Merge pull request #30 from olhado/ebpf-enhancements

olhado · web-flow · commit e1234c89b5f8 · 2022-05-17T09:59:24.000-04:00
Add additional capabilities and mounts for agent 3.0.0
diff --git a/TSKubernetesDaemonSet.yaml b/TSKubernetesDaemonSet.yaml
@@ -94,6 +94,7 @@ spec:
         volumeMounts:
           - name: hostfs
             mountPath: /threatstackfs
+            readOnly: true
       volumes:
         - hostPath:
             path: /
@@ -138,7 +139,7 @@ spec:
         securityContext:
           privileged: false
           capabilities:
-            add: ["AUDIT_CONTROL", "SYS_ADMIN", "SYS_PTRACE", "SYS_NICE"]
+            add: ["AUDIT_CONTROL", "SYS_ADMIN", "SYS_PTRACE", "SYS_NICE", "SYS_RESOURCE", "IPC_LOCK"]
         resources:
           requests:
             memory: "256Mi"
@@ -149,7 +150,13 @@ spec:
         volumeMounts:
           - name: hostfs
             mountPath: /threatstackfs
+            readOnly: true
+          - name: kernel-debug
+            mountPath: /sys/kernel/debug
       volumes:
         - hostPath:
             path: /
           name: hostfs
+        - hostPath:
+            path: /sys/kernel/debug
+          name: kernel-debug
