From 98559a0f42dde38980f6493dca974524034da110 Mon Sep 17 00:00:00 2001
From: ArthurSens <arthursens2005@gmail.com>
Date: Fri, 12 Mar 2021 20:41:00 +0000
Subject: [PATCH] Allow kube-state-metrics to run as any user

Signed-off-by: ArthurSens <arthursens2005@gmail.com>
---
 .../addons/podsecuritypolicies.libsonnet            | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
index 32ef6176..38dc736c 100644
--- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
+++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
@@ -160,9 +160,20 @@ local restrictedPodSecurityPolicy = {
         apiGroups: ['policy'],
         resources: ['podsecuritypolicies'],
         verbs: ['use'],
-        resourceNames: [restrictedPodSecurityPolicy.metadata.name],
+        resourceNames: ['kube-state-metrics-psp'],
       }],
     },
+
+    podSecurityPolicy: restrictedPodSecurityPolicy {
+      metadata+: {
+        name: 'kube-state-metrics-psp',
+      },
+      spec+: {
+        runAsUser: {
+          rule: 'RunAsAny',
+        },
+      },
+    },
   },
 
   nodeExporter+: {
-- 
GitLab