From cb7ee765a3a709198ccbab959988db59d77d31d1 Mon Sep 17 00:00:00 2001
From: Nick <njgibbon@outlook.com>
Date: Wed, 7 Jul 2021 16:21:30 +0100
Subject: [PATCH] K8s Job Command Clean (#923)

* Update commands

* oopsy on run command

* update reference version for iks to be 120

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
---
 job-ack.yaml      | 2 +-
 job-aks.yaml      | 2 +-
 job-eks-asff.yaml | 5 +++--
 job-eks.yaml      | 2 +-
 job-gke.yaml      | 2 +-
 job-iks.yaml      | 2 +-
 job-master.yaml   | 2 +-
 job-node.yaml     | 2 +-
 8 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/job-ack.yaml b/job-ack.yaml
index 08e0914..ecc1819 100644
--- a/job-ack.yaml
+++ b/job-ack.yaml
@@ -10,7 +10,7 @@ spec:
       containers:
         - name: kube-bench
           image: aquasec/kube-bench:latest
-          command: ["kube-bench", "--benchmark", "ack-1.0", "run", "--targets", "node,policies,managedservices"]
+          command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "ack-1.0"]
           volumeMounts:
             - name: var-lib-kubelet
               mountPath: /var/lib/kubelet
diff --git a/job-aks.yaml b/job-aks.yaml
index 766ae55..329c86b 100644
--- a/job-aks.yaml
+++ b/job-aks.yaml
@@ -10,7 +10,7 @@ spec:
       containers:
         - name: kube-bench
           image: aquasec/kube-bench:latest
-          command: ["kube-bench", "node", "--benchmark", "aks-1.0"]
+          command: ["kube-bench", "run", "--targets", "node", "--benchmark", "aks-1.0"]
           volumeMounts:
             - name: var-lib-kubelet
               mountPath: /var/lib/kubelet
diff --git a/job-eks-asff.yaml b/job-eks-asff.yaml
index 741e282..ecde08d 100644
--- a/job-eks-asff.yaml
+++ b/job-eks-asff.yaml
@@ -31,8 +31,9 @@ spec:
       containers:
         - name: kube-bench
           # Push the image to your ECR and then refer to it here
-          image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
-          command: ["kube-bench", "node", "--benchmark", "eks-1.0", "--asff"]
+          # image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
+          image: aquasec/kube-bench:latest
+          command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0", "--asff"]
           volumeMounts:
             - name: var-lib-kubelet
               mountPath: /var/lib/kubelet
diff --git a/job-eks.yaml b/job-eks.yaml
index 720c428..cbad7f2 100644
--- a/job-eks.yaml
+++ b/job-eks.yaml
@@ -13,7 +13,7 @@ spec:
           # image: <ID.dkr.ecr.region.amazonaws.com/aquasec/kube-bench:ref>
           image: aquasec/kube-bench:latest
           # To send findings to AWS Security Hub, refer to `job-eks-asff.yaml` instead
-          command: ["kube-bench", "node", "--benchmark", "eks-1.0"]
+          command: ["kube-bench", "run", "--targets", "node", "--benchmark", "eks-1.0"]
           volumeMounts:
             - name: var-lib-kubelet
               mountPath: /var/lib/kubelet
diff --git a/job-gke.yaml b/job-gke.yaml
index 7a92c7e..3c38722 100644
--- a/job-gke.yaml
+++ b/job-gke.yaml
@@ -10,7 +10,7 @@ spec:
       containers:
         - name: kube-bench
           image: aquasec/kube-bench:latest
-          command: ["kube-bench", "--benchmark", "gke-1.0", "run", "--targets", "node,policies,managedservices"]
+          command: ["kube-bench", "run", "--targets", "node,policies,managedservices", "--benchmark", "gke-1.0"]
           volumeMounts:
             - name: var-lib-kubelet
               mountPath: /var/lib/kubelet
diff --git a/job-iks.yaml b/job-iks.yaml
index 3d3d072..a67ad40 100644
--- a/job-iks.yaml
+++ b/job-iks.yaml
@@ -10,7 +10,7 @@ spec:
       containers:
         - name: kube-bench
           image: aquasec/kube-bench:latest
-          command: ["kube-bench", "--version", "1.13", "node"]
+          command: ["kube-bench", "run", "--targets", "node", "--version", "1.20"]
           volumeMounts:
             - name: var-lib-kubelet
               mountPath: /var/lib/kubelet
diff --git a/job-master.yaml b/job-master.yaml
index 55ab698..e3be12b 100644
--- a/job-master.yaml
+++ b/job-master.yaml
@@ -16,7 +16,7 @@ spec:
       containers:
         - name: kube-bench
           image: aquasec/kube-bench:latest
-          command: ["kube-bench", "run", "--targets=master"]
+          command: ["kube-bench", "run", "--targets", "master"]
           volumeMounts:
             - name: var-lib-etcd
               mountPath: /var/lib/etcd
diff --git a/job-node.yaml b/job-node.yaml
index a930748..b452317 100644
--- a/job-node.yaml
+++ b/job-node.yaml
@@ -10,7 +10,7 @@ spec:
       containers:
         - name: kube-bench
           image: aquasec/kube-bench:latest
-          command: ["kube-bench", "run", "--targets=node"]
+          command: ["kube-bench", "run", "--targets", "node"]
           volumeMounts:
             - name: var-lib-etcd
               mountPath: /var/lib/etcd
-- 
GitLab