[kube-state-metrics] set parameters for podsecurity restricted

In theory this fixes the bug introduced in prometheus-community#3194 Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
jcpunk · Apr 14, 2023 · 53daae8 · 53daae8
1 parent 8b445e4
commit 53daae8
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/charts/kube-state-metrics/Chart.yaml b/charts/kube-state-metrics/Chart.yaml
@@ -7,7 +7,7 @@ keywords:
 - prometheus
 - kubernetes
 type: application
-version: 5.4.2
+version: 5.5.0
 appVersion: 2.8.2
 home: https://github.com/kubernetes/kube-state-metrics/
 sources:

diff --git a/charts/kube-state-metrics/values.yaml b/charts/kube-state-metrics/values.yaml
@@ -215,11 +215,18 @@ securityContext:
   runAsGroup: 65534
   runAsUser: 65534
   fsGroup: 65534
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
 
 ## Specify security settings for a Container
 ## Allows overrides and additional options compared to (Pod) securityContext
 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
-containerSecurityContext: {}
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
 
 ## Node labels for pod assignment
 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/