templating bpf privileged helm value.

config/configStructs/tapConfig.go

@@ -178,6 +178,7 @@ type CapabilitiesConfig struct {
 	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
 	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
 	EBPFCapture        []string `yaml:"ebpfCapture" json:"ebpfCapture"  default:"[]"`
+	BpfPrivileged      bool     `yaml:"bpfPrivileged" json:"bpfPrivileged" default:"false"`
 }
 
 type MetricsConfig struct {

helm-chart/templates/09-worker-daemon-set.yaml

@@ -37,8 +37,10 @@ spec:
         {{- end }}
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: check-bpf
+        {{- if .Values.tap.capabilities.bpfPrivileged }}
           securityContext:
             privileged: true
+        {{- end }}
           volumeMounts:
           - mountPath: /sys
             name: sys
@@ -53,8 +55,10 @@ spec:
         {{- end }}
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: init-bpf
+        {{- if .Values.tap.capabilities.bpfPrivileged }}
           securityContext:
             privileged: true
+        {{- end }}
           volumeMounts:
           - mountPath: /sys
             name: sys

helm-chart/values.yaml

@@ -126,6 +126,7 @@ tap:
     - SYS_PTRACE
     - SYS_RESOURCE
     - IPC_LOCK
+    bpfPrivileged: false
   globalFilter: ""
   enabledDissectors:
   - amqp