mirrors/kube-prometheus
1
0
Fork 0
mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-11-01 16:41:02 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #803 from paulfantom/kube-rbac-proxy-uid

Browse Source 
Fix kube rbac proxy UID and GID
This commit is contained in:
Frederic Branczyk 2020-11-26 14:09:29 +01:00 committed by GitHub
commit 41a973d0cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
View File

@ -41,7 +41,9 @@
{ name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort }, { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
], ],
securityContext: { securityContext: {
runAsUser: 65534, runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
}, },
}], }],
}, },

5
jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
View File

@ -103,6 +103,11 @@
{ name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port }, { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port },
], ],
resources: $._config.resources['kube-rbac-proxy'], resources: $._config.resources['kube-rbac-proxy'],
securityContext: {
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
}; };
{ {

8
manifests/kube-state-metrics-deployment.yaml
View File

@ -36,7 +36,9 @@ spec:
- containerPort: 8443 - containerPort: 8443
name: https-main name: https-main
securityContext: securityContext:
runAsUser: 65534 runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
- args: - args:
- --logtostderr - --logtostderr
- --secure-listen-address=:9443 - --secure-listen-address=:9443
@ -48,7 +50,9 @@ spec:
- containerPort: 9443 - containerPort: 9443
name: https-self name: https-self
securityContext: securityContext:
runAsUser: 65534 runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector: nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
serviceAccountName: kube-state-metrics serviceAccountName: kube-state-metrics

4
manifests/node-exporter-daemonset.yaml
View File

@ -70,6 +70,10 @@ spec:
requests: requests:
cpu: 10m cpu: 10m
memory: 20Mi memory: 20Mi
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
nodeSelector: nodeSelector:

4
manifests/setup/prometheus-operator-deployment.yaml
View File

@ -50,7 +50,9 @@ spec:
- containerPort: 8443 - containerPort: 8443
name: https name: https
securityContext: securityContext:
runAsUser: 65534 runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector: nodeSelector:
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux
securityContext: securityContext: