adding security context to kube-rbac-proxy (#450)

* adding security context to kube-rbac-proxy * make clean generate-in-docker * Revert "make clean generate-in-docker" This reverts commit ed136f1e37. * make clean generate-in-docker Co-authored-by: Latch M <latch_mihaylov@homedepot.com>
2020-03-18 02:52:26 -04:00
parent 502f81b235
commit c4561b3206
2 changed files with 5 additions and 0 deletions
--- a/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
+++ b/jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
@@ -35,6 +35,7 @@ local containerPort = container.portsType;
        spec+: {
          containers+: [
            container.new(krp.config.kubeRbacProxy.name, krp.config.kubeRbacProxy.image) +
+            container.mixin.securityContext.withRunAsUser(65534) +	    
            container.withArgs([
              '--logtostderr',
              '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,
--- a/manifests/kube-state-metrics-deployment.yaml
+++ b/manifests/kube-state-metrics-deployment.yaml
@@ -37,6 +37,8 @@ spec:
        ports:
        - containerPort: 8443
          name: https-main
+        securityContext:
+          runAsUser: 65534
      - args:
        - --logtostderr
        - --secure-listen-address=:9443
@@ -47,6 +49,8 @@ spec:
        ports:
        - containerPort: 9443
          name: https-self
+        securityContext:
+          runAsUser: 65534
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccountName: kube-state-metrics