Update securityContext for monitoring containers

To make monitoring work when hardening rules are applied.

Update securityContext for monitoring containers
1beff94f · gitlawr · Alena Prokharchyk · 1d95df5a · 1beff94f · 1beff94f
Commit 1beff94f authored Oct 22, 2019 by gitlawr Committed by Alena Prokharchyk Oct 22, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

job-install-crds.yaml ....0.5/charts/operator-init/templates/job-install-crds.yaml +4 -0

values.yaml charts/rancher-monitoring/v0.0.5/values.yaml +4 -1

No files found.
--- a/charts/rancher-monitoring/v0.0.5/charts/operator-init/templates/job-install-crds.yaml
+++ b/charts/rancher-monitoring/v0.0.5/charts/operator-init/templates/job-install-crds.yaml
@@ -16,6 +16,10 @@ spec:
      tolerations:
 {{- include "linux-node-tolerations" . | nindent 8}}
      serviceAccountName: {{ template "app.fullname" . }}
+      securityContext:
+        runAsUser: 65534
+        runAsNonRoot: true
+        fsGroup: 65534
      containers:
      - name: operator-init-crds
        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}

--- a/charts/rancher-monitoring/v0.0.5/values.yaml
+++ b/charts/rancher-monitoring/v0.0.5/values.yaml
@@ -198,7 +198,10 @@ exporter-kube-state:
  ## Already exist ServiceAccount
  ##
  serviceAccountName: ""
-  securityContext: {}
+  securityContext:
+    runAsUser: 65534
+    runAsNonRoot: true
+    fsGroup: 65534

 alertmanager:
  enabled: false