Skip to content
This repository has been archived by the owner on Nov 25, 2024. It is now read-only.

Set security context run as user and group from pod annotations #17

Merged
merged 1 commit into from
Dec 4, 2023

Conversation

marc-barry
Copy link
Member

This is a similar situation as #12 was done to address. Specifically, there are deployments that set the pod security context (https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) which overrides the UID and GID of the running container. When this is done the iptables accept rule created by https://github.com/qpoint-io/kubernetes-qtap-init/ doesn't align and then prevents the sidecar proxy from using the network. This is due to the fact that the the sidecar ends up being configured to route to itself and this breaks registration and pretty much any network connectivity since the sidecar container cannot become healthy.

@marc-barry marc-barry requested a review from tylerflint December 4, 2023 15:36
@marc-barry marc-barry merged commit 7fb5487 into main Dec 4, 2023
1 check passed
@marc-barry marc-barry deleted the marc-barry/injection-security-context branch December 4, 2023 15:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants