1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-21 14:18:06 +00:00

job.yaml: Adding /var/lib/cni mounts for proper CIS 1.1.9 and 1.1.0 checking (#1547)

Signed-off-by: Andrey Polovov <andrey.polovov@flant.com>
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
Co-authored-by: Andrey Pavlov <andrey.pavlov@flant.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
This commit is contained in:
Andrey Polovov 2024-02-11 12:23:17 +03:00 committed by GitHub
parent 30217061ac
commit faeceb5dfa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 18 additions and 0 deletions

View File

@ -29,6 +29,9 @@ spec:
image: docker.io/aquasec/kube-bench:latest
command: ["kube-bench", "run", "--targets", "master"]
volumeMounts:
- name: var-lib-cni
mountPath: /var/lib/cni
readOnly: true
- name: var-lib-etcd
mountPath: /var/lib/etcd
readOnly: true
@ -72,6 +75,9 @@ spec:
readOnly: true
restartPolicy: Never
volumes:
- name: var-lib-cni
hostPath:
path: "/var/lib/cni"
- name: var-lib-etcd
hostPath:
path: "/var/lib/etcd"

View File

@ -12,6 +12,9 @@ spec:
image: docker.io/aquasec/kube-bench:latest
command: ["kube-bench", "run", "--targets", "node"]
volumeMounts:
- name: var-lib-cni
mountPath: /var/lib/cni
readOnly: true
- name: var-lib-etcd
mountPath: /var/lib/etcd
readOnly: true
@ -49,6 +52,9 @@ spec:
readOnly: true
restartPolicy: Never
volumes:
- name: var-lib-cni
hostPath:
path: "/var/lib/cni"
- name: var-lib-etcd
hostPath:
path: "/var/lib/etcd"

View File

@ -14,6 +14,9 @@ spec:
image: docker.io/aquasec/kube-bench:v0.7.1
name: kube-bench
volumeMounts:
- name: var-lib-cni
mountPath: /var/lib/cni
readOnly: true
- mountPath: /var/lib/etcd
name: var-lib-etcd
readOnly: true
@ -50,6 +53,9 @@ spec:
hostPID: true
restartPolicy: Never
volumes:
- name: var-lib-cni
hostPath:
path: /var/lib/cni
- hostPath:
path: /var/lib/etcd
name: var-lib-etcd