More Guidance On Usage

[jseiser]

I have just started using inspec to run tests against my infrastructure that is generated via terraform. Everything is working great. I output the terraform results to a JSON file, parse it to create various variables and then use those variables in my tests.

Looking at this profile, Im not quite sure

1. Where should this run from. External to the cluster, inside a container on a node, physically on a worker node etc.
2. Do I need to pass in any external information? IP's of the masters, etc.

Thanks,

[tstuber]

1. You have to run this profile against your master/worker nodes.
   Either you can run it from a central InSpec host in your cluster, or you can run it on your kubernetes master/workers locally. Both approaches are possible.

For example if you run it from a central host, you can execute it like this:
inspec exec profiles/cis-kubernetes-benchmark -t ssh://user@host.example.com -i /your/ssh/key --reporter cli json:/var/inspec/report.json --sudo

2. You do not have to pass any external information to run it.

[rarenerd]

Thank you for adding the explanation :)

I will close this issue now, please let us know if there is anything else we can do.