From e1b61f8c1ca51f483b843fb7ec2d4334609d4770 Mon Sep 17 00:00:00 2001
From: Pat Riehecky <riehecky@fnal.gov>
Date: Wed, 5 Apr 2023 15:59:29 -0500
Subject: [PATCH] [kube-state-metrics] set parameters for podsecurity
 restricted

Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
---
 charts/kube-state-metrics/Chart.yaml  | 2 +-
 charts/kube-state-metrics/values.yaml | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/charts/kube-state-metrics/Chart.yaml b/charts/kube-state-metrics/Chart.yaml
index 2892961ace4..d28219fa178 100644
--- a/charts/kube-state-metrics/Chart.yaml
+++ b/charts/kube-state-metrics/Chart.yaml
@@ -7,7 +7,7 @@ keywords:
 - prometheus
 - kubernetes
 type: application
-version: 5.3.0
+version: 5.4.0
 appVersion: 2.8.2
 home: https://github.com/kubernetes/kube-state-metrics/
 sources:
diff --git a/charts/kube-state-metrics/values.yaml b/charts/kube-state-metrics/values.yaml
index 9b932698999..e168fd5fa02 100644
--- a/charts/kube-state-metrics/values.yaml
+++ b/charts/kube-state-metrics/values.yaml
@@ -214,7 +214,14 @@ securityContext:
   enabled: true
   runAsGroup: 65534
   runAsUser: 65534
+  runAsNonRoot: true
   fsGroup: 65534
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  seccompProfile:
+    type: RuntimeDefault
 
 ## Specify security settings for a Container
 ## Allows overrides and additional options compared to (Pod) securityContext