mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-24 17:08:14 +00:00
job.yaml: Adding /var/lib/cni mounts for proper CIS 1.1.9 and 1.1.0 checking (#1547)
Signed-off-by: Andrey Polovov <andrey.polovov@flant.com> Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com> Co-authored-by: Andrey Pavlov <andrey.pavlov@flant.com> Co-authored-by: chenk <hen.keinan@gmail.com>
This commit is contained in:
parent
30217061ac
commit
faeceb5dfa
@ -29,6 +29,9 @@ spec:
|
|||||||
image: docker.io/aquasec/kube-bench:latest
|
image: docker.io/aquasec/kube-bench:latest
|
||||||
command: ["kube-bench", "run", "--targets", "master"]
|
command: ["kube-bench", "run", "--targets", "master"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: var-lib-cni
|
||||||
|
mountPath: /var/lib/cni
|
||||||
|
readOnly: true
|
||||||
- name: var-lib-etcd
|
- name: var-lib-etcd
|
||||||
mountPath: /var/lib/etcd
|
mountPath: /var/lib/etcd
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@ -72,6 +75,9 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: var-lib-cni
|
||||||
|
hostPath:
|
||||||
|
path: "/var/lib/cni"
|
||||||
- name: var-lib-etcd
|
- name: var-lib-etcd
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "/var/lib/etcd"
|
path: "/var/lib/etcd"
|
||||||
|
@ -12,6 +12,9 @@ spec:
|
|||||||
image: docker.io/aquasec/kube-bench:latest
|
image: docker.io/aquasec/kube-bench:latest
|
||||||
command: ["kube-bench", "run", "--targets", "node"]
|
command: ["kube-bench", "run", "--targets", "node"]
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: var-lib-cni
|
||||||
|
mountPath: /var/lib/cni
|
||||||
|
readOnly: true
|
||||||
- name: var-lib-etcd
|
- name: var-lib-etcd
|
||||||
mountPath: /var/lib/etcd
|
mountPath: /var/lib/etcd
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@ -49,6 +52,9 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: var-lib-cni
|
||||||
|
hostPath:
|
||||||
|
path: "/var/lib/cni"
|
||||||
- name: var-lib-etcd
|
- name: var-lib-etcd
|
||||||
hostPath:
|
hostPath:
|
||||||
path: "/var/lib/etcd"
|
path: "/var/lib/etcd"
|
||||||
|
6
job.yaml
6
job.yaml
@ -14,6 +14,9 @@ spec:
|
|||||||
image: docker.io/aquasec/kube-bench:v0.7.1
|
image: docker.io/aquasec/kube-bench:v0.7.1
|
||||||
name: kube-bench
|
name: kube-bench
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: var-lib-cni
|
||||||
|
mountPath: /var/lib/cni
|
||||||
|
readOnly: true
|
||||||
- mountPath: /var/lib/etcd
|
- mountPath: /var/lib/etcd
|
||||||
name: var-lib-etcd
|
name: var-lib-etcd
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@ -50,6 +53,9 @@ spec:
|
|||||||
hostPID: true
|
hostPID: true
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: var-lib-cni
|
||||||
|
hostPath:
|
||||||
|
path: /var/lib/cni
|
||||||
- hostPath:
|
- hostPath:
|
||||||
path: /var/lib/etcd
|
path: /var/lib/etcd
|
||||||
name: var-lib-etcd
|
name: var-lib-etcd
|
||||||
|
Loading…
Reference in New Issue
Block a user