Open ebarped opened 2 years ago
Hi!
Im trying to run this exporter on kubernetes without being a root user.
Currently, i can at least execute it as root but with dropped capabilities:
securityContext: capabilities: drop: - all add: ["NET_RAW"]
But when i change to a non-root user, with the following securityContext:
securityContext: runAsUser: 65534 runAsNonRoot: true capabilities: drop: - all add: ["NET_RAW"]
it fails with: ERRO[0000] cannot start monitoring: listen ip4:icmp 0.0.0.0: socket: operation not permitted
ERRO[0000] cannot start monitoring: listen ip4:icmp 0.0.0.0: socket: operation not permitted
I have tried to add more capabilities (NET_ADMIN, SYS_ADMIN) without success.
The problem is here: Pinger.New() can only create privileged icmp.PacketConn
Hi!
Im trying to run this exporter on kubernetes without being a root user.
Currently, i can at least execute it as root but with dropped capabilities:
But when i change to a non-root user, with the following securityContext:
it fails with:
ERRO[0000] cannot start monitoring: listen ip4:icmp 0.0.0.0: socket: operation not permitted
I have tried to add more capabilities (NET_ADMIN, SYS_ADMIN) without success.