mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2026-02-14 10:00:14 +00:00
Set all host-mounted volumes to be read-only. (#569)
By setting all host-mounted volumes to be read-only we reduce the likelihood any host filesystem is modified by running kube-bench.
This commit is contained in:
Nick Smith
committed by
Roberto Rojas
Roberto Rojas
parent
037bb14729
commit
77f66511e7
@@ -14,10 +14,13 @@ spec:
|
||||
volumeMounts:
|
||||
- name: var-lib-kubelet
|
||||
mountPath: /var/lib/kubelet
|
||||
readOnly: true
|
||||
- name: etc-systemd
|
||||
mountPath: /etc/systemd
|
||||
readOnly: true
|
||||
- name: etc-kubernetes
|
||||
mountPath: /etc/kubernetes
|
||||
readOnly: true
|
||||
restartPolicy: Never
|
||||
volumes:
|
||||
- name: var-lib-kubelet
|
||||
|
||||
Reference in New Issue
Block a user