mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-11-23 00:28:07 +00:00
5baf81a70a
The root command will run node checks and if possible master checks. I've also added some Makefile targets to improve local testing and improve the documentation.
47 lines
1.2 KiB
YAML
47 lines
1.2 KiB
YAML
# use this pod with: kubectl run ubuntu -it --pid=host -- /bin/bash
|
|
# this allows you to debug what is running on the host.
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: ubuntu
|
|
spec:
|
|
hostPID: true
|
|
containers:
|
|
- name: ubuntu
|
|
image: ubuntu
|
|
command: [ "/bin/bash", "-c", "--" ]
|
|
args: [ "while true; do sleep 30; done;" ]
|
|
volumeMounts:
|
|
- name: var-lib-kubelet
|
|
mountPath: /var/lib/kubelet
|
|
- name: etc-systemd
|
|
mountPath: /etc/systemd
|
|
- name: etc-kubernetes
|
|
mountPath: /etc/kubernetes
|
|
# /usr/bin is mounted to access kubectl / kubelet, for auto-detecting the Kubernetes version.
|
|
# You can omit this mount if you specify --version as part of the command.
|
|
- name: usr-bin
|
|
mountPath: /usr/bin
|
|
- name: kind-bin
|
|
mountPath: /kind/bin
|
|
resources:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "500m"
|
|
volumes:
|
|
- name: var-lib-kubelet
|
|
hostPath:
|
|
path: "/var/lib/kubelet"
|
|
- name: etc-systemd
|
|
hostPath:
|
|
path: "/etc/systemd"
|
|
- name: etc-kubernetes
|
|
hostPath:
|
|
path: "/etc/kubernetes"
|
|
- name: usr-bin
|
|
hostPath:
|
|
path: "/usr/bin"
|
|
- name: kind-bin
|
|
hostPath:
|
|
path: "/kind/bin"
|