One privileged agent per node — see every container's syscalls.
Helm chart + raw manifest. Works under Tekton, Argo Workflows, kpack, GitLab K8s runners, Buildkite agents on K8s, actions-runner-controller.
Executable docs ship with the install
The full reference for this topic — configuration files, code samples, CLI flags, API endpoints — ships inside every dpndncY installation so it always matches your installed version. This public-preview page lists what the in-product docs cover.
In the in-product docs
- helm install dpndncy-agent ./agent/k8s/helm
- Required capabilities (BPF, PERFMON, SYS_RESOURCE, NET_ADMIN, SYS_PTRACE)
- Why hostPID + hostNetwork (not privileged: true)
- Per-cluster signing key from a Secret
- Policy ConfigMap with observe / learn / enforce
- Multi-arch image (amd64 + arm64)