Update generated manifests

mjwolf · mjwolf · commit b81c8f79aa8b · 2025-12-19T11:09:44.000-08:00
diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/base/elastic-agent-managed-daemonset.yaml
@@ -71,6 +71,7 @@ spec:
             - name: ELASTIC_NETINFO
               value: "false"
           securityContext:
+            runAsUser: 0
             # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
             # If you are using this integration, please uncomment these lines before applying.
             #capabilities:
@@ -79,7 +80,6 @@ spec:
             #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
             #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
             ########################################################################################
-            runAsUser: 0
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
diff --git a/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml b/deploy/kubernetes/elastic-agent-kustomize/ksm-autosharding/elastic-agent-managed/extra/elastic-agent-managed-statefulset.yaml
@@ -72,6 +72,14 @@ spec:
               value: "false"
           securityContext:
             runAsUser: 0
+            # The following capabilities are needed for 'Defend for containers' integration (cloud-defend)
+            # If you are using this integration, please uncomment these lines before applying.
+            #capabilities:
+            #  add:
+            #    - BPF # (since Linux 5.8) allows loading of BPF programs, create most map types, load BTF, iterate programs and maps.
+            #    - PERFMON # (since Linux 5.8) allows attaching of BPF programs used for performance metrics and observability operations.
+            #    - SYS_RESOURCE # Allow use of special resources or raising of resource limits. Used by 'Defend for Containers' to modify 'rlimit_memlock'
+            ########################################################################################
             # The following capabilities are needed for Universal Profiling.
             # More fine graded capabilities are only available for newer Linux kernels.
             # If you are using the Universal Profiling integration, please uncomment these lines before applying.
@@ -140,8 +148,8 @@ spec:
           hostPath:
             path: /etc/machine-id
             type: File
-        # Needed for Universal Profiling
-        # If you are not using this integration, then these volumes and the corresponding
+        # Needed for 'Defend for containers' integration (cloud-defend) and Universal Profiling
+        # If you are not using one of these integrations, then these volumes and the corresponding
         # mounts can be removed.
         - name: sys-kernel-debug
           hostPath:
