CFP: cilium connectivity test
to support dropping capabilities
#2265
Labels
help wanted
Extra attention is needed
kind/community-report
This was reported by a user in the Cilium community, eg via Slack.
kind/enhancement
This would improve or streamline existing functionality.
Cilium Feature Proposal
Thanks for taking time to make a feature proposal for Cilium! If you have usage questions, please try the slack channel and see the FAQ first.
Is your proposed feature related to a problem?
It is currently not possible to run
cilium connectivity test
when admissionControl PodSecurity enforces anything above privileged. This is the case for Talos by default, see https://www.talos.dev/v1.6/kubernetes-guides/configuration/pod-security/You will get errors like these for the DaemonSets (and no Pods will be created):
Describe the feature you'd like
Command line arguments like we have them for the helm chart (
securityContext.capabilities.cleanCiliumState
andsecurityContext.capabilities.ciliumAgent
) when runningcilium connectivity test
Alternative is to disable enforcement for the namespace:
The text was updated successfully, but these errors were encountered: