I am trying to create a DaemonSet, that runs a script on every node, which is supposed to add a route to the host network. I am a bit overwhelmed by all the different security options, like
hostNetwork: true and of course RBAC, etc. and I am not sure how I should approach this in a fitting way, without over-engineering the DaemonSet with little use.
I already have a different deployment using the
NET_ADMIN capability, however that only works within the container itself (which is good). I’m not sure how I can allow the container to perform similar actions requiring the
NET_ADMIN capability, on the host and not the container.
Do I need a ClusterRole, etc. for such operations, as is partially indicated by the Kubernetes documentation, or is there an easier, slimmer and more welcoming switch to enable such possibility?