easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow kube-state-metrics to run as any user

Browse Source 
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
This commit is contained in:
ArthurSens
2021-03-12 20:41:00 +00:00
parent 1237843e62
commit 98559a0f42
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
View File

@@ -160,9 +160,20 @@ local restrictedPodSecurityPolicy = {
apiGroups: ['policy'], apiGroups: ['policy'],
resources: ['podsecuritypolicies'], resources: ['podsecuritypolicies'],
verbs: ['use'], verbs: ['use'],
resourceNames: [restrictedPodSecurityPolicy.metadata.name], resourceNames: ['kube-state-metrics-psp'],
}], }],
}, },
podSecurityPolicy: restrictedPodSecurityPolicy {
metadata+: {
name: 'kube-state-metrics-psp',
},
spec+: {
runAsUser: {
rule: 'RunAsAny',
},
},
},
}, },
nodeExporter+: { nodeExporter+: {