ci: Add runAsGroup for kube-state-metrics

2024-05-14 09:31:24 +01:00
parent cb55161e24
commit 387731a945
2 changed files with 4 additions and 0 deletions
--- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
@@ -164,6 +164,9 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
            ports:: null,
            livenessProbe:: null,
            readinessProbe:: null,
+            securityContext+: {
+              runAsGroup: 65534,
+            },
            args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
            resources: ksm._config.resources,
          }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
--- a/manifests/kubeStateMetrics-deployment.yaml
+++ b/manifests/kubeStateMetrics-deployment.yaml
@@ -47,6 +47,7 @@ spec:
            drop:
            - ALL
          readOnlyRootFilesystem: true
+          runAsGroup: 65534
          runAsNonRoot: true
          runAsUser: 65534
          seccompProfile: