mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-08-23 15:41:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(hack): add /etc/kubernetes to CIS benchmark jobs (#199)

Browse Source
This commit is contained in:
Andrew Rynhard 2018-11-10 15:43:35 -08:00 committed by GitHub
parent d662791ae4
commit fc84b6218d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hack/cis-kube-bench-master.yaml
View File

@ -19,5 +19,13 @@ spec:
- master - master
- --json - --json
- --version=1.11 - --version=1.11
volumeMounts:
- name: etc-kubernetes
mountPath: /etc/kubernetes
volumes:
- name: etc-kubernetes
hostPath:
path: /etc/kubernetes
type: Directory
restartPolicy: Never restartPolicy: Never
backoffLimit: 0 backoffLimit: 0

8
hack/cis-kube-bench-node.yaml
View File

@ -13,5 +13,13 @@ spec:
- node - node
- --json - --json
- --version=1.11 - --version=1.11
volumeMounts:
- name: etc-kubernetes
mountPath: /etc/kubernetes
volumes:
- name: etc-kubernetes
hostPath:
path: /etc/kubernetes
type: Directory
restartPolicy: Never restartPolicy: Never
backoffLimit: 0 backoffLimit: 0

4
hack/cis.sh
View File

@ -14,14 +14,14 @@ run_master_benchmark() {
JOB_NAME=kube-bench-master JOB_NAME=kube-bench-master
kubectl apply -f cis-kube-bench-master.yaml -n ${NAMESPACE} kubectl apply -f cis-kube-bench-master.yaml -n ${NAMESPACE}
kubectl wait --timeout=60s --for=condition=complete job/${JOB_NAME} -n ${NAMESPACE} > /dev/null kubectl wait --timeout=60s --for=condition=complete job/${JOB_NAME} -n ${NAMESPACE} > /dev/null
kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.log kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.json
} }
run_node_benchmark() { run_node_benchmark() {
JOB_NAME=kube-bench-node JOB_NAME=kube-bench-node
kubectl apply -f cis-kube-bench-node.yaml -n ${NAMESPACE} kubectl apply -f cis-kube-bench-node.yaml -n ${NAMESPACE}
kubectl wait --timeout=60s --for=condition=complete job/${JOB_NAME} -n ${NAMESPACE} > /dev/null kubectl wait --timeout=60s --for=condition=complete job/${JOB_NAME} -n ${NAMESPACE} > /dev/null
kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.log kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.json
} }
kubectl create ns ${NAMESPACE} kubectl create ns ${NAMESPACE}