From 30bfd69c3e7f23e860e8cc6543d1a5ae6fb8e406 Mon Sep 17 00:00:00 2001
From: Wulf Thimm <wulf@gitpod.io>
Date: Wed, 16 Feb 2022 14:41:20 +0000
Subject: [PATCH] removed CAP_ from node-exporter daemonset

---
 jsonnet/kube-prometheus/components/node-exporter.libsonnet | 2 +-
 manifests/nodeExporter-daemonset.yaml                      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/jsonnet/kube-prometheus/components/node-exporter.libsonnet b/jsonnet/kube-prometheus/components/node-exporter.libsonnet
index 5e6cf853..6553b9df 100644
--- a/jsonnet/kube-prometheus/components/node-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/components/node-exporter.libsonnet
@@ -185,7 +185,7 @@ function(params) {
       securityContext: {
         allowPrivilegeEscalation: false,
         readOnlyRootFilesystem: true,
-        capabilities: { drop: ['ALL'], add: ['CAP_SYS_TIME'] },
+        capabilities: { drop: ['ALL'], add: ['SYS_TIME'] },
       },
     };
 
diff --git a/manifests/nodeExporter-daemonset.yaml b/manifests/nodeExporter-daemonset.yaml
index 0a03eaac..877242b0 100644
--- a/manifests/nodeExporter-daemonset.yaml
+++ b/manifests/nodeExporter-daemonset.yaml
@@ -48,7 +48,7 @@ spec:
           allowPrivilegeEscalation: false
           capabilities:
             add:
-            - CAP_SYS_TIME
+            - SYS_TIME
             drop:
             - ALL
           readOnlyRootFilesystem: true
-- 
GitLab