search

czerwonk / ping_exporter

Prometheus exporter for ICMP echo requests using https://github.com/digineo/go-ping
MIT License
511 stars 112 forks source link

Run as non-root user on kubernetes #56

Open ebarped opened 2 years ago

ebarped commented 2 years ago

Hi!

Im trying to run this exporter on kubernetes without being a root user.

Currently, i can at least execute it as root but with dropped capabilities:

securityContext:
  capabilities:
    drop:
      - all
    add: ["NET_RAW"]

But when i change to a non-root user, with the following securityContext:

securityContext:
  runAsUser: 65534
  runAsNonRoot: true
  capabilities:
    drop:
      - all
    add: ["NET_RAW"]

it fails with: ERRO[0000] cannot start monitoring: listen ip4:icmp 0.0.0.0: socket: operation not permitted

I have tried to add more capabilities (NET_ADMIN, SYS_ADMIN) without success.

drTr0jan commented 2 years ago

The problem is here: Pinger.New() can only create privileged icmp.PacketConn