DEV Community

Discussion on: Kubernetes Security Best-Practices

View post
Collapse
 
kilmore profile image
Kilmore

Good article. I had an issue with the node selector for the master in your example. Below is what worked for me.

Thanks!

kubectl run \
--rm \
-it \
kube-bench-master \
--image=aquasec/kube-bench:latest \
--restart=Never \
--overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true, \"nodeSelector\": { \"node-role.kubernetes.io/master\": \"\" }, \"tolerations\": [ { \"key\": \"node-role.kubernetes.io/master\", \"operator\": \"Exists\", \"effect\": \"NoSchedule\" } ] } }" \
-- master \
--version 1.8