aws-app-mesh-controller-for-k8s icon indicating copy to clipboard operation
aws-app-mesh-controller-for-k8s copied to clipboard

Published 20 hours ago verified publisher icon aws

Configure runAsUser=0 on injected proxyinit container's security context

Open rimaulana opened this issue 2 years ago • 0 comments

Is your feature request related to a problem? When pod has podSecurityContext that define the default runAsUser other than 0, proxyinit initContainers are failing with the following error message

Fatal: can't open lock file /run/xtables.lock: Permission denied

Describe the solution you'd like It is understandable that proxyinit will execute iptables command to deploy some traffic redirection rules and it requires to run as root user. If this is a hard requirement, I would want the appmesh-controller to inject this as part of container security context. The current injected container security context is

securityContext:
  capabilities:
    add:
    - NET_ADMIN

What I would like to see is to look like

securityContext:
  runAsUser: 0
  capabilities:
    add:
    - NET_ADMIN

rimaulana avatar Mar 30 '22 16:03 rimaulana