From f4afdf4ece515b846daa2946f376fb23133332c8 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 27 Feb 2022 21:26:18 +0100
Subject: [PATCH] fix(monitoring): Fix filesystem access for X509 exporter

---
 infrastructure/monitoring/x509-exporter.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/infrastructure/monitoring/x509-exporter.yaml b/infrastructure/monitoring/x509-exporter.yaml
index 997ae9816..fab9695ca 100644
--- a/infrastructure/monitoring/x509-exporter.yaml
+++ b/infrastructure/monitoring/x509-exporter.yaml
@@ -28,6 +28,15 @@ spec:
       podAnnotations:
         prometheus.io/port: "9793"
         prometheus.io/scrape: "true"
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+          add:
+            - CAP_DAC_OVERRIDE
+        readOnlyRootFilesystem: true
+        runAsGroup: 0
+        runAsUser: 0
       daemonSets:
         cp:
           nodeSelector:
-- 
GitLab