mirrors/kube-prometheus
1
0
Fork 0
mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-11-01 16:41:02 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #803 from paulfantom/kube-rbac-proxy-uid

Browse Source 
Fix kube rbac proxy UID and GID
This commit is contained in:
Frederic Branczyk 2020-11-26 14:09:29 +01:00 committed by GitHub
commit 41a973d0cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
View File

@ -41,7 +41,9 @@
{ name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
],
securityContext: {
runAsUser: 65534,
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
}],
},

5
jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
View File

@ -103,6 +103,11 @@
{ name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port },
],
resources: $._config.resources['kube-rbac-proxy'],
securityContext: {
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
};
{

8
manifests/kube-state-metrics-deployment.yaml
View File

@ -36,7 +36,9 @@ spec:
- containerPort: 8443
name: https-main
securityContext:
runAsUser: 65534
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
- args:
- --logtostderr
- --secure-listen-address=:9443
@ -48,7 +50,9 @@ spec:
- containerPort: 9443
name: https-self
securityContext:
runAsUser: 65534
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics

4
manifests/node-exporter-daemonset.yaml
View File

@ -70,6 +70,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
hostNetwork: true
hostPID: true
nodeSelector:

4
manifests/setup/prometheus-operator-deployment.yaml
View File

@ -50,7 +50,9 @@ spec:
- containerPort: 8443
name: https
securityContext:
runAsUser: 65534
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector:
beta.kubernetes.io/os: linux
securityContext: