fix(hack): add /etc/kubernetes to CIS benchmark jobs (#199)

2025-08-23 15:41:10 +02:00 · 2018-11-10 15:43:35 -08:00 · 2018-11-10 15:43:35 -08:00 · fc84b6218d
commit fc84b6218d
parent d662791ae4
3 changed files with 18 additions and 2 deletions
--- a/hack/cis-kube-bench-master.yaml
+++ b/hack/cis-kube-bench-master.yaml
@ -19,5 +19,13 @@ spec:
        - master
        - --json
        - --version=1.11
+        volumeMounts:
+        - name: etc-kubernetes
+          mountPath: /etc/kubernetes
+      volumes:
+      - name: etc-kubernetes
+        hostPath:
+          path: /etc/kubernetes
+          type: Directory
      restartPolicy: Never
  backoffLimit: 0
--- a/hack/cis-kube-bench-node.yaml
+++ b/hack/cis-kube-bench-node.yaml
@ -13,5 +13,13 @@ spec:
        - node
        - --json
        - --version=1.11
+        volumeMounts:
+        - name: etc-kubernetes
+          mountPath: /etc/kubernetes
+      volumes:
+      - name: etc-kubernetes
+        hostPath:
+          path: /etc/kubernetes
+          type: Directory
      restartPolicy: Never
  backoffLimit: 0
--- a/hack/cis.sh
+++ b/hack/cis.sh
@ -14,14 +14,14 @@ run_master_benchmark() {
    JOB_NAME=kube-bench-master
    kubectl apply -f cis-kube-bench-master.yaml -n ${NAMESPACE}
    kubectl wait --timeout=60s --for=condition=complete job/${JOB_NAME} -n ${NAMESPACE} > /dev/null
-    kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.log
+    kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.json
 }

 run_node_benchmark() {
    JOB_NAME=kube-bench-node
    kubectl apply -f cis-kube-bench-node.yaml -n ${NAMESPACE}
    kubectl wait --timeout=60s --for=condition=complete job/${JOB_NAME} -n ${NAMESPACE} > /dev/null
-    kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.log
+    kubectl logs job/${JOB_NAME} -n ${NAMESPACE} | jq . >../build/cis-${JOB_NAME}.json
 }

 kubectl create ns ${NAMESPACE}