diff --git a/job-master.yaml b/job-master.yaml index 34f24f2..4df64d3 100644 --- a/job-master.yaml +++ b/job-master.yaml @@ -29,6 +29,9 @@ spec: image: docker.io/aquasec/kube-bench:latest command: ["kube-bench", "run", "--targets", "master"] volumeMounts: + - name: var-lib-cni + mountPath: /var/lib/cni + readOnly: true - name: var-lib-etcd mountPath: /var/lib/etcd readOnly: true @@ -72,6 +75,9 @@ spec: readOnly: true restartPolicy: Never volumes: + - name: var-lib-cni + hostPath: + path: "/var/lib/cni" - name: var-lib-etcd hostPath: path: "/var/lib/etcd" diff --git a/job-node.yaml b/job-node.yaml index 0e6f9a9..1aa7023 100644 --- a/job-node.yaml +++ b/job-node.yaml @@ -12,6 +12,9 @@ spec: image: docker.io/aquasec/kube-bench:latest command: ["kube-bench", "run", "--targets", "node"] volumeMounts: + - name: var-lib-cni + mountPath: /var/lib/cni + readOnly: true - name: var-lib-etcd mountPath: /var/lib/etcd readOnly: true @@ -49,6 +52,9 @@ spec: readOnly: true restartPolicy: Never volumes: + - name: var-lib-cni + hostPath: + path: "/var/lib/cni" - name: var-lib-etcd hostPath: path: "/var/lib/etcd" diff --git a/job.yaml b/job.yaml index 95654ac..049f305 100644 --- a/job.yaml +++ b/job.yaml @@ -14,6 +14,9 @@ spec: image: docker.io/aquasec/kube-bench:v0.7.1 name: kube-bench volumeMounts: + - name: var-lib-cni + mountPath: /var/lib/cni + readOnly: true - mountPath: /var/lib/etcd name: var-lib-etcd readOnly: true @@ -50,6 +53,9 @@ spec: hostPID: true restartPolicy: Never volumes: + - name: var-lib-cni + hostPath: + path: /var/lib/cni - hostPath: path: /var/lib/etcd name: var-lib-etcd