Merge pull request #1593 from prometheus-operator/as/forbid-privilege-scalation

Explicitly declare allowPrivilegeEscalation to false in all components
2022-01-24 10:38:33 +00:00
parent 90ad3c99fc 2d02121731
commit 4d004393e1
13 changed files with 49 additions and 2 deletions
--- a/manifests/kubeStateMetrics-deployment.yaml
+++ b/manifests/kubeStateMetrics-deployment.yaml
@@ -42,6 +42,7 @@ spec:
            cpu: 10m
            memory: 190Mi
        securityContext:
+          allowPrivilegeEscalation: false
          runAsUser: 65534
      - args:
        - --logtostderr
@@ -61,6 +62,7 @@ spec:
            cpu: 20m
            memory: 20Mi
        securityContext:
+          allowPrivilegeEscalation: false
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532
@@ -82,6 +84,7 @@ spec:
            cpu: 10m
            memory: 20Mi
        securityContext:
+          allowPrivilegeEscalation: false
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532