added gke volumes to security scan config template

vardhaman22 · Nov 14, 2024 · 280356c · 280356c
1 parent a9e8caf
commit 280356c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml
@@ -12,7 +12,9 @@ data:
     <1.21.0: rke2-cis-1.20-profile-permissive
     >=1.21.0: rke2-cis-1.8-profile-permissive
   eks: "eks-profile"
-  gke: "gke-profile"
+  gke: |-
+    < 1.29.0-0: gke-profile
+    >= 1.29.0-0: gke-profile-1.6.0
   aks: "aks-profile"
   k3s: "k3s-cis-1.8-profile-permissive"
   default: "cis-1.8-profile"
diff --git a/pkg/securityscan/core/templates/pluginConfig.template b/pkg/securityscan/core/templates/pluginConfig.template
@@ -56,6 +56,12 @@ data:
       - hostPath:
           path: /run/log
         name: run-log
+      - hostPath:
+          path: /home/kubernetes
+        name: gke-home
+      - hostPath:
+          path: /var/lib/kubelet/
+        name: var-kubelet
       {{- if .isCustomBenchmark }}
       - configMap:
           defaultMode: 420
@@ -132,6 +138,12 @@ data:
       - mountPath: /run/log/
         name: run-log
         readOnly: true
+      - mountPath: /home/kubernetes
+        name: gke-home
+        readOnly: true
+      - mountPath: /var/lib/kubelet/
+        name: var-kubelet
+        readOnly: true
       {{- if .isCustomBenchmark }}
       - mountPath: /etc/kbs/custombenchmark/cfg
         name: custom-benchmark-volume