kubernetes
/
kube-state-metrics
mirror of https://github.com/kubernetes/kube-state-metrics.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add parameters for PodSecurity restricted 

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
This commit is contained in:
Pat Riehecky 2023-04-05 15:53:05 -05:00
parent 4efc9d1f86
commit b23f04078c
5 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
examples/autosharding/statefulset.yaml
View File

@ -59,7 +59,10 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics

3
examples/daemonsetsharding/daemonset.yaml
View File

@ -54,7 +54,10 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics

3
examples/daemonsetsharding/deployment.yaml
View File

@ -48,7 +48,10 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics

3
examples/standard/deployment.yaml
View File

@ -46,7 +46,10 @@ spec:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: kube-state-metrics

2
jsonnet/kube-state-metrics/kube-state-metrics.libsonnet
View File

@ -185,9 +185,11 @@
],
securityContext: {
runAsUser: 65534,
runAsNonRoot: true,
allowPrivilegeEscalation: false,
readOnlyRootFilesystem: true,
capabilities: { drop: ['ALL'] },
seccompProfile: { type: 'RuntimeDefault' },
},
livenessProbe: { timeoutSeconds: 5, initialDelaySeconds: 5, httpGet: {
port: 8080,