Question
What is the minimal security configuration of prometheus node exporter pods on Kubernetes ?
Context
I have deployed the bitnami kube-prometheus-stack on my k8s cluster. The deployment was blocked due to some Kyverno policies that I enforce for security purpose:
- disallow-capabilities-strict
- disallow-host-namespaces
- disallow-host-path
- disallow-privilege-escalation
- restrict-seccomp-strict
- restrict-volume-types
- disallow-host-ports
- disallow-host-ports-range
I'm aware that the node-exporter need some privilege/caps but it's look a lot for me. Is someone know if some of this security parameters may be set without braking the operations of the node-exporter ?
What already did ?
I already try to drop all capabilities of the node-exporter but it weren't able to work anymore...