K
Q

Security Policy Docker Kubernetes CAP_NET_ADMIN

10/10/2019

I have a problem and i don't know why it's working with docker, when i run:
docker run --cap-add NET_ADMIN --name pacman -d -p 8080:80 pacman
my program it's working. but when i load my program with minikube and this deployment file: deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pacman
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pacman
  template:
    metadata:
      labels:
        app: pacman
    spec:
      containers:
      - name: pacman
        image: docker.io/kelysa/pacman:lastest
        imagePullPolicy: Always
        securityContext:
          capabilities:
            add: ["NET_ADMIN"]
        ports:
        - containerPort: 80
        resources:
            limits:
              cpu: "60"
            requests:
              cpu: 10m

i add the same policy group and i don't know why my program doesn't work. i have bug like : WARN[0000] Can't run iptables : Error running bash command iptables -L: exit status 1. Output: iptables: Operation not supported. WARN[0000] BLOCK_NETWORK requires iptables. CAP_NET_RAW,CAP_NET_ADMIN+ capability is also required.

If i run docker without --cap-add NET_ADMIN, i have the same problem so i add NET_ADMIN and it's work on docker with a dockerfile but it's doesn't work on my deployment.yml.

Could you help me please ?

-- Julie
docker
kubernetes
minikube
security
yaml

Similar Questions

Getting CPU and Memory hard limit count in Kubernetes
How to docker run an image with arguments in kubernetes
Can the user use any zones or regions when create a GKE cluster?
GKE - Upgrading cluster master after cluster creation completes
Angular and dotnetcore connection in Kubernetes throw 404

0 Answers