Question
Can I have NET_ADMIN capability in Kubernetes?
- Posted on May 21, 2019
- Kubernetes
Asked by csantos
Linkerd is in Digital Ocean Kubernetes’ product page (Use Kubernetes Tooling). However, when I run “linkerd check --pre”, I get:
pre-kubernetes-capability
-------------------------
× has NET_ADMIN capability
found 2 PodSecurityPolicies, but none provide NET_ADMIN
see https://linkerd.io/checks/#pre-k8s-cluster-net-admin for hints
Is it possible to install Linkerd in DO managed Kubernetes?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi @csantos,
You should be able to use Linkerd today, our DOKS clusters do have NET_ADMIN capability by default.
What version is the cluster that you created? Are the other checks passing, did you only paste the failure?
I confirmed on 3 of our latest patch versions for 1.12, 1.13, and 1.14. Using https://linkerd.io/2/getting-started/ after spinning up a DOKS cluster I am seeing all pre-checks pass:
$ linkerd check --pre
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API
kubernetes-version
------------------
√ is running the minimum Kubernetes API version
√ is running the minimum kubectl version
pre-kubernetes-setup
--------------------
√ control plane namespace does not already exist
√ can create Namespaces
√ can create ClusterRoles
√ can create ClusterRoleBindings
√ can create CustomResourceDefinitions
√ can create ServiceAccounts
√ can create Services
√ can create Deployments
√ can create ConfigMaps
pre-kubernetes-capability
-------------------------
√ has NET_ADMIN capability
linkerd-version
---------------
√ can determine the latest version
√ cli is up-to-date
Status check results are √
After installing linkerd manifests I’m seeing all checks pass:
$ linkerd check
kubernetes-api
--------------
√ can initialize the client
√ can query the Kubernetes API
kubernetes-version
------------------
√ is running the minimum Kubernetes API version
√ is running the minimum kubectl version
linkerd-existence
-----------------
√ control plane namespace exists
√ controller pod is running
√ can initialize the client
√ can query the control plane API
linkerd-api
-----------
√ control plane pods are ready
√ control plane self-check
√ [kubernetes] control plane can talk to Kubernetes
√ [prometheus] control plane can talk to Prometheus
√ no invalid service profiles
linkerd-version
---------------
√ can determine the latest version
√ cli is up-to-date
control-plane-version
---------------------
√ control plane is up-to-date
√ control plane and cli versions match
Status check results are √
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.