Loading k8s/kube-bench.yml +19 −9 Original line number Diff line number Diff line --- k8s:kube-bench: stage: test image: name: alpine:edge entrypoint: [""] variables: KUBE_BENCH_VERSION: main # or use for example v0.6.7 from the available tags on https://github.com/aquasecurity/kube-bench/tags KUBE_BENCH_VERSION: main # Or use for example v0.6.7 from the available tags on https://github.com/aquasecurity/kube-bench/tags KUBE_BENCH_MANIFEST: https://raw.githubusercontent.com/aquasecurity/kube-bench/${KUBE_BENCH_VERSION}/job.yaml KUBE_BENCH_JOB_NAME: kube-bench # needs to match the metadata in the job manifest # KUBE_BENCH_JOB_NAME: kube-bench # Needs to match the metadata name in the job manifest k8s:kube-bench:prepare: stage: .pre image: alpine:latest script: - apk add kubectl --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing yq - apk add --no-cache yq - wget -O job.yaml ${KUBE_BENCH_MANIFEST} - yq eval -i '.spec.template.spec.containers[0].command = ["kube-bench", "--junit", "--alsologtostderr", "--outputfile", "kube-bench.xml"]' job.yaml artifacts: paths: - job.yaml k8s:kube-bench: stage: test image: name: bitnami/kubectl:latest entrypoint: [""] script: - kubectl delete -f job.yaml --ignore-not-found=true - kubectl apply -f job.yaml - kubectl wait -f job.yaml --for=condition=complete=true - kubectl logs -f jobs/${KUBE_BENCH_JOB_NAME} # - kubectl logs -f jobs/${KUBE_BENCH_JOB_NAME} - kubectl delete -f job.yaml --ignore-not-found=true needs: ["k8s:kube-bench:prepare"] artifacts: reports: junit: kube-bench.xml Loading
k8s/kube-bench.yml +19 −9 Original line number Diff line number Diff line --- k8s:kube-bench: stage: test image: name: alpine:edge entrypoint: [""] variables: KUBE_BENCH_VERSION: main # or use for example v0.6.7 from the available tags on https://github.com/aquasecurity/kube-bench/tags KUBE_BENCH_VERSION: main # Or use for example v0.6.7 from the available tags on https://github.com/aquasecurity/kube-bench/tags KUBE_BENCH_MANIFEST: https://raw.githubusercontent.com/aquasecurity/kube-bench/${KUBE_BENCH_VERSION}/job.yaml KUBE_BENCH_JOB_NAME: kube-bench # needs to match the metadata in the job manifest # KUBE_BENCH_JOB_NAME: kube-bench # Needs to match the metadata name in the job manifest k8s:kube-bench:prepare: stage: .pre image: alpine:latest script: - apk add kubectl --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing yq - apk add --no-cache yq - wget -O job.yaml ${KUBE_BENCH_MANIFEST} - yq eval -i '.spec.template.spec.containers[0].command = ["kube-bench", "--junit", "--alsologtostderr", "--outputfile", "kube-bench.xml"]' job.yaml artifacts: paths: - job.yaml k8s:kube-bench: stage: test image: name: bitnami/kubectl:latest entrypoint: [""] script: - kubectl delete -f job.yaml --ignore-not-found=true - kubectl apply -f job.yaml - kubectl wait -f job.yaml --for=condition=complete=true - kubectl logs -f jobs/${KUBE_BENCH_JOB_NAME} # - kubectl logs -f jobs/${KUBE_BENCH_JOB_NAME} - kubectl delete -f job.yaml --ignore-not-found=true needs: ["k8s:kube-bench:prepare"] artifacts: reports: junit: kube-bench.xml
