From adc5d20086975a8301dd10dfa159ef91fc41c21c Mon Sep 17 00:00:00 2001 From: Carlos de Paula Date: Wed, 15 Apr 2020 11:24:08 -0300 Subject: [PATCH] Add Grafana container user. Cleanup. --- base_operator_stack.jsonnet | 5 +++++ main.jsonnet | 7 +++---- utils.libsonnet | 1 - 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/base_operator_stack.jsonnet b/base_operator_stack.jsonnet index 086db91..dce203a 100644 --- a/base_operator_stack.jsonnet +++ b/base_operator_stack.jsonnet @@ -92,6 +92,11 @@ local vars = import 'vars.jsonnet'; spec+: { template+: { spec+: { + securityContext: { + runAsUser: 472, + fsGroup: 472, + runAsNonRoot: true, + }, volumes: std.map( function(v) diff --git a/main.jsonnet b/main.jsonnet index 6459ed1..e7459c8 100644 --- a/main.jsonnet +++ b/main.jsonnet @@ -5,8 +5,6 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + (import 'kube-prometheus/kube-prometheus-anti-affinity.libsonnet') + (import 'kube-prometheus/kube-prometheus-kops-coredns.libsonnet') + (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet') - // Use http Kubelet targets. Comment to revert to https - // + (import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet') // Additional modules are loaded dynamically from vars.jsonnet + utils.join_objects([module.file for module in vars.modules if module.enabled]) // Load K3s customized modules @@ -19,12 +17,13 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') // Generate core modules { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +// First generate operator resources except the serviceMonitors { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) -} + +} // serviceMonitor is separated so that it can be created after the CRDs are ready -{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + +{ 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } diff --git a/utils.libsonnet b/utils.libsonnet index 7552647..16c4f2b 100644 --- a/utils.libsonnet +++ b/utils.libsonnet @@ -223,7 +223,6 @@ local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; }, }; std.mergePatch(s, t) - // s + t ),