easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2427 from philipgough/ci-fix-ksm

Browse Source 
ci: Add runAsGroup for kube-state-metrics
This commit is contained in:
Kemal Akkoyun
2024-05-24 11:32:55 +02:00
committed by GitHub
parent 01c0e7d130 387731a945
commit 1c54cb22ca
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
View File

@@ -164,6 +164,9 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
ports:: null, ports:: null,
livenessProbe:: null, livenessProbe:: null,
readinessProbe:: null, readinessProbe:: null,
securityContext+: {
runAsGroup: 65534,
},
args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
resources: ksm._config.resources, resources: ksm._config.resources,
}, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf], }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],

1
manifests/kubeStateMetrics-deployment.yaml
View File

@@ -47,6 +47,7 @@ spec:
drop: drop:
- ALL - ALL
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsGroup: 65534
runAsNonRoot: true runAsNonRoot: true
runAsUser: 65534 runAsUser: 65534
seccompProfile: seccompProfile: