DEV Community

Maxime Guilbert
Maxime Guilbert

Posted on • Updated on

Istio - securityContext.capabilities.add - NET_ADMIN & NET_RAW

On my EKS cluster, we tried to set-up Istio and Calico together. It seemed right until we deployed a service.

We receive these errors

spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_RAW": capability may not be added]
spec.initContainers[0].securityContext.capabilities.add: Invalid value: "NET_ADMIN": capability may not be added]
Enter fullscreen mode Exit fullscreen mode

We thought for a long time that it was a problem with our Pod Security Policy. (And all that I found on internet was related to PSP or Calico issues) But not at all.

It was an issue with our Network Policies. A port was missing to our network policy definition.


I found it when I randomly delete all the network policies to test.


I hope it will help you!

Don't hesitate to give some feedback to help me to improve my writing skills. Thanks!

Top comments (0)