From c8da243663146419ae983c21d12db1ad9b1aab2a Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Sat, 18 Apr 2026 08:42:26 -0700
Subject: [PATCH] Run alloy-tracing as root for eBPF capabilities

The nix-built Alloy image sets User=65534 (nobody). Even with
privileged: true, a non-root user gets no effective capabilities
(CapEff=0). Override with runAsUser: 0 so Beyla gets CAP_BPF and
CAP_SYS_ADMIN needed for eBPF instrumentation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 argocd/manifests/alloy-tracing-ringtail/daemonset.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/argocd/manifests/alloy-tracing-ringtail/daemonset.yaml b/argocd/manifests/alloy-tracing-ringtail/daemonset.yaml
index e56cc9d..b3de1de 100644
--- a/argocd/manifests/alloy-tracing-ringtail/daemonset.yaml
+++ b/argocd/manifests/alloy-tracing-ringtail/daemonset.yaml
@@ -46,6 +46,7 @@ spec:
               mountPath: /var/lib/alloy/data
           securityContext:
             privileged: true
+            runAsUser: 0
       tolerations:
         - operator: Exists
       volumes: