github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/job-node.yaml

github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/job-node.yaml (about)

     1  ---
     2  apiVersion: batch/v1
     3  kind: Job
     4  metadata:
     5    name: kube-bench-node
     6  spec:
     7    template:
     8      spec:
     9        hostPID: true
    10        containers:
    11          - name: kube-bench
    12            image: docker.io/khulnasoft/kube-bench:latest
    13            command: ["kube-bench", "run", "--targets", "node"]
    14            volumeMounts:
    15              - name: var-lib-etcd
    16                mountPath: /var/lib/etcd
    17                readOnly: true
    18              - name: var-lib-kubelet
    19                mountPath: /var/lib/kubelet
    20                readOnly: true
    21              - name: var-lib-kube-scheduler
    22                mountPath: /var/lib/kube-scheduler
    23                readOnly: true
    24              - name: var-lib-kube-controller-manager
    25                mountPath: /var/lib/kube-controller-manager
    26                readOnly: true
    27              - name: etc-systemd
    28                mountPath: /etc/systemd
    29                readOnly: true
    30              - name: lib-systemd
    31                mountPath: /lib/systemd/
    32                readOnly: true
    33              - name: srv-kubernetes
    34                mountPath: /srv/kubernetes/
    35                readOnly: true
    36              - name: etc-kubernetes
    37                mountPath: /etc/kubernetes
    38                readOnly: true
    39                # /usr/local/mount-from-host/bin is mounted to access kubectl / kubelet, for auto-detecting the Kubernetes version.
    40                # You can omit this mount if you specify --version as part of the command.
    41              - name: usr-bin
    42                mountPath: /usr/local/mount-from-host/bin
    43                readOnly: true
    44              - name: etc-cni-netd
    45                mountPath: /etc/cni/net.d/
    46                readOnly: true
    47              - name: opt-cni-bin
    48                mountPath: /opt/cni/bin/
    49                readOnly: true
    50        restartPolicy: Never
    51        volumes:
    52          - name: var-lib-etcd
    53            hostPath:
    54              path: "/var/lib/etcd"
    55          - name: var-lib-kubelet
    56            hostPath:
    57              path: "/var/lib/kubelet"
    58          - name: var-lib-kube-scheduler
    59            hostPath:
    60              path: "/var/lib/kube-scheduler"
    61          - name: var-lib-kube-controller-manager
    62            hostPath:
    63              path: "/var/lib/kube-controller-manager"
    64          - name: etc-systemd
    65            hostPath:
    66              path: "/etc/systemd"
    67          - name: lib-systemd
    68            hostPath:
    69              path: "/lib/systemd"
    70          - name: srv-kubernetes
    71            hostPath:
    72              path: "/srv/kubernetes"
    73          - name: etc-kubernetes
    74            hostPath:
    75              path: "/etc/kubernetes"
    76          - name: usr-bin
    77            hostPath:
    78              path: "/usr/bin"
    79          - name: etc-cni-netd
    80            hostPath:
    81              path: "/etc/cni/net.d/"
    82          - name: opt-cni-bin
    83            hostPath:
    84              path: "/opt/cni/bin/"