Skip to content

mozhuli/sonobuoy-plugin-bulkhead

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
cfg
cfg
 
 
examples
examples
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
kube-bench
kube-bench
 
 
run_checks.sh
run_checks.sh
 
 

Repository files navigation

Sonobuoy "bulkhead" plugin

This Sonobuoy plugin, bulkhead performs automated CIS Benchmark assessments against your Kubernetes cluster master and worker nodes by using kube-bench and outputs those results in the native kube-bench json format.

NOTE: This plugin was not officially created by either Heptio or Aqua Security. It is also in the very early stages.

Quick usage

  1. Edit the Makefile to use your container registry
  2. Run make && make push to build and push your image
  3. Modify examples/benchmark.yml to change your image location
  4. Run kubectl create -f examples/benchmark.yml to install Sonobuoy with this plugin enabled/running.
  5. When the scan(s) are complete, collect the results: kubectl cp heptio-sonobuoy/sonobuoy:/tmp/sonobuoy ./results --namespace=heptio-sonobuoy
  6. View the results: cd results && tar -zxvf *.tar.gz && cd plugins/bulkhead
  7. Clean up: kubectl delete -f examples/benchmark.yml (This removes all scan data, too)

TODO

  • Work on a Sonobuoy results parser

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages