From f05e870dea600e969537fe8c7e21d71f43e21307 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Fri, 15 Mar 2024 18:09:48 +0100
Subject: [PATCH] Use the host's network namespace for scans

'hostNetwork: true' grants access to the host's sysctl configurations.
'dnsPolicy: ClusterFirstWithHostnet' is required to access services.
---
 pkg/controller/compliancescan/scan.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/controller/compliancescan/scan.go b/pkg/controller/compliancescan/scan.go
index d9e4bede2..f6f72861e 100644
--- a/pkg/controller/compliancescan/scan.go
+++ b/pkg/controller/compliancescan/scan.go
@@ -289,6 +289,8 @@ func newScanPodForNode(scanInstance *compv1alpha1.ComplianceScan, node *corev1.N
 			NodeSelector: map[string]string{
 				corev1.LabelHostname: node.Labels[corev1.LabelHostname],
 			},
+			HostNetwork: true,
+			DNSPolicy: "ClusterFirstWithHostNet",
 			RestartPolicy: corev1.RestartPolicyOnFailure,
 			Volumes: []corev1.Volume{
 				{