mirrors/kube-prometheus
1
0
Fork 0
mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-08-27 01:11:53 +02:00
Code Issues Projects Releases Wiki Activity

adding security context to kube-rbac-proxy (#450)

Browse Source 
* adding security context to kube-rbac-proxy

* make clean generate-in-docker

* Revert "make clean generate-in-docker"

This reverts commit ed136f1e37fde3289b9560493a585c6edefaba94.

* make clean generate-in-docker

Co-authored-by: Latch M <latch_mihaylov@homedepot.com>
This commit is contained in:
Latch Mihay 2020-03-18 02:52:26 -04:00 committed by GitHub
parent 502f81b235
commit c4561b3206
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
View File

@ -35,6 +35,7 @@ local containerPort = container.portsType;
spec+: { spec+: {
containers+: [ containers+: [
container.new(krp.config.kubeRbacProxy.name, krp.config.kubeRbacProxy.image) + container.new(krp.config.kubeRbacProxy.name, krp.config.kubeRbacProxy.image) +
container.mixin.securityContext.withRunAsUser(65534) +
container.withArgs([ container.withArgs([
'--logtostderr', '--logtostderr',
'--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress, '--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,

4
manifests/kube-state-metrics-deployment.yaml
View File

@ -37,6 +37,8 @@ spec:
ports: ports:
- containerPort: 8443 - containerPort: 8443
name: https-main name: https-main
securityContext:
runAsUser: 65534
- args: - args:
- --logtostderr - --logtostderr
- --secure-listen-address=:9443 - --secure-listen-address=:9443
@ -47,6 +49,8 @@ spec:
ports: ports:
- containerPort: 9443 - containerPort: 9443
name: https-self name: https-self
securityContext:
runAsUser: 65534
nodeSelector: nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
serviceAccountName: kube-state-metrics serviceAccountName: kube-state-metrics