From 53daae8f0047bc2a200eb5dfccbb0d0ff1857c82 Mon Sep 17 00:00:00 2001
From: Pat Riehecky <riehecky@fnal.gov>
Date: Fri, 14 Apr 2023 12:39:09 -0500
Subject: [PATCH] [kube-state-metrics] set parameters for podsecurity
 restricted

In theory this fixes the bug introduced in
https://github.com/prometheus-community/helm-charts/pull/3194

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
---
 charts/kube-state-metrics/Chart.yaml  | 2 +-
 charts/kube-state-metrics/values.yaml | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/charts/kube-state-metrics/Chart.yaml b/charts/kube-state-metrics/Chart.yaml
index 3076e866c1f..27d5309a8b3 100644
--- a/charts/kube-state-metrics/Chart.yaml
+++ b/charts/kube-state-metrics/Chart.yaml
@@ -7,7 +7,7 @@ keywords:
 - prometheus
 - kubernetes
 type: application
-version: 5.4.2
+version: 5.5.0
 appVersion: 2.8.2
 home: https://github.com/kubernetes/kube-state-metrics/
 sources:
diff --git a/charts/kube-state-metrics/values.yaml b/charts/kube-state-metrics/values.yaml
index 9b932698999..3a293d878b6 100644
--- a/charts/kube-state-metrics/values.yaml
+++ b/charts/kube-state-metrics/values.yaml
@@ -215,11 +215,18 @@ securityContext:
   runAsGroup: 65534
   runAsUser: 65534
   fsGroup: 65534
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
 
 ## Specify security settings for a Container
 ## Allows overrides and additional options compared to (Pod) securityContext
 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
-containerSecurityContext: {}
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
 
 ## Node labels for pod assignment
 ## Ref: https://kubernetes.io/docs/user-guide/node-selection/