Merge pull request #187 from martinmosegaard/doc-kubectl-host-pid

Document limitation of running with kubectl
5 years ago · f6cab11357
parent 313fe038f6 9f2899027e
commit f6cab11357
1 changed files with 2 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -46,6 +46,8 @@ Run the master check
 kubectl run --rm -i -t kube-bench-master --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true, \"nodeSelector\": { \"node-role.kubernetes.io/master\": \"\" }, \"tolerations\": [ { \"key\": \"node-role.kubernetes.io/master\", \"operator\": \"Exists\", \"effect\": \"NoSchedule\" } ] } }" -- master --version 1.11
 ```

+Notice that this requires access to the host PID namespace. Thus it will not work if the recommendation to enable the admission plugin DenyEscalatingExec in the API Server has been implemented. You will see an error message about failing to attach to a container using host PID.
+
 Run the node check

 ```