diff --git a/manifests/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics-deployment.yaml
index b54e64148c4ea9bde9e2863b44dde5f37daf51ba..9bda5c69b54b7296c517603f619d2066a769eddd 100644
--- a/manifests/kube-state-metrics-deployment.yaml
+++ b/manifests/kube-state-metrics-deployment.yaml
@@ -36,7 +36,9 @@ spec:
- containerPort: 8443
name: https-main
securityContext:
- runAsUser: 65534
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65532
- args:
- --logtostderr
- --secure-listen-address=:9443
@@ -48,7 +50,9 @@ spec:
- containerPort: 9443
name: https-self
securityContext:
- runAsUser: 65534
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65532
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics
diff --git a/manifests/node-exporter-daemonset.yaml b/manifests/node-exporter-daemonset.yaml
index 32a4e6cfbd6cb18d3647eca62d0af4e85a1aa93a..9a6f163d8462d463ede1f4867942383a323956eb 100644
--- a/manifests/node-exporter-daemonset.yaml
+++ b/manifests/node-exporter-daemonset.yaml
@@ -70,6 +70,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
+ securityContext:
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65532
hostNetwork: true
hostPID: true
nodeSelector:
diff --git a/manifests/setup/prometheus-operator-deployment.yaml b/manifests/setup/prometheus-operator-deployment.yaml
index 119f639057ef1355a0ef99e49642e319ae2d4872..d4fc4b3fc835422dbded4643a091b5d00934d6d1 100644
--- a/manifests/setup/prometheus-operator-deployment.yaml
+++ b/manifests/setup/prometheus-operator-deployment.yaml
@@ -50,7 +50,9 @@ spec:
- containerPort: 8443
name: https
securityContext:
- runAsUser: 65534
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65532
nodeSelector:
beta.kubernetes.io/os: linux
securityContext: