Keith Mattix II
Keith Mattix II
@steeling That sounds good; can you link the design doc PR to this issue?
I'll call out that this is technically the initContainer and not the sidecar; the init container needs some root privileges (i.e. NET_RAW and NET_ADMIN) in order to change iptables rules,...
Can your security policies have an exception list based on container name? Only a single container (the initcontainer) requires those privileges. If that's not workable, then we can look into...
Since we have a workaround for Azure Policy and CNI work is being tracked in #1610, I'm going to close this
We're looking to address this in our upcoming release. There should be an error log in the OSM controller when this occurs: https://github.com/openservicemesh/osm/blob/e6304c1/pkg/k8s/announcement_handlers.go#L70 Could anyone running into this error please...
We should likely close this in favor of #5044
@steeling has this been completed?
@allenlsy Can we close this?
Is the deliverable for this issue CLI commands or user stories?
@shashankram @steeling This appears to be fixed in CI; can we close this issue?