Linkerd, RKE2 CIS profile - securityContext

Hi

I am trying to get Linkerd working on an RKE2 CIS profile configured cluster. That means that everything is in a non-root environment and that most privilege access is denied.
I have seen that the linkerd namespace got privilege access from the install (which is fine I guess), but sidecar’ed pods cannot start because the linkerd-init container includes NET_ADMIN and NET_RAW capabilities.
Obviously I would not want to raise every namespace that is using Linkerd with elevated privileges. There used to be PSPs in older versions of Kubernetes and there was a way around that issue at the time. But PSPs are deprecated and I could not find any information on how to navigate that issue with todays Kubernetes version…

You’ll probably need to use the Linkerd CNI plugin instead of the linkerd-init container. Check out CNI Plugin | Linkerd and see if that helps you!

Oh, I was not aware of that, awesome! I will check it out. Many thanks :slight_smile: