it here # Push the image to your ECR and then refer to it here
image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref> # image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
command: ["kube-bench", "node", "--benchmark", "eks-1.0", "--asff"] image: aquasec/kube-bench:latest
command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0", "--asff"]
volumeMounts: volumeMounts:
- name: var-lib-kubelet - name: var-lib-kubelet
mountPath: /var/lib/kubelet mountPath: /var/lib/kubelet

View File

@ -13,7 +13,7 @@ spec:
# image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref> # image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
image: aquasec/kube-bench:latest image: aquasec/kube-bench:latest
# To send findings to AWS Security Hub, refer to `job-eks-asff.yaml` instead # To send findings to AWS Security Hub, refer to `job-eks-asff.yaml` instead
command: ["kube-bench", "node", "--benchmark", "eks-1.0"] command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0"]
volumeMounts: volumeMounts:
- name: var-lib-kubelet - name: var-lib-kubelet
mountPath: /var/lib/kubelet mountPath: /var/lib/kubelet

View File

@ -10,7 +10,7 @@ spec:
containers: containers:
- name: kube-bench - name: kube-bench
image: aquasec/kube-bench:latest image: aquasec/kube-bench:latest
command: ["kube-bench", "--benchmark", "gke-1.0", "run", "--targets", "node,policies,managedservices"] command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "gke-1.0"]
volumeMounts: volumeMounts:
- name: var-lib-kubelet - name: var-lib-kubelet
mountPath: /var/lib/kubelet mountPath: /var/lib/kubelet

View File

@ -10,7 +10,7 @@ spec:
containers: containers:
- name: kube-bench - name: kube-bench
image: aquasec/kube-bench:latest image: aquasec/kube-bench:latest
command: ["kube-bench", "--version", "1.13", "node"] command: ["kube-bench", "run", "--targets", "node", "--version", "1.20"]
volumeMounts: volumeMounts:
- name: var-lib-kubelet - name: var-lib-kubelet
mountPath: /var/lib/kubelet mountPath: /var/lib/kubelet

View File

@ -16,7 +16,7 @@ spec:
containers: containers:
- name: kube-bench - name: kube-bench
image: aquasec/kube-bench:latest image: aquasec/kube-bench:latest
command: ["kube-bench", "run", "--targets=master"] command: ["kube-bench", "run", "--targets", "master"]
volumeMounts: volumeMounts:
- name: var-lib-etcd - name: var-lib-etcd
mountPath: /var/lib/etcd mountPath: /var/lib/etcd

View File

@ -10,7 +10,7 @@ spec:
containers: containers:
- name: kube-bench - name: kube-bench
image: aquasec/kube-bench:latest image: aquasec/kube-bench:latest
command: ["kube-bench", "run", "--targets=node"] command: ["kube-bench", "run", "--targets", "node"]
volumeMounts: volumeMounts:
- name: var-lib-etcd - name: var-lib-etcd
mountPath: /var/lib/etcd mountPath: /var/lib/etcd