From 2b5e9ea90a32206f4dc55ea5ebed9c5dea5d5fd7 Mon Sep 17 00:00:00 2001
From: Pat Riehecky <3534830+jcpunk@users.noreply.github.com>
Date: Tue, 11 Apr 2023 15:02:27 -0500
Subject: [PATCH] [kube-state-metrics] set parameters for podsecurity
 restricted (#3194)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
Co-authored-by: Manuel Rüger <manuel@rueg.eu>
---
 charts/kube-state-metrics/Chart.yaml  | 2 +-
 charts/kube-state-metrics/values.yaml | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/charts/kube-state-metrics/Chart.yaml b/charts/kube-state-metrics/Chart.yaml
index 2892961ace4..d28219fa178 100644
--- a/charts/kube-state-metrics/Chart.yaml
+++ b/charts/kube-state-metrics/Chart.yaml
@@ -7,7 +7,7 @@ keywords:
 - prometheus
 - kubernetes
 type: application
-version: 5.3.0
+version: 5.4.0
 appVersion: 2.8.2
 home: https://github.com/kubernetes/kube-state-metrics/
 sources:
diff --git a/charts/kube-state-metrics/values.yaml b/charts/kube-state-metrics/values.yaml
index 9b932698999..e168fd5fa02 100644
--- a/charts/kube-state-metrics/values.yaml
+++ b/charts/kube-state-metrics/values.yaml
@@ -214,7 +214,14 @@ securityContext:
   enabled: true
   runAsGroup: 65534
   runAsUser: 65534
+  runAsNonRoot: true
   fsGroup: 65534
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  seccompProfile:
+    type: RuntimeDefault
 
 ## Specify security settings for a Container
 ## Allows overrides and additional options compared to (Pod) securityContext