From 014036ffcf661740458cb34df93d400ccc4d55ba Mon Sep 17 00:00:00 2001
From: Volodymyr Stoiko <me@volodymyrstoiko.com>
Date: Thu, 26 Dec 2024 09:27:28 +0200
Subject: [PATCH] Do not use privileged containers for worker init

---
 helm-chart/templates/09-worker-daemon-set.yaml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml
index 5119e42ac..7ce2e0164 100644
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -38,7 +38,9 @@ spec:
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: check-bpf
           securityContext:
-            privileged: true
+            capabilities:
+              add:
+                - CAP_SYS_ADMIN 
           volumeMounts:
           - mountPath: /sys
             name: sys
@@ -54,7 +56,9 @@ spec:
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: init-bpf
           securityContext:
-            privileged: true
+            capabilities:
+              add:
+                - CAP_SYS_ADMIN 
           volumeMounts:
           - mountPath: /sys
             name: sys