easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add securityContext items and add pod security labes

Browse Source
This commit is contained in:
Matthias Loibl
2023-05-31 17:32:41 +01:00
parent 1706065791
commit 1e55a4057c
4 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
jsonnet/kube-prometheus/addons/pyrra.libsonnet
View File

@@ -80,6 +80,9 @@
securityContext: { securityContext: {
allowPrivilegeEscalation: false, allowPrivilegeEscalation: false,
readOnlyRootFilesystem: true, readOnlyRootFilesystem: true,
runAsNonRoot: true,
capabilities: { drop: ['ALL'] },
seccompProfile: { type: 'RuntimeDefault' },
}, },
}; };

1
jsonnet/kube-prometheus/components/kube-rbac-proxy.libsonnet
View File

@@ -63,5 +63,6 @@ function(params) {
allowPrivilegeEscalation: false, allowPrivilegeEscalation: false,
readOnlyRootFilesystem: true, readOnlyRootFilesystem: true,
capabilities: { drop: ['ALL'] }, capabilities: { drop: ['ALL'] },
seccompProfile: { type: 'RuntimeDefault' },
}, },
} }

2
jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet
View File

@@ -280,7 +280,9 @@ function(params) {
securityContext: { securityContext: {
allowPrivilegeEscalation: false, allowPrivilegeEscalation: false,
readOnlyRootFilesystem: true, readOnlyRootFilesystem: true,
runAsNonRoot: true,
capabilities: { drop: ['ALL'] }, capabilities: { drop: ['ALL'] },
seccompProfile: { type: 'RuntimeDefault' },
}, },
}; };

4
jsonnet/kube-prometheus/main.libsonnet
View File

@@ -150,6 +150,10 @@ local utils = import './lib/utils.libsonnet';
kind: 'Namespace', kind: 'Namespace',
metadata: { metadata: {
name: $.values.common.namespace, name: $.values.common.namespace,
labels: {
'pod-security.kubernetes.io/warn': 'privileged',
'pod-security.kubernetes.io/warn-version': 'latest',
},
}, },
}, },
}, },