jgsqware/docker-bench.yaml

## docker-bench.yaml
apiVersion: v1
kind: Pod
metadata:
  name: docker-bench
  labels:
    app: docker-bench
spec:
  hostPID: true
  nodeSelector:
    role: master
  tolerations:
  - key: node-role.kubernetes.io/master
    operator: Exists
    effect: NoSchedule
  restartPolicy: Never
  containers:
    - name: docker-bench
      image: docker/docker-bench-security
      volumeMounts:
        - mountPath: /var/run/docker.sock
          name: docker-socket
        - mountPath: /var/lib
          name: var-lib
        - mountPath: /usr/lib/systemd
          name: usr-lib-systemd
        - mountPath: /etc
          name: etc
  volumes:
    - name: docker-socket
      hostPath:
        path: /var/run/docker.sock
    - name: var-lib
      hostPath:
        path: /var/lib
    - name: usr-lib-systemd
      hostPath:
        path: /usr/lib/systemd
    - name: etc
      hostPath:
        path: /etc
	apiVersion: v1
	kind: Pod
	metadata:
	name: docker-bench
	labels:
	app: docker-bench
	spec:
	hostPID: true
	nodeSelector:
	role: master
	tolerations:
	- key: node-role.kubernetes.io/master
	operator: Exists
	effect: NoSchedule
	restartPolicy: Never
	containers:
	- name: docker-bench
	image: docker/docker-bench-security
	volumeMounts:
	- mountPath: /var/run/docker.sock
	name: docker-socket
	- mountPath: /var/lib
	name: var-lib
	- mountPath: /usr/lib/systemd
	name: usr-lib-systemd
	- mountPath: /etc
	name: etc
	volumes:
	- name: docker-socket
	hostPath:
	path: /var/run/docker.sock
	- name: var-lib
	hostPath:
	path: /var/lib
	- name: usr-lib-systemd
	hostPath:
	path: /usr/lib/systemd
	- name: etc
	hostPath:
	path: /etc