Signed-off-by: Dani Wold Kristiansen <dani.wold.kristiansen@intility.no>
@@ -159,6 +159,14 @@ spec:
- name: CLUSTER_ID
value: "cluster-one" # Default cluster ID to use if cluster_id is not set in Prometheus metrics.
imagePullPolicy: Always
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ privileged: false
+ readOnlyRootFilesystem: true
+ runAsUser: 1001
- image: quay.io/kubecost1/opencost-ui:latest
name: opencost-ui
resources:
Dani Wold Kristiansen