diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml
index 77cfa4c96..f8be1e3d4 100644
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -65,10 +65,14 @@ spec:
           securityContext:
             capabilities:
               add:
+                # NET_RAW is required to listen the network traffic
                 - NET_RAW
+                # NET_ADMIN is required to listen the network traffic
                 - NET_ADMIN
                 {{- if not .Values.tap.noKernelModule }}
+                # SYS_MODULE is required to install kernel modules
                 - SYS_MODULE
+                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
                 - CHECKPOINT_RESTORE
                 {{- end }}
               drop:
@@ -119,9 +123,13 @@ spec:
           securityContext:
             capabilities:
               add:
+                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
                 - SYS_ADMIN
+                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
                 - SYS_PTRACE
+                # DAC_OVERRIDE is required to read /proc/PID/environ
                 - DAC_OVERRIDE
+                # SYS_RESOURCE is required to change rlimits for eBPF
                 - SYS_RESOURCE
               drop:
                 - ALL