diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2022-10-06 14:46:19 +0200 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2022-10-06 14:46:19 +0200 |
commit | 5926e9d259cf7f0c620aaa18aa2dc55a4c0208f5 (patch) | |
tree | e557e4a2501ccd555ec66d8dd520b145dd0729ff /functest_kubernetes/security/kube-bench-node.yaml | |
parent | b6a032ea6bdd5e467dd77bad3594a60bc941a592 (diff) |
Update kube bench test cases to latest dev
Change-Id: I6edcfcced84d46a06933f4a5dc1702cfa90e3f9a
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Diffstat (limited to 'functest_kubernetes/security/kube-bench-node.yaml')
-rw-r--r-- | functest_kubernetes/security/kube-bench-node.yaml | 46 |
1 files changed, 44 insertions, 2 deletions
diff --git a/functest_kubernetes/security/kube-bench-node.yaml b/functest_kubernetes/security/kube-bench-node.yaml index 95929774..03d428ad 100644 --- a/functest_kubernetes/security/kube-bench-node.yaml +++ b/functest_kubernetes/security/kube-bench-node.yaml @@ -9,15 +9,30 @@ spec: hostPID: true containers: - name: kube-bench - image: {{ dockerhub_repo }}/aquasec/kube-bench:0.3.1 - command: ["kube-bench", "node", "--json"] + image: {{ dockerhub_repo }}/aquasec/kube-bench:latest + command: ["kube-bench", "run", "--targets", "node", "--json"] volumeMounts: + - name: var-lib-etcd + mountPath: /var/lib/etcd + readOnly: true - name: var-lib-kubelet mountPath: /var/lib/kubelet readOnly: true + - name: var-lib-kube-scheduler + mountPath: /var/lib/kube-scheduler + readOnly: true + - name: var-lib-kube-controller-manager + mountPath: /var/lib/kube-controller-manager + readOnly: true - name: etc-systemd mountPath: /etc/systemd readOnly: true + - name: lib-systemd + mountPath: /lib/systemd/ + readOnly: true + - name: srv-kubernetes + mountPath: /srv/kubernetes/ + readOnly: true - name: etc-kubernetes mountPath: /etc/kubernetes readOnly: true @@ -26,17 +41,44 @@ spec: - name: usr-bin mountPath: /usr/local/mount-from-host/bin readOnly: true + - name: etc-cni-netd + mountPath: /etc/cni/net.d/ + readOnly: true + - name: opt-cni-bin + mountPath: /opt/cni/bin/ + readOnly: true restartPolicy: Never volumes: + - name: var-lib-etcd + hostPath: + path: "/var/lib/etcd" - name: var-lib-kubelet hostPath: path: "/var/lib/kubelet" + - name: var-lib-kube-scheduler + hostPath: + path: "/var/lib/kube-scheduler" + - name: var-lib-kube-controller-manager + hostPath: + path: "/var/lib/kube-controller-manager" - name: etc-systemd hostPath: path: "/etc/systemd" + - name: lib-systemd + hostPath: + path: "/lib/systemd" + - name: srv-kubernetes + hostPath: + path: "/srv/kubernetes" - name: etc-kubernetes hostPath: path: "/etc/kubernetes" - name: usr-bin hostPath: path: "/usr/bin" + - name: etc-cni-netd + hostPath: + path: "/etc/cni/net.d/" + - name: opt-cni-bin + hostPath: + path: "/opt/cni/bin/" |