From e8f461ba38cd54c9408c8aa6858709c5d84b104c Mon Sep 17 00:00:00 2001
From: Philip Gough <philip.p.gough@gmail.com>
Date: Tue, 14 May 2024 10:04:07 +0100
Subject: [PATCH] ci: Add runAsGroup for prom operator Deployment

---
 .../kube-prometheus/components/prometheus-operator.libsonnet   | 3 +++
 manifests/prometheusOperator-deployment.yaml                   | 1 +
 2 files changed, 4 insertions(+)

diff --git a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
index 5c0c96c6..104d76a8 100644
--- a/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
+++ b/jsonnet/kube-prometheus/components/prometheus-operator.libsonnet
@@ -163,6 +163,9 @@ function(params)
         template+: {
           spec+: {
             automountServiceAccountToken: true,
+            securityContext+: {
+              runAsGroup: 65534,
+            },
             containers+: [kubeRbacProxy],
           },
         },
diff --git a/manifests/prometheusOperator-deployment.yaml b/manifests/prometheusOperator-deployment.yaml
index 9b164f6a..8e240b52 100644
--- a/manifests/prometheusOperator-deployment.yaml
+++ b/manifests/prometheusOperator-deployment.yaml
@@ -81,6 +81,7 @@ spec:
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
+        runAsGroup: 65534
         runAsNonRoot: true
         runAsUser: 65534
         seccompProfile:
-- 
GitLab