From 8b1d48358de1e9afff25a3ebd5bce72e27d2479e Mon Sep 17 00:00:00 2001
From: Pat Riehecky <riehecky@fnal.gov>
Date: Wed, 5 Apr 2023 15:59:29 -0500
Subject: [PATCH] [kube-state-metrics] set parameters for podsecurity
 restricted

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
---
 charts/kube-state-metrics/values.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/charts/kube-state-metrics/values.yaml b/charts/kube-state-metrics/values.yaml
index 9b9326989998..e168fd5fa023 100644
--- a/charts/kube-state-metrics/values.yaml
+++ b/charts/kube-state-metrics/values.yaml
@@ -214,7 +214,14 @@ securityContext:
   enabled: true
   runAsGroup: 65534
   runAsUser: 65534
+  runAsNonRoot: true
   fsGroup: 65534
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  seccompProfile:
+    type: RuntimeDefault
 
 ## Specify security settings for a Container
 ## Allows overrides and additional options compared to (Pod) securityContext