On my EKS cluster, we tried to set-up Istio and Calico together. It seemed right until we deployed a service.
We receive these errors
spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_RAW": capability may not be added]
spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_ADMIN": capability may not be added]
We thought for a long time that it was a problem with our Pod Security Policy. (And all that I found on internet was related to PSP or Calico issues) But not at all.
It was an issue with our Network Policies. A port was missing to our network policy definition.
I found it when I randomly delete all the network policies to test.
I hope it will help you!
Don't hesitate to give some feedback to help me to improve my writing skills. Thanks!
Top comments (0)