You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@ialidzhikov I have tested both ipvs and iptables with NET_ADMIN only, and it seems to work. Is there any case I have missed that requires SYS_RESOURCE ?
@ialidzhikov I have tested both ipvs and iptables with NET_ADMIN only, and it seems to work. Is there any case I have missed that requires SYS_RESOURCE ?
How to categorize this issue?
/area security
/kind enhancement
What would you like to be added:
When I worked on the topic about running Pods in non-privileged mode, for kube-proxy I created kubernetes/kubernetes#112171. kubernetes/kubernetes#112171 is fixed by kubernetes/kubernetes#120864. Starting Kubernetes 1.29 it will be possible to run the long-running kube-proxy container as non-privileged.
For more details, see kubernetes/contributor-site#452.
The kube-proxy logic that requires to run in a privileged container is moved to an init container. From kubernetes/kubernetes#120864:
And the main kube-proxy container runs with:
Why is this needed:
To run kube-proxy in non-privileged mode.
cc @dimityrmirchev @AleksandarSavchev
The text was updated successfully, but these errors were encountered: