mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-09-10 06:50:54 +00:00
🔨 Remove the unnecessary Linux capabilities
This commit is contained in:
M. Mert Yildiran
@@ -67,11 +67,10 @@ spec:
|
|||||||
add:
|
add:
|
||||||
- NET_RAW
|
- NET_RAW
|
||||||
- NET_ADMIN
|
- NET_ADMIN
|
||||||
- SYS_ADMIN
|
{{- if not .Values.tap.noKernelModule }}
|
||||||
- SYS_PTRACE
|
|
||||||
- DAC_OVERRIDE
|
|
||||||
- SYS_MODULE
|
- SYS_MODULE
|
||||||
- CHECKPOINT_RESTORE
|
- CHECKPOINT_RESTORE
|
||||||
|
{{- end }}
|
||||||
drop:
|
drop:
|
||||||
- ALL
|
- ALL
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
@@ -120,13 +119,10 @@ spec:
|
|||||||
securityContext:
|
securityContext:
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- NET_RAW
|
|
||||||
- NET_ADMIN
|
|
||||||
- SYS_ADMIN
|
- SYS_ADMIN
|
||||||
- SYS_PTRACE
|
- SYS_PTRACE
|
||||||
- DAC_OVERRIDE
|
- DAC_OVERRIDE
|
||||||
- SYS_RESOURCE
|
- SYS_RESOURCE
|
||||||
- CHECKPOINT_RESTORE
|
|
||||||
drop:
|
drop:
|
||||||
- ALL
|
- ALL
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|||||||
Reference in New Issue
Block a user