diff --git a/config/configStruct.go b/config/configStruct.go
index 9d8463be2..7666f5fde 100644
--- a/config/configStruct.go
+++ b/config/configStruct.go
@@ -27,6 +27,38 @@ func CreateDefaultConfig() ConfigStruct {
 					},
 				},
 			},
+			Capabilities: configStructs.CapabilitiesConfig{
+				NetworkCapture: []string{
+					// NET_RAW is required to listen the network traffic
+					"NET_RAW",
+					// NET_ADMIN is required to listen the network traffic
+					"NET_ADMIN",
+				},
+				ServiceMeshCapture: []string{
+					// SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
+					"SYS_ADMIN",
+					// SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
+					"SYS_PTRACE",
+					// DAC_OVERRIDE is required to read /proc/PID/environ
+					"DAC_OVERRIDE",
+					// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
+					"CHECKPOINT_RESTORE",
+				},
+				KernelModule: []string{
+					// SYS_MODULE is required to install kernel modules
+					"SYS_MODULE",
+				},
+				EBPFCapture: []string{
+					// SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
+					"SYS_ADMIN",
+					// SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
+					"SYS_PTRACE",
+					// SYS_RESOURCE is required to change rlimits for eBPF
+					"SYS_RESOURCE",
+					// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
+					"CHECKPOINT_RESTORE",
+				},
+			},
 		},
 	}
 }
diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go
index c5192bc68..082a308ff 100644
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -106,6 +106,13 @@ type TelemetryConfig struct {
 	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }
 
+type CapabilitiesConfig struct {
+	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
+	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
+	KernelModule       []string `yaml:"kernelModule" json:"kernelModule"  default:"[]"`
+	EBPFCapture        []string `yaml:"ebpfCapture" json:"ebpfCapture"  default:"[]"`
+}
+
 type TapConfig struct {
 	Docker                  DockerConfig          `yaml:"docker" json:"docker"`
 	Proxy                   ProxyConfig           `yaml:"proxy" json:"proxy"`
@@ -133,6 +140,7 @@ type TapConfig struct {
 	Telemetry               TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
 	DefaultFilter           string                `yaml:"defaultFilter" json:"defaultFilter"`
 	ReplayDisabled          bool                  `yaml:"replayDisabled" json:"replayDisabled" default:"false"`
+	Capabilities            CapabilitiesConfig    `yaml:"capabilities" json:"capabilities"`
 }
 
 func (config *TapConfig) PodRegex() *regexp.Regexp {
diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml
index f57cca6b2..4702df8c7 100644
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -65,23 +65,18 @@ spec:
           securityContext:
             capabilities:
               add:
-                # NET_RAW is required to listen the network traffic
-                - NET_RAW
-                # NET_ADMIN is required to listen the network traffic
-                - NET_ADMIN
+                {{- range .Values.tap.capabilities.networkCapture }}
+                {{ print "- " . }}
+                {{- end }}
                 {{- if not .Values.tap.noKernelModule }}
-                # SYS_MODULE is required to install kernel modules
-                - SYS_MODULE
+                {{- range .Values.tap.capabilities.kernelModule }}
+                {{ print "- " . }}
+                {{- end }}
                 {{- end }}
                 {{- if .Values.tap.serviceMesh }}
-                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
-                - SYS_ADMIN
-                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
-                - SYS_PTRACE
-                # DAC_OVERRIDE is required to read /proc/PID/environ
-                - DAC_OVERRIDE
-                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
-                - CHECKPOINT_RESTORE
+                {{- range .Values.tap.capabilities.serviceMeshCapture }}
+                {{ print "- " . }}
+                {{- end }}
                 {{- end }}
               drop:
                 - ALL
@@ -131,14 +126,9 @@ spec:
           securityContext:
             capabilities:
               add:
-                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
-                - SYS_ADMIN
-                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
-                - SYS_PTRACE
-                # SYS_RESOURCE is required to change rlimits for eBPF
-                - SYS_RESOURCE
-                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
-                - CHECKPOINT_RESTORE
+                {{- range .Values.tap.capabilities.ebpfCapture }}
+                {{ print "- " . }}
+                {{- end }}
               drop:
                 - ALL
           volumeMounts:
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index ed4f79431..8491e3e4c 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -68,6 +68,22 @@ tap:
     enabled: true
   defaultFilter: ""
   replayDisabled: false
+  capabilities:
+    networkCapture:
+    - NET_RAW
+    - NET_ADMIN
+    serviceMeshCapture:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - DAC_OVERRIDE
+    - CHECKPOINT_RESTORE
+    kernelModule:
+    - SYS_MODULE
+    ebpfCapture:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - SYS_RESOURCE
+    - CHECKPOINT_RESTORE
 logs:
   file: ""
 kube:
diff --git a/manifests/complete.yaml b/manifests/complete.yaml
index f601f8ef3..508d59160 100644
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@@ -315,19 +315,12 @@ spec:
           securityContext:
             capabilities:
               add:
-                # NET_RAW is required to listen the network traffic
                 - NET_RAW
-                # NET_ADMIN is required to listen the network traffic
                 - NET_ADMIN
-                # SYS_MODULE is required to install kernel modules
                 - SYS_MODULE
-                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
                 - SYS_ADMIN
-                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
                 - SYS_PTRACE
-                # DAC_OVERRIDE is required to read /proc/PID/environ
                 - DAC_OVERRIDE
-                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
                 - CHECKPOINT_RESTORE
               drop:
                 - ALL
@@ -373,13 +366,9 @@ spec:
           securityContext:
             capabilities:
               add:
-                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
                 - SYS_ADMIN
-                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
                 - SYS_PTRACE
-                # SYS_RESOURCE is required to change rlimits for eBPF
                 - SYS_RESOURCE
-                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
                 - CHECKPOINT_RESTORE
               drop:
                 - ALL