easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

contrib/kube-prometheus: Set securityContext in the manifests

Browse Source
This commit is contained in:
Matthias Loibl
2018-12-07 17:32:34 +01:00
parent 5d20f0943e
commit dee254fa01
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
jsonnet/kube-prometheus/alertmanager/alertmanager.libsonnet
View File

@@ -113,6 +113,11 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
baseImage: $._config.imageRepos.alertmanager, baseImage: $._config.imageRepos.alertmanager,
nodeSelector: { 'beta.kubernetes.io/os': 'linux' }, nodeSelector: { 'beta.kubernetes.io/os': 'linux' },
serviceAccountName: 'alertmanager-' + $._config.alertmanager.name, serviceAccountName: 'alertmanager-' + $._config.alertmanager.name,
securityContext: {
runAsUser: 1000,
runAsNonRoot: true,
fsGroup: 2000,
},
}, },
}, },
}, },

7
jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
View File

@@ -40,7 +40,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
service.new('prometheus-' + $._config.prometheus.name, { app: 'prometheus', prometheus: $._config.prometheus.name }, prometheusPort) + service.new('prometheus-' + $._config.prometheus.name, { app: 'prometheus', prometheus: $._config.prometheus.name }, prometheusPort) +
service.mixin.metadata.withNamespace($._config.namespace) + service.mixin.metadata.withNamespace($._config.namespace) +
service.mixin.metadata.withLabels({ prometheus: $._config.prometheus.name }), service.mixin.metadata.withLabels({ prometheus: $._config.prometheus.name }),
[if $._config.prometheus.rules != null && $._config.prometheus.rules != {} then "rules"]: [if $._config.prometheus.rules != null && $._config.prometheus.rules != {} then 'rules']:
{ {
apiVersion: 'monitoring.coreos.com/v1', apiVersion: 'monitoring.coreos.com/v1',
kind: 'PrometheusRule', kind: 'PrometheusRule',
@@ -185,6 +185,11 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
}, },
], ],
}, },
securityContext: {
runAsUser: 1000,
runAsNonRoot: true,
fsGroup: 2000,
},
}, },
}, },
serviceMonitor: serviceMonitor: