templating bpf privileged helm value.

2025-07-04 11:58:41 +00:00 · 2024-12-26 12:29:18 -08:00 · 2024-12-26 12:29:18 -08:00 · d4d1001cd8
commit d4d1001cd8
parent b377bfe35f
3 changed files with 6 additions and 0 deletions
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@ -178,6 +178,7 @@ type CapabilitiesConfig struct {
 	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
 	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
 	EBPFCapture        []string `yaml:"ebpfCapture" json:"ebpfCapture"  default:"[]"`
+	BpfPrivileged      bool     `yaml:"bpfPrivileged" json:"bpfPrivileged" default:"false"`
 }

 type MetricsConfig struct {
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@ -37,8 +37,10 @@ spec:
        {{- end }}
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
          name: check-bpf
+        {{- if .Values.tap.capabilities.bpfPrivileged }}
          securityContext:
            privileged: true
+        {{- end }}
          volumeMounts:
          - mountPath: /sys
            name: sys
@ -53,8 +55,10 @@ spec:
        {{- end }}
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
          name: init-bpf
+        {{- if .Values.tap.capabilities.bpfPrivileged }}
          securityContext:
            privileged: true
+        {{- end }}
          volumeMounts:
          - mountPath: /sys
            name: sys
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@ -126,6 +126,7 @@ tap:
    - SYS_PTRACE
    - SYS_RESOURCE
    - IPC_LOCK
+    bpfPrivileged: false
  globalFilter: ""
  enabledDissectors:
  - amqp