From c210e732059ad168df0709050b3d0d20d3291afa Mon Sep 17 00:00:00 2001
From: Oleg Mayko <oleg.mayko@swisscom.com>
Date: Wed, 22 Jan 2020 12:14:17 +0100
Subject: [PATCH 1/2] Add security context to deployment and statefulset

---
 jsonnet/kube-state-metrics/kube-state-metrics.libsonnet | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet
index 0f545fc7dc..d26015e114 100644
--- a/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet
@@ -164,7 +164,8 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
       container.mixin.readinessProbe.httpGet.withPath('/') +
       container.mixin.readinessProbe.httpGet.withPort(8081) +
       container.mixin.readinessProbe.withInitialDelaySeconds(5) +
-      container.mixin.readinessProbe.withTimeoutSeconds(5);
+      container.mixin.readinessProbe.withTimeoutSeconds(5) +
+      container.mixin.securityContext.withRunAsUser(65534);
 
     deployment.new(ksm.name, 1, c, ksm.commonLabels) +
     deployment.mixin.metadata.withNamespace(ksm.namespace) +
@@ -236,6 +237,7 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
                   '--pod=$(POD_NAME)',
                   '--pod-namespace=$(POD_NAMESPACE)',
                 ]) +
+                container.mixin.securityContext.withRunAsUser(65534) + 
                 container.withEnv([
                   containerEnv.new('POD_NAME') +
                   containerEnv.mixin.valueFrom.fieldRef.withFieldPath('metadata.name'),

From 7977a4af0460e61e03e2d2debe3100a321e57715 Mon Sep 17 00:00:00 2001
From: Oleg Mayko <oleg.mayko@swisscom.com>
Date: Wed, 22 Jan 2020 15:06:16 +0100
Subject: [PATCH 2/2] Regenerate examples

---
 examples/autosharding/statefulset.yaml | 2 ++
 examples/standard/deployment.yaml      | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/examples/autosharding/statefulset.yaml b/examples/autosharding/statefulset.yaml
index a58e79467c..0a8f7be272 100644
--- a/examples/autosharding/statefulset.yaml
+++ b/examples/autosharding/statefulset.yaml
@@ -52,6 +52,8 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           timeoutSeconds: 5
+        securityContext:
+          runAsUser: 65534
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: kube-state-metrics
diff --git a/examples/standard/deployment.yaml b/examples/standard/deployment.yaml
index e7b83c60d3..c392035582 100644
--- a/examples/standard/deployment.yaml
+++ b/examples/standard/deployment.yaml
@@ -37,6 +37,8 @@ spec:
             port: 8081
           initialDelaySeconds: 5
           timeoutSeconds: 5
+        securityContext:
+          runAsUser: 65534
       nodeSelector:
         kubernetes.io/os: linux
       serviceAccountName: kube-state-metrics