|
|
@@ -31,7 +31,7 @@ spec:
|
|
|
allowPrivilegeEscalation: false
|
|
|
defaultAllowPrivilegeEscalation: false
|
|
|
# Capabilities
|
|
|
- allowedCapabilities: ['NET_ADMIN']
|
|
|
+ allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
|
|
|
defaultAddCapabilities: []
|
|
|
requiredDropCapabilities: []
|
|
|
# Host namespaces
|
|
|
@@ -200,7 +200,7 @@ spec:
|
|
|
securityContext:
|
|
|
privileged: false
|
|
|
capabilities:
|
|
|
- add: ["NET_ADMIN"]
|
|
|
+ add: ["NET_ADMIN", "NET_RAW"]
|
|
|
env:
|
|
|
- name: POD_NAME
|
|
|
valueFrom:
|
|
|
@@ -295,7 +295,7 @@ spec:
|
|
|
securityContext:
|
|
|
privileged: false
|
|
|
capabilities:
|
|
|
- add: ["NET_ADMIN"]
|
|
|
+ add: ["NET_ADMIN", "NET_RAW"]
|
|
|
env:
|
|
|
- name: POD_NAME
|
|
|
valueFrom:
|
|
|
@@ -390,7 +390,7 @@ spec:
|
|
|
securityContext:
|
|
|
privileged: false
|
|
|
capabilities:
|
|
|
- add: ["NET_ADMIN"]
|
|
|
+ add: ["NET_ADMIN", "NET_RAW"]
|
|
|
env:
|
|
|
- name: POD_NAME
|
|
|
valueFrom:
|
|
|
@@ -485,7 +485,7 @@ spec:
|
|
|
securityContext:
|
|
|
privileged: false
|
|
|
capabilities:
|
|
|
- add: ["NET_ADMIN"]
|
|
|
+ add: ["NET_ADMIN", "NET_RAW"]
|
|
|
env:
|
|
|
- name: POD_NAME
|
|
|
valueFrom:
|
|
|
@@ -580,7 +580,7 @@ spec:
|
|
|
securityContext:
|
|
|
privileged: false
|
|
|
capabilities:
|
|
|
- add: ["NET_ADMIN"]
|
|
|
+ add: ["NET_ADMIN", "NET_RAW"]
|
|
|
env:
|
|
|
- name: POD_NAME
|
|
|
valueFrom:
|
Rajat Chopra