ping_exporter icon indicating copy to clipboard operation
ping_exporter copied to clipboard

Published 20 hours ago verified publisher icon czerwonk

Run as non-root user on kubernetes

Open ebarped opened this issue 3 years ago • 1 comments

Hi!

Im trying to run this exporter on kubernetes without being a root user.

Currently, i can at least execute it as root but with dropped capabilities:

securityContext:
  capabilities:
    drop:
      - all
    add: ["NET_RAW"]

But when i change to a non-root user, with the following securityContext:

securityContext:
  runAsUser: 65534
  runAsNonRoot: true
  capabilities:
    drop:
      - all
    add: ["NET_RAW"]

it fails with: ERRO[0000] cannot start monitoring: listen ip4:icmp 0.0.0.0: socket: operation not permitted

I have tried to add more capabilities (NET_ADMIN, SYS_ADMIN) without success.

ebarped avatar Oct 25 '21 07:10 ebarped

The problem is here: Pinger.New() can only create privileged icmp.PacketConn

drTr0jan avatar Jul 01 '22 13:07 drTr0jan