github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-04-28 03:52:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do not use privileged containers for worker init

Browse Source
This commit is contained in:
Volodymyr Stoiko 2024-12-26 09:27:28 +02:00
parent 639f1deb51
commit 014036ffcf
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
helm-chart/templates/09-worker-daemon-set.yaml
View File

@ -38,7 +38,9 @@ spec:
imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
name: check-bpf name: check-bpf
securityContext: securityContext:
privileged: true capabilities:
add:
- CAP_SYS_ADMIN
volumeMounts: volumeMounts:
- mountPath: /sys - mountPath: /sys
name: sys name: sys
@ -54,7 +56,9 @@ spec:
imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
name: init-bpf name: init-bpf
securityContext: securityContext:
privileged: true capabilities:
add:
- CAP_SYS_ADMIN
volumeMounts: volumeMounts:
- mountPath: /sys - mountPath: /sys
name: sys name: sys