From 52990f7951faef918a84a95799221d8e43edf853 Mon Sep 17 00:00:00 2001
From: Frederic Branczyk <fbranczyk@gmail.com>
Date: Fri, 19 Jan 2018 15:18:53 +0100
Subject: [PATCH] kube-prometheus: Use non-root and Prometheus v2.1.0

---
 .../kube-state-metrics-deployment.yaml                   | 9 ++++++---
 manifests/prometheus/prometheus-k8s.yaml                 | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/manifests/kube-state-metrics/kube-state-metrics-deployment.yaml b/manifests/kube-state-metrics/kube-state-metrics-deployment.yaml
index 6a79f02b..61f918eb 100644
--- a/manifests/kube-state-metrics/kube-state-metrics-deployment.yaml
+++ b/manifests/kube-state-metrics/kube-state-metrics-deployment.yaml
@@ -10,6 +10,9 @@ spec:
         app: kube-state-metrics
     spec:
       serviceAccountName: kube-state-metrics
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
       containers:
       - name: kube-rbac-proxy-main
         image: quay.io/brancz/kube-rbac-proxy:v0.2.0
@@ -70,8 +73,8 @@ spec:
           - /pod_nanny
           - --container=kube-state-metrics
           - --cpu=100m
-          - --extra-cpu=1m
-          - --memory=100Mi
-          - --extra-memory=2Mi
+          - --extra-cpu=2m
+          - --memory=150Mi
+          - --extra-memory=30Mi
           - --threshold=5
           - --deployment=kube-state-metrics
diff --git a/manifests/prometheus/prometheus-k8s.yaml b/manifests/prometheus/prometheus-k8s.yaml
index 08a71023..401784fa 100644
--- a/manifests/prometheus/prometheus-k8s.yaml
+++ b/manifests/prometheus/prometheus-k8s.yaml
@@ -6,7 +6,7 @@ metadata:
     prometheus: k8s
 spec:
   replicas: 2
-  version: v2.0.0
+  version: v2.1.0
   serviceAccountName: prometheus-k8s
   serviceMonitorSelector:
     matchExpressions:
-- 
GitLab