kube-bench icon indicating copy to clipboard operation
kube-bench copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

Add support for storing/fetching YAML config(s) and Benchmarks in etcd.

Open bitvector2 opened this issue 8 years ago • 5 comments

Would this feature be desirable? I would be happy to add...

bitvector2 avatar Oct 31 '17 18:10 bitvector2

Sorry I don't know why I didn't respond on this sooner! I think if you have a use case to do so this could be a nice enhancement. It seems like a good move towards making it easier to run the tests on all nodes automatically, right?

lizrice avatar Nov 29 '17 18:11 lizrice

Fetching from a URL (like how you can do kubectl create -f http://host/file.yaml) would be more useful in my opinion.

Right now, I have to fork the repo and build my own image to include different configuration.

sabbour avatar Oct 22 '18 06:10 sabbour

@sabbour you can pull in other config files at runtime using the -D flag (and if you're running in a container, you'd also need to mount the directory with your config files). Does that give you what you need?

lizrice avatar Oct 22 '18 09:10 lizrice

@lizrice How would that work when running it as a container on the cluster using the command below? Maybe I'm missing something.

kubectl run --rm -i -t kube-bench-node --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true } }" -- node --version 1.11

Edit: Maybe not in a single command, but if the config files are loaded as ConfigMaps that are mounted as volumes using https://kubernetes.io/docs/concepts/storage/volumes/#configmap and https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#create-configmaps-from-directories, it could work.

sabbour avatar Oct 22 '18 10:10 sabbour

I like the configMaps idea...

lizrice avatar Feb 13 '19 14:02 lizrice