[kube-prometheus-stack] Expose the container-specific security contex…

…t for Prometheus Operator (prometheus-community#1811) * Expose the container-specific security context settings for Prometheus operator Signed-off-by: rd5 <[email protected]> * Bump kube-prometheus-stack chart version to 32.2.2 Signed-off-by: rd5 <[email protected]> * New feature so raise minor version to 32.3.0 Signed-off-by: rd5 <[email protected]> Co-authored-by: rd5 <[email protected]>
Unstructured-IO · Feb 28, 2022 · 15ce2d7 · 15ce2d7
1 parent 87f66ed
commit 15ce2d7
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/Chart.yaml b/Chart.yaml
@@ -23,7 +23,7 @@ name: kube-prometheus-stack
 sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
-version: 33.0.0
+version: 33.1.0
 appVersion: 0.54.1
 kubeVersion: ">=1.16.0-0"
 home: https://github.com/prometheus-operator/kube-prometheus

diff --git a/templates/prometheus-operator/deployment.yaml b/templates/prometheus-operator/deployment.yaml
@@ -112,8 +112,7 @@ spec:
           resources:
 {{ toYaml .Values.prometheusOperator.resources | indent 12 }}
           securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
+{{ toYaml .Values.prometheusOperator.containerSecurityContext | indent 12 }}
 {{- if .Values.prometheusOperator.tls.enabled }}
           volumeMounts:
             - name: tls-secret

diff --git a/values.yaml b/values.yaml
@@ -1681,6 +1681,13 @@ prometheusOperator:
     runAsNonRoot: true
     runAsUser: 65534
 
+  ## Container-specific security context configuration
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+  ##
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    readOnlyRootFilesystem: true
+
   ## Prometheus-operator image
   ##
   image: