Skip to content
Snippets Groups Projects
Unverified Commit 41a973d0 authored by Frederic Branczyk's avatar Frederic Branczyk Committed by GitHub
Browse files

Merge pull request #803 from paulfantom/kube-rbac-proxy-uid

Fix kube rbac proxy UID and GID
parents 1c11c1b0 20fa80fb
No related merge requests found
......@@ -41,7 +41,9 @@
{ name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
],
securityContext: {
runAsUser: 65534,
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
}],
},
......
......@@ -103,6 +103,11 @@
{ name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port },
],
resources: $._config.resources['kube-rbac-proxy'],
securityContext: {
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
};
{
......
......@@ -36,7 +36,9 @@ spec:
- containerPort: 8443
name: https-main
securityContext:
runAsUser: 65534
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
- args:
- --logtostderr
- --secure-listen-address=:9443
......@@ -48,7 +50,9 @@ spec:
- containerPort: 9443
name: https-self
securityContext:
runAsUser: 65534
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics
......@@ -70,6 +70,10 @@ spec:
requests:
cpu: 10m
memory: 20Mi
securityContext:
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
hostNetwork: true
hostPID: true
nodeSelector:
......
......@@ -50,7 +50,9 @@ spec:
- containerPort: 8443
name: https
securityContext:
runAsUser: 65534
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
nodeSelector:
beta.kubernetes.io/os: linux
securityContext:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment