diff --git a/base/cadvisor/cadvisor.DaemonSet.yaml b/base/cadvisor/cadvisor.DaemonSet.yaml index 02324e62942f..c7f390294a51 100644 --- a/base/cadvisor/cadvisor.DaemonSet.yaml +++ b/base/cadvisor/cadvisor.DaemonSet.yaml @@ -58,10 +58,15 @@ spec: - name: disk mountPath: /dev/disk readOnly: true + - name: kmsg + mountPath: /dev/kmsg + readOnly: true ports: - name: http containerPort: 48080 protocol: TCP + securityContext: + privileged: true automountServiceAccountToken: false terminationGracePeriodSeconds: 30 volumes: @@ -80,3 +85,6 @@ spec: - name: disk hostPath: path: /dev/disk + - name: kmsg + hostPath: + path: /dev/kmsg diff --git a/overlays/non-privileged/cadvisor/cadvisor.DaemonSet.yaml b/overlays/non-privileged/cadvisor/cadvisor.DaemonSet.yaml new file mode 100644 index 000000000000..9ff2247ee26a --- /dev/null +++ b/overlays/non-privileged/cadvisor/cadvisor.DaemonSet.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: cadvisor +spec: + template: + spec: + containers: + - name: cadvisor + volumeMounts: + - name: kmsg + mountPath: /dev/kmsg + readOnly: true + $patch: delete + securityContext: + privileged: null + volumes: + - name: kmsg + hostPath: + path: /dev/kmsg + $patch: delete diff --git a/overlays/non-privileged/kustomization.yaml b/overlays/non-privileged/kustomization.yaml index e93c7e95d9aa..1a19f796cad7 100644 --- a/overlays/non-privileged/kustomization.yaml +++ b/overlays/non-privileged/kustomization.yaml @@ -7,6 +7,7 @@ resources: - frontend/sourcegraph-frontend.RoleBinding.yaml - prometheus/prometheus.RoleBinding.yaml patchesStrategicMerge: + - cadvisor/cadvisor.DaemonSet.yaml - codeintel-db/codeintel-db.Deployment.yaml - codeinsights-db/codeinsights-db.Deployment.yaml - frontend/sourcegraph-frontend.Deployment.yaml