--- apiVersion: batch/v1 kind: Job metadata: name: kube-bench spec: template: metadata: labels: app: kube-bench spec: containers: - command: ["kube-bench"] image: docker.io/aquasec/kube-bench:v0.9.1 name: kube-bench volumeMounts: - name: var-lib-cni mountPath: /var/lib/cni readOnly: true - mountPath: /var/lib/etcd name: var-lib-etcd readOnly: true - mountPath: /var/lib/kubelet name: var-lib-kubelet readOnly: true - mountPath: /var/lib/kube-scheduler name: var-lib-kube-scheduler readOnly: true - mountPath: /var/lib/kube-controller-manager name: var-lib-kube-controller-manager readOnly: true - mountPath: /etc/kubernetes name: etc-kubernetes readOnly: true - mountPath: /usr/local/mount-from-host/bin name: usr-bin readOnly: true - mountPath: /etc/cni/net.d/ name: etc-cni-netd readOnly: true - mountPath: /opt/cni/bin/ name: opt-cni-bin readOnly: true hostPID: true restartPolicy: Never volumes: - name: var-lib-cni hostPath: path: /var/lib/cni - hostPath: path: /var/lib/etcd name: var-lib-etcd - hostPath: path: /var/lib/kubelet name: var-lib-kubelet - hostPath: path: /var/lib/kube-scheduler name: var-lib-kube-scheduler - hostPath: path: /var/lib/kube-controller-manager name: var-lib-kube-controller-manager - hostPath: path: /etc/kubernetes name: etc-kubernetes - hostPath: path: /usr/bin name: usr-bin - hostPath: path: /etc/cni/net.d/ name: etc-cni-netd - hostPath: path: /usr/libexec/cni name: opt-cni-bin