From bb7393b05efe1d3ac2f675622bb2e3e4c0262565 Mon Sep 17 00:00:00 2001
From: Davide Oddone <davide@oddone.dev>
Date: Fri, 18 Oct 2024 13:16:30 +0200
Subject: [PATCH] Implemented CIS Kubernetes benchmark

---
 terraform/main.tf | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/terraform/main.tf b/terraform/main.tf
index 80a88bf..e1b30a0 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -186,9 +186,27 @@ resource null_resource create_namespace {
 
       connection {
           host        = libvirt_domain.k8s_masters[0].network_interface[0].addresses[0]
-		  type        = "ssh"
+          type        = "ssh"
           user        = "ansible"
           private_key = data.template_file.private_key.rendered
       } 
     }
 }
+
+resource null_resource run_benchmark {
+    depends_on = [  
+      null_resource.create_namespace
+ ] 
+    provisioner "remote-exec" {
+        inline = ["curl https://raw.githubusercontent.com/aquasecurity/kube-bench/refs/heads/main/job-master.yaml > job-master.yaml", "kubectl --kubeconfig ~/.kube/config apply -f job-master.yaml", "rm job-master.yaml"]
+        
+        
+        connection {
+            host        = libvirt_domain.k8s_masters[0].network_interface[0].addresses[0]
+	        type        = "ssh"
+            user        = "ansible"
+            private_key = data.template_file.private_key.rendered
+        } 
+        
+    }
+}