From e5610b2e8d4e0c49ebd03ac10664b1287fccba0c Mon Sep 17 00:00:00 2001
From: ArthurSens <arthursens2005@gmail.com>
Date: Mon, 31 Jan 2022 17:25:00 +0000
Subject: [PATCH] Address FIXME

Signed-off-by: ArthurSens <arthursens2005@gmail.com>
---
 .../components/kube-state-metrics.libsonnet               | 7 -------
 .../components/prometheus-operator.libsonnet              | 8 +-------
 2 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
index 63c9bbf6..186069f5 100644
--- a/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
@@ -118,9 +118,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
     image: ksm._config.kubeRbacProxyImage,
   }),
 
-  // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
-  // 'allowPrivilegeEscalation: false' can be deleted when https://github.com/kubernetes/kube-state-metrics/pull/1668 gets merged.
-  // 'readOnlyRootFilesystem: true' can be deleted when https://github.com/kubernetes/kube-state-metrics/pull/1671 gets merged.
   deployment+: {
     spec+: {
       template+: {
@@ -136,10 +133,6 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
             readinessProbe:: null,
             args: ['--host=127.0.0.1', '--port=8081', '--telemetry-host=127.0.0.1', '--telemetry-port=8082'],
             resources: ksm._config.resources,
-            securityContext+: {
-              allowPrivilegeEscalation: false,
-              readOnlyRootFilesystem: true,
-            },
           }, super.containers) + [kubeRbacProxyMain, kubeRbacProxySelf],
         },
       },
diff --git a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
index 3ffdac24..b2e97acc 100644
--- a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
+++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
@@ -125,17 +125,11 @@ function(params)
       image: po._config.kubeRbacProxyImage,
     }),
 
-    // FIXME(ArthurSens): The securityContext overrides can be removed after some PRs get merged
-    // 'readOnlyRootFilesystem: true' can be deleted when https://github.com/prometheus-operator/prometheus-operator/pull/4531 gets merged.
     deployment+: {
       spec+: {
         template+: {
           spec+: {
-            containers: std.map(function(c) c {
-              securityContext+: {
-                readOnlyRootFilesystem: true,
-              },
-            }, super.containers) + [kubeRbacProxy],
+            containers+: [kubeRbacProxy],
           },
         },
       },
-- 
GitLab