From 558e637d014aa5e670655d5b134699bc97bd5df1 Mon Sep 17 00:00:00 2001
From: outductor <inductor.kela+seichi@gmail.com>
Date: Fri, 15 Dec 2023 10:45:36 +0900
Subject: [PATCH] try removing cap

---
 .../app-of-other-apps/cilium.yaml             | 32 -------------------
 1 file changed, 32 deletions(-)

diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/cilium.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/cilium.yaml
index 7e195683f..63c9c162a 100644
--- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/cilium.yaml
+++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/cilium.yaml
@@ -20,38 +20,6 @@ spec:
           requests:
             cpu: 100m
             memory: 512Mi
-        securityContext:
-          privileged: false
-          capabilities:
-            ciliumAgent:
-              - CHOWN
-              - KILL
-              - NET_ADMIN
-              - NET_RAW
-              - IPC_LOCK
-              - SYS_MODULE
-              - SYS_RESOURCE
-              - PERFMON
-              - BPF
-              - DAC_OVERRIDE
-              - FOWNER
-              - SETGID
-              - SETUID
-            mountCgroup:
-              - SYS_ADMIN
-              - SYS_CHROOT
-              - SYS_PTRACE
-            applySysctlOverwrites:
-              - SYS_ADMIN
-              - SYS_CHROOT
-              - SYS_PTRACE
-            cleanCiliumState:
-              - NET_ADMIN
-              # Used in iptables. Consider removing once we are iptables-free
-              - SYS_MODULE
-              - SYS_RESOURCE
-              - PERFMON
-              - BPF
         bgpControlPlane:
           enabled: true
         pprof: