Skip to content

Commit

Permalink
Merge pull request #187 from martinmosegaard/doc-kubectl-host-pid
Browse files Browse the repository at this point in the history 
Document limitation of running with kubectl
  • Loading branch information
@lizrice
lizrice authored Jan 2, 2019
2 parents 313fe03 + 9f28990 commit f6cab11
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ Run the master check
kubectl run --rm -i -t kube-bench-master --image=aquasec/kube-bench:latest --restart=Never --overrides="{ \"apiVersion\": \"v1\", \"spec\": { \"hostPID\": true, \"nodeSelector\": { \"node-role.kubernetes.io/master\": \"\" }, \"tolerations\": [ { \"key\": \"node-role.kubernetes.io/master\", \"operator\": \"Exists\", \"effect\": \"NoSchedule\" } ] } }" -- master --version 1.11
```

Notice that this requires access to the host PID namespace. Thus it will not work if the recommendation to enable the admission plugin DenyEscalatingExec in the API Server has been implemented. You will see an error message about failing to attach to a container using host PID.

Run the node check

```
Expand Down

0 comments on commit f6cab11

Please sign in to comment.