helm: Set rthooks.podSecurityContext to empty by default

[ upstream commit 2558359 ] Set rthooks.podSecurityContext to empty by default to be consistent with the security context setting of Tetragon pods. Also note that "privileged" setting only applies to container security context [^1][^2]. [^1]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#podsecuritycontext-v1-core [^2]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#securitycontext-v1-core Signed-off-by: Michi Mutsuzaki <[email protected]>
cilium · Sep 19, 2024 · 1f90aa2 · 1f90aa2
1 parent 16d0150
commit 1f90aa2
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 6 deletions.
diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md
diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md
diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml
@@ -368,8 +368,7 @@ rthooks:
   # -- priorityClassName for the Tetrargon rthooks pod
   priorityClassName: ""
   # -- security context for the Tetrargon rthooks pod
-  podSecurityContext:
-    privileged: true
+  podSecurityContext: {}
   # -- installDir is the host location where the tetragon-oci-hook binary will be installed
   installDir: "/opt/tetragon"
   # -- Comma-separated list of namespaces to allow Pod creation for, in case tetragon-oci-hook fails to reach Tetragon agent.