github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/job-eks-asff.yaml (about) 1 --- 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 name: kube-bench 6 # If using a dedicated IAM role for kube-bench, uncomment the annotations 7 # block below and replace the ROLE_ARN 8 # annotations: 9 # eks.amazonaws.com/role-arn: "<ROLE_ARN>" 10 11 --- 12 apiVersion: v1 13 kind: ConfigMap 14 metadata: 15 name: kube-bench-eks-config 16 data: 17 config.yaml: | 18 AWS_ACCOUNT: "<AWS_ACCT_NUMBER>" 19 AWS_REGION: "<AWS_REGION>" 20 CLUSTER_ARN: "<AWS_CLUSTER_ARN>" 21 22 --- 23 apiVersion: batch/v1 24 kind: Job 25 metadata: 26 name: kube-bench 27 spec: 28 template: 29 spec: 30 hostPID: true 31 containers: 32 - name: kube-bench 33 # Push the image to your ECR and then refer to it here 34 # image: <ID.dkr.ecr.region.amazonaws.com/khulnasoft/kube-bench:ref> 35 image: docker.io/khulnasoft/kube-bench:latest 36 command: 37 [ 38 "kube-bench", 39 "run", 40 "--targets", 41 "node", 42 "--benchmark", 43 "eks-1.2.0", 44 "--asff", 45 ] 46 env: 47 - name: NODE_NAME 48 valueFrom: 49 fieldRef: 50 fieldPath: spec.nodeName 51 volumeMounts: 52 - name: var-lib-kubelet 53 mountPath: /var/lib/kubelet 54 readOnly: true 55 - name: etc-systemd 56 mountPath: /etc/systemd 57 readOnly: true 58 - name: etc-kubernetes 59 mountPath: /etc/kubernetes 60 readOnly: true 61 - name: kube-bench-eks-config 62 mountPath: "/opt/kube-bench/cfg/eks-1.2.0/config.yaml" 63 subPath: config.yaml 64 readOnly: true 65 restartPolicy: Never 66 serviceAccountName: kube-bench 67 volumes: 68 - name: var-lib-kubelet 69 hostPath: 70 path: "/var/lib/kubelet" 71 - name: etc-systemd 72 hostPath: 73 path: "/etc/systemd" 74 - name: etc-kubernetes 75 hostPath: 76 path: "/etc/kubernetes" 77 - name: kube-bench-eks-config 78 configMap: 79 name: kube-bench-eks-config 80 items: 81 - key: config.yaml 82 path: config.yaml