easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Drop Linux capabilities

Browse Source 
Signed-off-by: GitHub <noreply@github.com>
This commit is contained in:
Arthur Silva Sens
2022-02-01 09:25:21 +00:00
committed by GitHub
parent 6bfb07aac2
commit 931af3241d
14 changed files with 58 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
manifests/nodeExporter-daemonset.yaml
View File

@@ -45,6 +45,11 @@ spec:
memory: 180Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- CAP_SYS_TIME
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /host/sys
@@ -80,6 +85,9 @@ spec:
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true