Docker and kubernetes capabilities

10/15/2019

i have a question and a problem about capabilities.

Why my program work when i run docker run --cap-add=NET_ADMIN... ? ( i don't have RTNETLINK problems and TC Network problems with ETH0)

And it's doesn't work if i run my program with file .yml which is:

  containers:
  - name: snake
    image: docker.io/kelysa/snake:lastest
    imagePullPolicy: Always
    securityContext:
      privileged: true
      capabilities:
        add: ["NET_ADMIN","NET_RAW"]

i have problems like RTNETLINK answers: No such file or directory

tc isn't available for interface eth0"
"NETWORK_BANDWIDTH requires traffic control (tc). 
CAP_NET_RAW,CAP_NET_ADMIN+ capability is also required, with modinfo sch_netem.

What is the difference between run docker with --cap-add and run a pod with the same capabilities ?

-- Julie
capability
docker
kubernetes
netlink
networking

0 Answers