mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-22 06:38:06 +00:00
Updated documentation with section on downloading and installing kube-bench on Linux. (#716)
Added section on manually downloading and installing kube-bench
This commit is contained in:
parent
ff0ce661a8
commit
f213918552
53
README.md
53
README.md
@ -36,6 +36,7 @@ Table of Contents
|
|||||||
- [Running on OpenShift](#running-on-openshift)
|
- [Running on OpenShift](#running-on-openshift)
|
||||||
- [Running in an GKE cluster](#running-in-a-gke-cluster)
|
- [Running in an GKE cluster](#running-in-a-gke-cluster)
|
||||||
- [Installing from a container](#installing-from-a-container)
|
- [Installing from a container](#installing-from-a-container)
|
||||||
|
- [Download and Install binaries](#download-and-install-binaries)
|
||||||
- [Installing from sources](#installing-from-sources)
|
- [Installing from sources](#installing-from-sources)
|
||||||
- [Output](#output)
|
- [Output](#output)
|
||||||
- [Configuration](#configuration)
|
- [Configuration](#configuration)
|
||||||
@ -67,10 +68,10 @@ By default, kube-bench will determine the test set to run based on the Kubernete
|
|||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
You can choose to
|
You can choose to
|
||||||
* run kube-bench from inside a container (sharing PID namespace with the host)
|
* Run kube-bench from inside a container (sharing PID namespace with the host). See [Running inside a container](#running-inside-a-container) for additional details.
|
||||||
* run a container that installs kube-bench on the host, and then run kube-bench directly on the host
|
* Run a container that installs kube-bench on the host, and then run kube-bench directly on the host. See [Installing from a container](#installing-from-a-container) for additional details.
|
||||||
* install the latest binaries from the [Releases page](https://github.com/aquasecurity/kube-bench/releases), though please note that you also need to download the config and test files from the `cfg` directory
|
* install the latest binaries from the [Releases page](https://github.com/aquasecurity/kube-bench/releases), though please note that you also need to download the config and test files from the `cfg` directory. See [Download and Install binaries](#download-and-install-binaries) for details.
|
||||||
* compile it from source.
|
* Compile it from source. See [Installing from sources](#installing-from-sources) for details.
|
||||||
|
|
||||||
## Running kube-bench
|
## Running kube-bench
|
||||||
|
|
||||||
@ -268,6 +269,50 @@ docker run --rm -v `pwd`:/host aquasec/kube-bench:latest install
|
|||||||
|
|
||||||
You can then run `./kube-bench [master|node]`.
|
You can then run `./kube-bench [master|node]`.
|
||||||
|
|
||||||
|
### Download and Install binaries
|
||||||
|
|
||||||
|
It is possible to manually install and run kube-bench release binaries. In order to do that, you must have access to your Kubernetes cluster nodes. Note that if you're using one of the managed Kubernetes services (e.g. EKS, AKS, GKE), you will not have access to the master nodes of your cluster and you can’t perform any tests on the master nodes.
|
||||||
|
|
||||||
|
First, log into one of the nodes using SSH.
|
||||||
|
|
||||||
|
Install kube-bench binary for your platform using the commands below. Note that there may be newer releases available. See [releases page](https://github.com/aquasecurity/kube-bench/releases).
|
||||||
|
|
||||||
|
Ubuntu/Debian:
|
||||||
|
|
||||||
|
```
|
||||||
|
curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.3.1/kube-bench_0.3.1_linux_amd64.deb -o kube-bench_0.3.1_linux_amd64.deb
|
||||||
|
|
||||||
|
sudo apt install ./kube-bench_0.3.1_linux_amd64.deb -f
|
||||||
|
```
|
||||||
|
|
||||||
|
RHEL:
|
||||||
|
|
||||||
|
```
|
||||||
|
curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.3.1/kube-bench_0.3.1_linux_amd64.rpm -o kube-bench_0.3.1_linux_amd64.rpm
|
||||||
|
|
||||||
|
sudo yum install kube-bench_0.3.1_linux_amd64.rpm -y
|
||||||
|
```
|
||||||
|
|
||||||
|
Alternatively, you can manually download and extract the kube-bench binary:
|
||||||
|
|
||||||
|
```
|
||||||
|
curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.3.1/kube-bench_0.3.1_linux_amd64.tar.gz -o kube-bench_0.3.1_linux_amd64.tar.gz
|
||||||
|
|
||||||
|
tar -xvf kube-bench_0.3.0_linux_amd64.tar.gz
|
||||||
|
```
|
||||||
|
|
||||||
|
You can then run kube-bench directly:
|
||||||
|
```
|
||||||
|
kube-bench [master|node]
|
||||||
|
```
|
||||||
|
|
||||||
|
If you manually downloaded the kube-bench binary (using curl command above), you have to specify the location of configuration directory and file. For example:
|
||||||
|
```
|
||||||
|
./kube-bench --config-dir `pwd`/cfg --config `pwd`/cfg/config.yaml [master|node]
|
||||||
|
```
|
||||||
|
|
||||||
|
See previous section on [Running kube-bench](#running-kube-bench) for further details on using the kube-bench binary.
|
||||||
|
|
||||||
### Installing from sources
|
### Installing from sources
|
||||||
|
|
||||||
If Go is installed on the target machines, you can simply clone this repository and run as follows (assuming your [`GOPATH` is set](https://github.com/golang/go/wiki/GOPATH)):
|
If Go is installed on the target machines, you can simply clone this repository and run as follows (assuming your [`GOPATH` is set](https://github.com/golang/go/wiki/GOPATH)):
|
||||||
|
Loading…
Reference in New Issue
Block a user