Question

Can I have NET_ADMIN capability in Kubernetes?

Linkerd is in Digital Ocean Kubernetes’ product page (Use Kubernetes Tooling). However, when I run “linkerd check --pre”, I get:

pre-kubernetes-capability
-------------------------
× has NET_ADMIN capability
    found 2 PodSecurityPolicies, but none provide NET_ADMIN
    see https://linkerd.io/checks/#pre-k8s-cluster-net-admin for hints

Is it possible to install Linkerd in DO managed Kubernetes?

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Steven Normore
DigitalOcean Employee
DigitalOcean Employee badge
May 21, 2019
Accepted Answer

Hi @csantos,

You should be able to use Linkerd today, our DOKS clusters do have NET_ADMIN capability by default.

What version is the cluster that you created? Are the other checks passing, did you only paste the failure?

I confirmed on 3 of our latest patch versions for 1.12, 1.13, and 1.14. Using https://linkerd.io/2/getting-started/ after spinning up a DOKS cluster I am seeing all pre-checks pass:

$ linkerd check --pre
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API

kubernetes-version
------------------
√ is running the minimum Kubernetes API version
√ is running the minimum kubectl version

pre-kubernetes-setup
--------------------
√ control plane namespace does not already exist
√ can create Namespaces
√ can create ClusterRoles
√ can create ClusterRoleBindings
√ can create CustomResourceDefinitions
√ can create ServiceAccounts
√ can create Services
√ can create Deployments
√ can create ConfigMaps

pre-kubernetes-capability
-------------------------
√ has NET_ADMIN capability

linkerd-version
---------------
√ can determine the latest version
√ cli is up-to-date

Status check results are √

After installing linkerd manifests I’m seeing all checks pass:

$ linkerd check
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API

kubernetes-version
------------------
√ is running the minimum Kubernetes API version
√ is running the minimum kubectl version

linkerd-existence
-----------------
√ control plane namespace exists
√ controller pod is running
√ can initialize the client
√ can query the control plane API

linkerd-api
-----------
√ control plane pods are ready
√ control plane self-check
√ [kubernetes] control plane can talk to Kubernetes
√ [prometheus] control plane can talk to Prometheus
√ no invalid service profiles

linkerd-version
---------------
√ can determine the latest version
√ cli is up-to-date

control-plane-version
---------------------
√ control plane is up-to-date
√ control plane and cli versions match

Status check results are √