Mariadb: Add security context for mysql exporter pod/container
This adds a security context to the mysql prometheus exporter pod, which changes the user from root to the nobody user (uid 99 here) instead This also adds the container security context to explicitly set allowPrivilegeEscalation to false Change-Id: I5ddebb059e3c31c231fdc4c24190a65f23e37785
This commit is contained in:
parent
3819986398
commit
530e765815
@ -38,6 +38,7 @@ spec:
|
||||
{{ tuple $envAll "prometheus_mysql_exporter" "exporter" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
namespace: {{ .Values.endpoints.prometheus_mysql_exporter.namespace }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "mysql_exporter" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
shareProcessNamespace: true
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
@ -49,6 +50,8 @@ spec:
|
||||
- name: mysql-exporter
|
||||
{{ tuple $envAll "prometheus_mysql_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.prometheus_mysql_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
command:
|
||||
- /tmp/mysqld-exporter.sh
|
||||
- start
|
||||
|
@ -51,6 +51,9 @@ labels:
|
||||
node_selector_value: enabled
|
||||
|
||||
pod:
|
||||
user:
|
||||
mysql_exporter:
|
||||
uid: 99
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
|
Loading…
Reference in New Issue
Block a user