Address FIXME

Signed-off-by: ArthurSens <arthursens2005@gmail.com>
2022-02-15 15:20:21 +00:00
parent d270540308
commit 78ca6d9579
3 changed files with 2 additions and 15 deletions
--- a/jsonnet/kube-prometheus/components/grafana.libsonnet
+++ b/jsonnet/kube-prometheus/components/grafana.libsonnet
@@ -86,8 +86,7 @@ function(params)

    // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
    // 'allowPrivilegeEscalation: false' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/128 gets merged.
-    // 'readOnlyRootFilesystem: true' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/129 gets merged.
-    // 'capabilities: { drop: ['ALL'] }' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/130 gets merged.
+    // 'readOnlyRootFilesystem: true' and extra volumeMounts can be deleted when https://github.com/brancz/kubernetes-grafana/pull/129 gets merged.
    // FIXME(paulfantom): `automountServiceAccountToken` can be removed after porting to brancz/kuberentes-grafana
    deployment+: {
      spec+: {
@@ -98,7 +97,6 @@ function(params)
              securityContext+: {
                allowPrivilegeEscalation: false,
                readOnlyRootFilesystem: true,
-                capabilities: { drop: ['ALL'] },
              },
              volumeMounts+: [{
                mountPath: '/tmp',
--- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
@@ -118,8 +118,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
    image: ksm._config.kubeRbacProxyImage,
  }),

-  // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
-  // 'capabilities: { drop: ['ALL'] },' can be deleted when https://github.com/kubernetes/kube-state-metrics/pull/1674 gets merged.
  deployment+: {
    spec+: {
      template+: {
@@ -136,9 +134,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
            readinessProbe:: null,
            args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
            resources: ksm._config.resources,
-            securityContext+: {
-              capabilities: { drop: ['ALL'] },
-            },
          }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
        },
      },
--- a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
+++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
@@ -125,18 +125,12 @@ function(params)
      image: po._config.kubeRbacProxyImage,
    }),

-    // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
-    // 'capabilities: { drop: ['ALL'] },' can be deleted when https://github.com/prometheus-operator/prometheus-operator/pull/4546 gets merged.
    deployment+: {
      spec+: {
        template+: {
          spec+: {
            automountServiceAccountToken: true,
-            containers: std.map(function(c) c {
-              securityContext+: {
-                capabilities: { drop: ['ALL'] },
-              },
-            }, super.containers) + [kubeRbacProxy],
+            containers+: [kubeRbacProxy],
          },
        },
      },