From fc84b6218d742991aa67d2b6565c62833c9e43ed Mon Sep 17 00:00:00 2001
From: Andrew Rynhard <andrew@andrewrynhard.com>
Date: Sat, 10 Nov 2018 15:43:35 -0800
Subject: [PATCH] fix(hack): add /etc/kubernetes to CIS benchmark jobs (#199)

---
 hack/cis-kube-bench-master.yaml | 8 ++++++++
 hack/cis-kube-bench-node.yaml   | 8 ++++++++
 hack/cis.sh                     | 4 ++--
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/hack/cis-kube-bench-master.yaml b/hack/cis-kube-bench-master.yaml
index 2dfaf1ae0..b9168c9f8 100644
--- a/hack/cis-kube-bench-master.yaml
+++ b/hack/cis-kube-bench-master.yaml
@@ -19,5 +19,13 @@ spec:
         - master
         - --json
         - --version=1.11
+        volumeMounts:
+        - name: etc-kubernetes
+          mountPath: /etc/kubernetes
+      volumes:
+      - name: etc-kubernetes
+        hostPath:
+          path: /etc/kubernetes
+          type: Directory
       restartPolicy: Never
   backoffLimit: 0
diff --git a/hack/cis-kube-bench-node.yaml b/hack/cis-kube-bench-node.yaml
index e893264b3..73212ce34 100644
--- a/hack/cis-kube-bench-node.yaml
+++ b/hack/cis-kube-bench-node.yaml
@@ -13,5 +13,13 @@ spec:
         - node
         - --json
         - --version=1.11
+        volumeMounts:
+        - name: etc-kubernetes
+          mountPath: /etc/kubernetes
+      volumes:
+      - name: etc-kubernetes
+        hostPath:
+          path: /etc/kubernetes
+          type: Directory
       restartPolicy: Never
   backoffLimit: 0
diff --git a/hack/cis.sh b/hack/cis.sh
index d54f3d340..48bad2a86 100755
--- a/hack/cis.sh
+++ b/hack/cis.sh
@@ -14,14 +14,14 @@ run_master_benchmark() {
     JOB_NAME=kube-bench-master
     kubectl apply -f cis-kube-bench-master.yaml -n ${NAMESPACE}
     kubectl wait --timeout=60s --for=condition=complete job/${JOB_NAME} -n ${NAMESPACE} > /dev/null
-    kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.log
+    kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.json
 }
 
 run_node_benchmark() {
     JOB_NAME=kube-bench-node
     kubectl apply -f cis-kube-bench-node.yaml -n ${NAMESPACE}
     kubectl wait --timeout=60s --for=condition=complete job/${JOB_NAME} -n ${NAMESPACE} > /dev/null
-    kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.log
+    kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.json
 }
 
 kubectl create ns ${NAMESPACE}