Merge pull request #1608 from ArthurSens/as/fixme

jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet

@@ -118,9 +118,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
     image: ksm._config.kubeRbacProxyImage,
   }),
 
-  // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
-  // 'allowPrivilegeEscalation: false' can be deleted when https://github.com/kubernetes/kube-state-metrics/pull/1668 gets merged.
-  // 'readOnlyRootFilesystem: true' can be deleted when https://github.com/kubernetes/kube-state-metrics/pull/1671 gets merged.
   deployment+: {
     spec+: {
       template+: {
@@ -136,10 +133,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
             readinessProbe:: null,
             args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
             resources: ksm._config.resources,
-            securityContext+: {
-              allowPrivilegeEscalation: false,
-              readOnlyRootFilesystem: true,
-            },
           }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
         },
       },

jsonnet/kube-prometheus/components/prometheus-operator.libsonnet

@@ -125,17 +125,11 @@ function(params)
       image: po._config.kubeRbacProxyImage,
     }),
 
-    // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
-    // 'readOnlyRootFilesystem: true' can be deleted when https://github.com/prometheus-operator/prometheus-operator/pull/4531 gets merged.
     deployment+: {
       spec+: {
         template+: {
           spec+: {
-            containers: std.map(function(c) c {
-              securityContext+: {
-                readOnlyRootFilesystem: true,
-              },
-            }, super.containers) + [kubeRbacProxy],
+            containers+: [kubeRbacProxy],
           },
         },
       },