cf-for-k8s icon indicating copy to clipboard operation
cf-for-k8s copied to clipboard
verified publisher icon cloudfoundry

How to allow NET_ADMIN and NET_RAW capabilities if PodSecurityPolicies are enforced on the cluster

Open mikulass opened this issue 4 years ago • 1 comments

Hello all, we are trying to install cf-for-k8s on 1.21.10 with flannel networking, Will work? In the documentation https://cf-for-k8s.io/docs/deploying/ we’ve found following statement - If PodSecurityPolicies are enforced on the cluster, pods must be allowed to have NET_ADMIN and NET_RAW capabilities. How we apply these capabilities to the cluster/pods? Is there any place in configuration values? Or at the k8s cluster level? Maybe I’m missing something… Can someone please explain or point me to some other resource where I can learn little more? Thanks in advance. Best regards.

mikulass avatar Mar 04 '22 20:03 mikulass

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/181465043

The labels on this github issue will be updated when the story is started.

cf-gitbot avatar Mar 04 '22 20:03 cf-gitbot