diff --git a/eks-anywhere-common/Addons/Partner/Kubecost/kubecost.yaml b/eks-anywhere-common/Addons/Partner/Kubecost/kubecost.yaml index 59f20d81..f072a207 100644 --- a/eks-anywhere-common/Addons/Partner/Kubecost/kubecost.yaml +++ b/eks-anywhere-common/Addons/Partner/Kubecost/kubecost.yaml @@ -13,7 +13,7 @@ spec: kind: HelmRepository name: kubecost-charts namespace: flux-system - version: 1.106.0 + version: 2.0.2 interval: 1m0s targetNamespace: kubecost valuesFrom: diff --git a/eks-anywhere-common/Testers/Kubecost/kubecost-testJob.yaml b/eks-anywhere-common/Testers/Kubecost/kubecost-testJob.yaml index e92c498c..a6cfbdd9 100644 --- a/eks-anywhere-common/Testers/Kubecost/kubecost-testJob.yaml +++ b/eks-anywhere-common/Testers/Kubecost/kubecost-testJob.yaml @@ -9,16 +9,30 @@ spec: spec: template: spec: + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 serviceAccountName: tester containers: - name: test-kubecost image: alpine/k8s:1.26.9 + securityContext: + privileged: false + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true command: - /bin/sh args: - -c - >- - svc=$(kubectl -n kubecost get svc -l app.kubernetes.io/name=cost-analyzer -o json | jq -r .items[0].metadata.name); + svc=$(kubectl get --raw /api/v1/namespaces/kubecost/services | jq -r '.items[] | select(.metadata.name | test("cost-analyzer$")).metadata.name'); echo Getting current Kubecost state.; response=$(curl -sL http://${svc}:9090/model/getConfigs); code=$(echo ${response} | jq .code);