ArthurSens
@@ -86,8 +86,7 @@ function(params)
|
|||||||
|
|
||||||
// FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
|
// FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
|
||||||
// 'allowPrivilegeEscalation: false' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/128 gets merged.
|
// 'allowPrivilegeEscalation: false' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/128 gets merged.
|
||||||
// 'readOnlyRootFilesystem: true' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/129 gets merged.
|
// 'readOnlyRootFilesystem: true' and extra volumeMounts can be deleted when https://github.com/brancz/kubernetes-grafana/pull/129 gets merged.
|
||||||
// 'capabilities: { drop: ['ALL'] }' can be deleted when https://github.com/brancz/kubernetes-grafana/pull/130 gets merged.
|
|
||||||
// FIXME(paulfantom): `automountServiceAccountToken` can be removed after porting to brancz/kuberentes-grafana
|
// FIXME(paulfantom): `automountServiceAccountToken` can be removed after porting to brancz/kuberentes-grafana
|
||||||
deployment+: {
|
deployment+: {
|
||||||
spec+: {
|
spec+: {
|
||||||
@@ -98,7 +97,6 @@ function(params)
|
|||||||
securityContext+: {
|
securityContext+: {
|
||||||
allowPrivilegeEscalation: false,
|
allowPrivilegeEscalation: false,
|
||||||
readOnlyRootFilesystem: true,
|
readOnlyRootFilesystem: true,
|
||||||
capabilities: { drop: ['ALL'] },
|
|
||||||
},
|
},
|
||||||
volumeMounts+: [{
|
volumeMounts+: [{
|
||||||
mountPath: '/tmp',
|
mountPath: '/tmp',
|
||||||
|
|||||||
@@ -118,8 +118,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
|
|||||||
image: ksm._config.kubeRbacProxyImage,
|
image: ksm._config.kubeRbacProxyImage,
|
||||||
}),
|
}),
|
||||||
|
|
||||||
// FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
|
|
||||||
// 'capabilities: { drop: ['ALL'] },' can be deleted when https://github.com/kubernetes/kube-state-metrics/pull/1674 gets merged.
|
|
||||||
deployment+: {
|
deployment+: {
|
||||||
spec+: {
|
spec+: {
|
||||||
template+: {
|
template+: {
|
||||||
@@ -136,9 +134,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
|
|||||||
readinessProbe:: null,
|
readinessProbe:: null,
|
||||||
args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
|
args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
|
||||||
resources: ksm._config.resources,
|
resources: ksm._config.resources,
|
||||||
securityContext+: {
|
|
||||||
capabilities: { drop: ['ALL'] },
|
|
||||||
},
|
|
||||||
}, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
|
}, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -125,18 +125,12 @@ function(params)
|
|||||||
image: po._config.kubeRbacProxyImage,
|
image: po._config.kubeRbacProxyImage,
|
||||||
}),
|
}),
|
||||||
|
|
||||||
// FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
|
|
||||||
// 'capabilities: { drop: ['ALL'] },' can be deleted when https://github.com/prometheus-operator/prometheus-operator/pull/4546 gets merged.
|
|
||||||
deployment+: {
|
deployment+: {
|
||||||
spec+: {
|
spec+: {
|
||||||
template+: {
|
template+: {
|
||||||
spec+: {
|
spec+: {
|
||||||
automountServiceAccountToken: true,
|
automountServiceAccountToken: true,
|
||||||
containers: std.map(function(c) c {
|
containers+: [kubeRbacProxy],
|
||||||
securityContext+: {
|
|
||||||
capabilities: { drop: ['ALL'] },
|
|
||||||
},
|
|
||||||
}, super.containers) + [kubeRbacProxy],
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|||||||
Reference in New Issue
Block a user