Skip to content
Snippets Groups Projects
Unverified Commit 41a973d0 authored by Frederic Branczyk's avatar Frederic Branczyk Committed by GitHub
Browse files

Merge pull request #803 from paulfantom/kube-rbac-proxy-uid 

Fix kube rbac proxy UID and GID
parents 1c11c1b0 20fa80fb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
+ 3
1
View file @ 41a973d0
...@@ -41,7 +41,9 @@ ...@@ -41,7 +41,9 @@
{ name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort }, { name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
], ],
securityContext: { securityContext: {
runAsUser: 65534, runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
}, },
}], }],
}, },
......
jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
+ 5
0
View file @ 41a973d0
...@@ -103,6 +103,11 @@ ...@@ -103,6 +103,11 @@
{ name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port }, { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port },
], ],
resources: $._config.resources['kube-rbac-proxy'], resources: $._config.resources['kube-rbac-proxy'],
securityContext: {
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
}; };
{ {
......
manifests/kube-state-metrics-deployment.yaml
+ 6
2
View file @ 41a973d0
...@@ -36,7 +36,9 @@ spec: ...@@ -36,7 +36,9 @@ spec:
- containerPort: 8443 - containerPort: 8443
name: https-main name: https-main
securityContext: securityContext:
runAsUser: 65534 runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
- args: - args:
- --logtostderr - --logtostderr
- --secure-listen-address=:9443 - --secure-listen-address=:9443
...@@ -48,7 +50,9 @@ spec: ...@@ -48,7 +50,9 @@ spec:
- containerPort: 9443 - containerPort: 9443
name: https-self name: https-self
securityContext: securityContext:
runAsUser: 65534 runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector: nodeSelector:
kubernetes.io/os: linux kubernetes.io/os: linux
serviceAccountName: kube-state-metrics serviceAccountName: kube-state-metrics
manifests/node-exporter-daemonset.yaml
+ 4
0
View file @ 41a973d0
...@@ -70,6 +70,10 @@ spec: ...@@ -70,6 +70,10 @@ spec:
requests: requests:
cpu: 10m cpu: 10m
memory: 20Mi memory: 20Mi
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
nodeSelector: nodeSelector:
......
manifests/setup/prometheus-operator-deployment.yaml
+ 3
1
View file @ 41a973d0
...@@ -50,7 +50,9 @@ spec: ...@@ -50,7 +50,9 @@ spec:
- containerPort: 8443 - containerPort: 8443
name: https name: https
securityContext: securityContext:
runAsUser: 65534 runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector: nodeSelector:
beta.kubernetes.io/os: linux beta.kubernetes.io/os: linux
securityContext: securityContext:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment