Istio – securityContext.capabilities.add – NET_ADMIN & NET_RAW

This content originally appeared on DEV Community and was authored by Maxime Guilbert

On my EKS cluster, we tried to set-up Istio and Calico together. It seemed right until we deployed a service.

We receive these errors

spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_RAW": capability may not be added]
spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_ADMIN": capability may not be added]

We thought for a long time that it was a problem with our Pod Security Policy. (And all that I found on internet was related to PSP or Calico issues) But not at all.

It was an issue with our Network Policies. A port was missing to our network policy definition.

I found it when I randomly delete all the network policies to test.

I hope it will help you!

Don't hesitate to give some feedback to help me to improve my writing skills. Thanks!

This content originally appeared on DEV Community and was authored by Maxime Guilbert

Print Share Comment Cite Upload Translate Updates

APA

Maxime Guilbert | Sciencx (2021-04-12T11:43:04+00:00) Istio – securityContext.capabilities.add – NET_ADMIN & NET_RAW. Retrieved from https://www.scien.cx/2021/04/12/istio-securitycontext-capabilities-add-net_admin-net_raw/

MLA

" » Istio – securityContext.capabilities.add – NET_ADMIN & NET_RAW." Maxime Guilbert | Sciencx - Monday April 12, 2021, https://www.scien.cx/2021/04/12/istio-securitycontext-capabilities-add-net_admin-net_raw/

HARVARD

Maxime Guilbert | Sciencx Monday April 12, 2021 » Istio – securityContext.capabilities.add – NET_ADMIN & NET_RAW., viewed ,<https://www.scien.cx/2021/04/12/istio-securitycontext-capabilities-add-net_admin-net_raw/>

VANCOUVER

Maxime Guilbert | Sciencx - » Istio – securityContext.capabilities.add – NET_ADMIN & NET_RAW. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2021/04/12/istio-securitycontext-capabilities-add-net_admin-net_raw/

CHICAGO

" » Istio – securityContext.capabilities.add – NET_ADMIN & NET_RAW." Maxime Guilbert | Sciencx - Accessed . https://www.scien.cx/2021/04/12/istio-securitycontext-capabilities-add-net_admin-net_raw/

IEEE

" » Istio – securityContext.capabilities.add – NET_ADMIN & NET_RAW." Maxime Guilbert | Sciencx [Online]. Available: https://www.scien.cx/2021/04/12/istio-securitycontext-capabilities-add-net_admin-net_raw/. [Accessed: ]

rf:citation

» Istio – securityContext.capabilities.add – NET_ADMIN & NET_RAW | Maxime Guilbert | Sciencx | https://www.scien.cx/2021/04/12/istio-securitycontext-capabilities-add-net_admin-net_raw/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.