Allow kube-state-metrics to run as any user

Signed-off-by: ArthurSens <arthursens2005@gmail.com>
2021-03-12 20:41:00 +00:00
parent 1237843e62
commit 98559a0f42
1 changed files with 12 additions and 1 deletions
--- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
+++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
@@ -160,9 +160,20 @@ local restrictedPodSecurityPolicy = {
        apiGroups: ['policy'],
        resources: ['podsecuritypolicies'],
        verbs: ['use'],
-        resourceNames: [restrictedPodSecurityPolicy.metadata.name],
+        resourceNames: ['kube-state-metrics-psp'],
      }],
    },
+
+    podSecurityPolicy: restrictedPodSecurityPolicy {
+      metadata+: {
+        name: 'kube-state-metrics-psp',
+      },
+      spec+: {
+        runAsUser: {
+          rule: 'RunAsAny',
+        },
+      },
+    },
  },

  nodeExporter+: {