chore: fix ping mode

flanksource · Oct 3, 2023 · 7b6dcaa · 7b6dcaa
1 parent 01b857e
commit 7b6dcaa
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -65,12 +65,17 @@ spec:
             capabilities:
               add:
                 - CAP_NET_RAW
+          {{- else if eq .Values.pingMode "unprivileged" }}
+          securityContext:
+            sysctls:
+              - name: net.ipv4.ping_group_range
+                value: "0 2147483647"
           {{- end }}
           image: {{ include "canary-checker.imageString" . }}
           imagePullPolicy: "{{ .Values.image.pullPolicy }}"
           env:
-            - name: PRIVILEGED
-              value:  {{ .Values.allowPrivilegeEscalation | quote }}
+            - name: PING_MODE
+              value:  {{ .Values.pingMode | quote }}
             {{- if eq .Values.debug true }}
             - name: DEBUG
               value: "true"

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -59,6 +59,8 @@ db:
 
 nameOverride: ""
 
+# set the mechanism for pings - either privileged, privileged or none
+pingMode: "unprivileged"
 allowPrivilegeEscalation: false
 
 data:
@@ -120,7 +122,8 @@ resources:
   limits:
     memory: 2Gi
 
-serviceAccount: {}
+serviceAccount:
+  {}
   # Configures extra annotations on the service account
   # annotations:
   #   some: annotation

diff --git a/checks/icmp.go b/checks/icmp.go
@@ -26,7 +26,7 @@ var (
 	)
 )
 
-var PRIVILEGED = os.Getenv("PRIVILEGED") == "true"
+var PRIVILEGED = os.Getenv("PING_MODE") == "privileged"
 
 func init() {
 	prometheus.MustRegister(packetLoss)