Loading k8s/kube-bench.yml +13 −16 Original line number Diff line number Diff line Loading @@ -2,29 +2,24 @@ variables: KUBE_BENCH_VERSION: main # Or use for example v0.6.7 from the available tags on https://github.com/aquasecurity/kube-bench/tags k8s:kube-bench:prepare: stage: .pre image: alpine:latest .kube-context: image: registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:latest before_script: - gl-use-kube-context - chmod 400 $KUBECONFIG # Removes security warnings. https://gitlab.com/gitlab-org/project-templates/cluster-management/-/merge_requests/51#note_936576634 k8s:kube-bench: stage: .post extends: .kube-context script: - apk add --no-cache yq - mkdir -p kube-bench - | if ! test -f kube-bench/job.yaml; then apk add --no-cache yq mkdir -p kube-bench wget -O kube-bench/job.yaml https://raw.githubusercontent.com/aquasecurity/kube-bench/${KUBE_BENCH_VERSION}/job.yaml yq eval '.spec.template.spec.containers[0].command = ["kube-bench", "--junit"]' kube-bench/job.yaml > kube-bench/job-junit.yaml yq eval -i '.metadata.name = "kube-bench-junit"' kube-bench/job-junit.yaml fi artifacts: paths: - kube-bench/ k8s:kube-bench: stage: test image: registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:latest variables: GIT_STRATEGY: none script: - gl-use-kube-context - kubectl delete -f kube-bench/job-junit.yaml -f kube-bench/job.yaml --ignore-not-found=true - kubectl apply -f kube-bench/job-junit.yaml -f kube-bench/job.yaml - kubectl wait -f kube-bench/job-junit.yaml -f kube-bench/job.yaml --for=condition=complete=true Loading @@ -35,3 +30,5 @@ k8s:kube-bench: artifacts: reports: junit: kube-bench-junit.xml paths: - kube-bench/ Loading
k8s/kube-bench.yml +13 −16 Original line number Diff line number Diff line Loading @@ -2,29 +2,24 @@ variables: KUBE_BENCH_VERSION: main # Or use for example v0.6.7 from the available tags on https://github.com/aquasecurity/kube-bench/tags k8s:kube-bench:prepare: stage: .pre image: alpine:latest .kube-context: image: registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:latest before_script: - gl-use-kube-context - chmod 400 $KUBECONFIG # Removes security warnings. https://gitlab.com/gitlab-org/project-templates/cluster-management/-/merge_requests/51#note_936576634 k8s:kube-bench: stage: .post extends: .kube-context script: - apk add --no-cache yq - mkdir -p kube-bench - | if ! test -f kube-bench/job.yaml; then apk add --no-cache yq mkdir -p kube-bench wget -O kube-bench/job.yaml https://raw.githubusercontent.com/aquasecurity/kube-bench/${KUBE_BENCH_VERSION}/job.yaml yq eval '.spec.template.spec.containers[0].command = ["kube-bench", "--junit"]' kube-bench/job.yaml > kube-bench/job-junit.yaml yq eval -i '.metadata.name = "kube-bench-junit"' kube-bench/job-junit.yaml fi artifacts: paths: - kube-bench/ k8s:kube-bench: stage: test image: registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:latest variables: GIT_STRATEGY: none script: - gl-use-kube-context - kubectl delete -f kube-bench/job-junit.yaml -f kube-bench/job.yaml --ignore-not-found=true - kubectl apply -f kube-bench/job-junit.yaml -f kube-bench/job.yaml - kubectl wait -f kube-bench/job-junit.yaml -f kube-bench/job.yaml --for=condition=complete=true Loading @@ -35,3 +30,5 @@ k8s:kube-bench: artifacts: reports: junit: kube-bench-junit.xml paths: - kube-bench/
