github/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2026-02-14 18:10:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

job.yaml: Adding /var/lib/cni mounts for proper CIS 1.1.9 and 1.1.0 checking (#1547)

Browse Source 
Signed-off-by: Andrey Polovov <andrey.polovov@flant.com>
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
Co-authored-by: Andrey Pavlov <andrey.pavlov@flant.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
This commit is contained in:
Andrey Polovov
2024-02-11 12:23:17 +03:00
committed by GitHub
parent 30217061ac
commit faeceb5dfa
3 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
job-master.yaml
View File

@@ -29,6 +29,9 @@ spec:
image: docker.io/aquasec/kube-bench:latest image: docker.io/aquasec/kube-bench:latest
command: ["kube-bench", "run", "--targets", "master"] command: ["kube-bench", "run", "--targets", "master"]
volumeMounts: volumeMounts:
- name: var-lib-cni
mountPath: /var/lib/cni
readOnly: true
- name: var-lib-etcd - name: var-lib-etcd
mountPath: /var/lib/etcd mountPath: /var/lib/etcd
readOnly: true readOnly: true
@@ -72,6 +75,9 @@ spec:
readOnly: true readOnly: true
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: var-lib-cni
hostPath:
path: "/var/lib/cni"
- name: var-lib-etcd - name: var-lib-etcd
hostPath: hostPath:
path: "/var/lib/etcd" path: "/var/lib/etcd"

6
job-node.yaml
View File

@@ -12,6 +12,9 @@ spec:
image: docker.io/aquasec/kube-bench:latest image: docker.io/aquasec/kube-bench:latest
command: ["kube-bench", "run", "--targets", "node"] command: ["kube-bench", "run", "--targets", "node"]
volumeMounts: volumeMounts:
- name: var-lib-cni
mountPath: /var/lib/cni
readOnly: true
- name: var-lib-etcd - name: var-lib-etcd
mountPath: /var/lib/etcd mountPath: /var/lib/etcd
readOnly: true readOnly: true
@@ -49,6 +52,9 @@ spec:
readOnly: true readOnly: true
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: var-lib-cni
hostPath:
path: "/var/lib/cni"
- name: var-lib-etcd - name: var-lib-etcd
hostPath: hostPath:
path: "/var/lib/etcd" path: "/var/lib/etcd"

6
job.yaml
View File

@@ -14,6 +14,9 @@ spec:
image: docker.io/aquasec/kube-bench:v0.7.1 image: docker.io/aquasec/kube-bench:v0.7.1
name: kube-bench name: kube-bench
volumeMounts: volumeMounts:
- name: var-lib-cni
mountPath: /var/lib/cni
readOnly: true
- mountPath: /var/lib/etcd - mountPath: /var/lib/etcd
name: var-lib-etcd name: var-lib-etcd
readOnly: true readOnly: true
@@ -50,6 +53,9 @@ spec:
hostPID: true hostPID: true
restartPolicy: Never restartPolicy: Never
volumes: volumes:
- name: var-lib-cni
hostPath:
path: /var/lib/cni
- hostPath: - hostPath:
path: /var/lib/etcd path: /var/lib/etcd
name: var-lib-etcd name: var-lib-etcd