Skip to content
Snippets Groups Projects
Unverified Commit 6bfb07aa authored by Paweł Krupa's avatar Paweł Krupa Committed by GitHub
Browse files

Merge pull request #1608 from ArthurSens/as/fixme

parents 2e5337ee e5610b2e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
+ 0
7
View file @ 6bfb07aa
...@@ -118,9 +118,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- ...@@ -118,9 +118,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
image: ksm._config.kubeRbacProxyImage, image: ksm._config.kubeRbacProxyImage,
}), }),
// FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
// 'allowPrivilegeEscalation: false' can be deleted when https://github.com/kubernetes/kube-state-metrics/pull/1668 gets merged.
// 'readOnlyRootFilesystem: true' can be deleted when https://github.com/kubernetes/kube-state-metrics/pull/1671 gets merged.
deployment+: { deployment+: {
spec+: { spec+: {
template+: { template+: {
...@@ -136,10 +133,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube- ...@@ -136,10 +133,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
readinessProbe:: null, readinessProbe:: null,
args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'], args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
resources: ksm._config.resources, resources: ksm._config.resources,
securityContext+: {
allowPrivilegeEscalation: false,
readOnlyRootFilesystem: true,
},
}, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf], }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
}, },
}, },
......
jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
+ 1
7
View file @ 6bfb07aa
...@@ -125,17 +125,11 @@ function(params) ...@@ -125,17 +125,11 @@ function(params)
image: po._config.kubeRbacProxyImage, image: po._config.kubeRbacProxyImage,
}), }),
// FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
// 'readOnlyRootFilesystem: true' can be deleted when https://github.com/prometheus-operator/prometheus-operator/pull/4531 gets merged.
deployment+: { deployment+: {
spec+: { spec+: {
template+: { template+: {
spec+: { spec+: {
containers: std.map(function(c) c { containers+: [kubeRbacProxy],
securityContext+: {
readOnlyRootFilesystem: true,
},
}, super.containers) + [kubeRbacProxy],
}, },
}, },
}, },
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment