From e8995efcf9774d35ea004a5ffa1c3c7e1e90fd63 Mon Sep 17 00:00:00 2001
From: Philip Gough <philip.p.gough@gmail.com>
Date: Mon, 13 May 2024 10:38:33 +0100
Subject: [PATCH] ci: Add runAsGroup for node_exporter sidecars

---
 jsonnet/kube-prometheus/components/node-exporter.libsonnet | 1 +
 manifests/nodeExporter-daemonset.yaml                      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet
index d43eec53..21aa9e28 100644
--- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet
@@ -295,6 +295,7 @@ function(params) {
             serviceAccountName: ne._config.name,
             priorityClassName: 'system-cluster-critical',
             securityContext: {
+              runAsGroup: 65534,
               runAsUser: 65534,
               runAsNonRoot: true,
             },
diff --git a/manifests/nodeExporter-daemonset.yaml b/manifests/nodeExporter-daemonset.yaml
index 52a9975d..711b0037 100644
--- a/manifests/nodeExporter-daemonset.yaml
+++ b/manifests/nodeExporter-daemonset.yaml
@@ -102,6 +102,7 @@ spec:
         kubernetes.io/os: linux
       priorityClassName: system-cluster-critical
       securityContext:
+        runAsGroup: 65534
         runAsNonRoot: true
         runAsUser: 65534
       serviceAccountName: node-exporter
-- 
GitLab