Run kube-bench outside the cluster as a standalone using CLI and Kubeconfig? #1645
Unanswered
saisatishkarra
asked this question in
Questions and Help
Replies: 1 comment 2 replies
-
@saisatishkarra It is Unsupported to run kube-bench as a standalone CLI scan targeting clusters in kubeconfig. As you say, we can not scan files on a node without running on the node. If you don't want to create a pod, you can use ssh to copy and run kube-bench on the remote node. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Discussed in #712
I am trying to check and run kube-bench as a standalone process outside the k8s cluster by leveraging the kubeconfig file accessible to provide cluster context.
The goal is NOT to use /install the trivy-operator / run kube-bench as a job / pod within the cluster as k8s workload.
Q&A:
Is it possible (Supported / Unsupported) to run kube-bench as a standalone CLI scan targeting clusters in kubeconfig?
If supported, is there a list of RBAC access rules needed to achieve this?
If supported, How can kube-bench running as standalone target specific nodes within cluster for node CIS benchmarks as there is no way to specifying the mount paths to a standalone CLI leveraging kubeconfig?
Beta Was this translation helpful? Give feedback.
All reactions