Skip to content

Commit

Permalink
alertmanager patch security
Browse files Browse the repository at this point in the history
  • Loading branch information
eumel8 committed Sep 18, 2023
1 parent 2a47eae commit 33dff55
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 0 deletions.
41 changes: 41 additions & 0 deletions templates/alertmanager-patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: monitoring.coreos.com/v1
kind: Alertmanager
metadata:
name: project-monitoring-alertmanager
spec:
containers:
- name: alertmanager
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
- name: config-reloader
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
initContainers:
- name: init-config-reloader
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
securityContext:
fsGroup: 1000
supplementalGroups:
- 1000
21 changes: 21 additions & 0 deletions templates/prometheus-patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,27 @@ spec:
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
- name: prometheus
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
initContainers:
- name: init-config-reloader
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsUser: 1000
runAsGroup: 1000
securityContext:
fsGroup: 1000
supplementalGroups:
Expand Down

0 comments on commit 33dff55

Please sign in to comment.