From 0d37160cdc1fe7ccdd3eeb0db810bd2d48577751 Mon Sep 17 00:00:00 2001
From: Aldo Lacuku <aldo@lacuku.eu>
Date: Wed, 17 Jul 2024 11:29:24 +0200
Subject: [PATCH] update(config/prow): bump cluster-autoscaler to version
 1.30.1

Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
---
 config/prow/cluster-autoscaler.yaml | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/config/prow/cluster-autoscaler.yaml b/config/prow/cluster-autoscaler.yaml
index 4c78e44baa6..6f16f780183 100644
--- a/config/prow/cluster-autoscaler.yaml
+++ b/config/prow/cluster-autoscaler.yaml
@@ -5,6 +5,8 @@ metadata:
   labels:
     k8s-addon: cluster-autoscaler.addons.k8s.io
     k8s-app: cluster-autoscaler
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::292999226676:role/falco-prow-test-infra-cluster-autoscaler
   name: cluster-autoscaler
   namespace: kube-system
 ---
@@ -34,6 +36,7 @@ rules:
     verbs: ["watch", "list", "get", "update"]
   - apiGroups: [""]
     resources:
+      - "namespaces"
       - "pods"
       - "services"
       - "replicationcontrollers"
@@ -50,7 +53,7 @@ rules:
     resources: ["statefulsets", "replicasets", "daemonsets"]
     verbs: ["watch", "list", "get"]
   - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses", "csinodes"]
+    resources: ["storageclasses", "csinodes", "csidrivers", "csistoragecapacities"]
     verbs: ["watch", "list", "get"]
   - apiGroups: ["batch", "extensions"]
     resources: ["jobs"]
@@ -74,7 +77,7 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["configmaps"]
-    verbs: ["create","list","watch"]
+    verbs: ["create", "list", "watch"]
   - apiGroups: [""]
     resources: ["configmaps"]
     resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"]
@@ -135,9 +138,16 @@ spec:
         prometheus.io/scrape: 'true'
         prometheus.io/port: '8085'
     spec:
+      priorityClassName: system-cluster-critical
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 65534
+        fsGroup: 65534
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: cluster-autoscaler
       containers:
-        - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.21.0
+        - image: registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.1
           name: cluster-autoscaler
           resources:
             limits:
@@ -157,10 +167,14 @@ spec:
             - name: ssl-certs
               mountPath: /etc/ssl/certs/ca-certificates.crt #/etc/ssl/certs/ca-bundle.crt for Amazon Linux Worker Nodes
               readOnly: true
-          imagePullPolicy: "Always"
+          imagePullPolicy: "IfNotPresent"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
       volumes:
         - name: ssl-certs
           hostPath:
             path: "/etc/ssl/certs/ca-bundle.crt"
-      nodeSelector:
-        Archtype: "x86"