🔨 Remove the unnecessary Linux capabilities

2025-09-08 05:49:57 +00:00 · 2023-12-04 22:39:21 +03:00
parent b4dc321829
commit cf3ce0180b
1 changed files with 2 additions and 6 deletions
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -67,11 +67,10 @@ spec:
              add:
                - NET_RAW
                - NET_ADMIN
-                - SYS_ADMIN
-                - SYS_PTRACE
-                - DAC_OVERRIDE
+                {{- if not .Values.tap.noKernelModule }}
                - SYS_MODULE
                - CHECKPOINT_RESTORE
+                {{- end }}
              drop:
                - ALL
          readinessProbe:
@@ -120,13 +119,10 @@ spec:
          securityContext:
            capabilities:
              add:
-                - NET_RAW
-                - NET_ADMIN
                - SYS_ADMIN
                - SYS_PTRACE
                - DAC_OVERRIDE
                - SYS_RESOURCE
-                - CHECKPOINT_RESTORE
              drop:
                - ALL
          volumeMounts: