Skip to content

Commit e1ef6ec

Browse files
marinakogrjeberhard
marinakog
authored and
rjeberhard
committed
changed security context for prometheus and Grafana servers to avoid creation of pv files with root ownership
1 parent 49bf524 commit e1ef6ec

File tree

6 files changed

+17
-10
lines changed

6 files changed

+17
-10
lines changed

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMonitoringExporterMetricsFiltering.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ class ItMonitoringExporterMetricsFiltering {
112112
private static Map<String, Integer> clusterNameMsPortMap;
113113
private static LoggingFacade logger = null;
114114
private static List<String> clusterNames = new ArrayList<>();
115-
private static String releaseSuffix = "test2";
115+
private static String releaseSuffix = "testfilter";
116116
private static String prometheusReleaseName = "prometheus" + releaseSuffix;
117117
private static String grafanaReleaseName = "grafana" + releaseSuffix;
118118
private static String monitoringExporterDir;

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMonitoringExporterSamples.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,7 @@ class ItMonitoringExporterSamples {
154154
private static Map<String, Integer> clusterNameMsPortMap;
155155
private static LoggingFacade logger = null;
156156
private static List<String> clusterNames = new ArrayList<>();
157-
private static String releaseSuffix = "test3";
157+
private static String releaseSuffix = "testsamples";
158158
private static String prometheusReleaseName = "prometheus" + releaseSuffix;
159159
private static String grafanaReleaseName = "grafana" + releaseSuffix;
160160
private static String monitoringExporterDir;

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMonitoringExporterWebApp.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@ class ItMonitoringExporterWebApp {
130130
private static Map<String, Integer> clusterNameMsPortMap;
131131
private static LoggingFacade logger = null;
132132
private static List<String> clusterNames = new ArrayList<>();
133-
private static String releaseSuffix = "test2";
133+
private static String releaseSuffix = "testwebapp";
134134
private static String prometheusReleaseName = "prometheus" + releaseSuffix;
135135
private static String grafanaReleaseName = "grafana" + releaseSuffix;
136136
private static String monitoringExporterDir;

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/MonitoringUtils.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -668,6 +668,9 @@ public static void cleanupPromGrafanaClusterRoles(String prometheusReleaseName,
668668
if (ClusterRole.clusterRoleExists(prometheusReleaseName + "-kube-state-metrics")) {
669669
Kubernetes.deleteClusterRole(prometheusReleaseName + "-kube-state-metrics");
670670
}
671+
if (ClusterRole.clusterRoleExists(prometheusReleaseName + "-pushgateway")) {
672+
Kubernetes.deleteClusterRole(prometheusReleaseName + "-pushgateway");
673+
}
671674
if (ClusterRole.clusterRoleExists(prometheusReleaseName + "-server")) {
672675
Kubernetes.deleteClusterRole(prometheusReleaseName + "-server");
673676
}
@@ -686,6 +689,9 @@ public static void cleanupPromGrafanaClusterRoles(String prometheusReleaseName,
686689
if (ClusterRoleBinding.clusterRoleBindingExists(prometheusReleaseName + "-kube-state-metrics")) {
687690
Kubernetes.deleteClusterRoleBinding(prometheusReleaseName + "-kube-state-metrics");
688691
}
692+
if (ClusterRoleBinding.clusterRoleBindingExists(prometheusReleaseName + "-pushgateway")) {
693+
Kubernetes.deleteClusterRoleBinding(prometheusReleaseName + "-pushgateway");
694+
}
689695
if (ClusterRoleBinding.clusterRoleBindingExists(prometheusReleaseName + "-server")) {
690696
Kubernetes.deleteClusterRoleBinding(prometheusReleaseName + "-server");
691697
}

integration-tests/src/test/resources/exporter/grafanavalues.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,6 @@ initChownData:
3131
pullPolicy: IfNotPresent
3232

3333
securityContext:
34-
fsGroup: 0
35-
runAsGroup: 0
36-
runAsUser: 0
34+
fsGroup: 1000
35+
runAsGroup: 1000
36+
runAsUser: 1000

integration-tests/src/test/resources/exporter/promvalues.yaml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,9 @@ alertmanager:
2626
tag: prometheus_alertmanager_tag
2727
pullPolicy: IfNotPresent
2828
securityContext:
29-
runAsUser: 65534
29+
runAsUser: 1000
3030
runAsNonRoot: true
31-
runAsGroup: 65534
31+
runAsGroup: 1000
3232

3333
#nodeExporter:
3434
prometheus-node-exporter:
@@ -66,8 +66,9 @@ server:
6666
type: NodePort
6767
nodePort: 30500
6868
securityContext:
69-
runAsUser: 0
70-
runAsNonRoot: false
69+
runAsGroup: 65534
70+
runAsNonRoot: true
71+
runAsUser: 1000
7172

7273
global:
7374
evaluation_interval: 1m

0 commit comments

Comments
 (0)