Hoping someone can help here. I’m currently running agent-sandbox(https://agent-sandbox.sigs.k8s.io/) for a template pod with a gvisor runtime class.
Initially I tried just a normal linkerd-init, but because CAP_NET_ADMIN is not available under gvisor, the ip tables route couldn’t be reconfigured.
I tried using linkerd CNI hoping that will bypass CAP_NET_ADMIN permissions but now I get the following error from the network validator init container
{"timestamp":"2026-05-06T15:27:45.109272Z","level":"INFO","fields":{"message":"Listening for connections on 0.0.0.0:4140"},"target":"linkerd_network_validator"}
{"timestamp":"2026-05-06T15:27:45.109381Z","level":"DEBUG","fields":{"token":"\"PaBNKvGoEXM98AAkKczvEvWZdS5Xkb81jvh3wdXh20LSTdBvDf1u4b4QFqBNJA9\\n\""},"target":"linkerd_network_validator"}
{"timestamp":"2026-05-06T15:27:45.109410Z","level":"INFO","fields":{"message":"Connecting to 1.1.1.1:20001"},"target":"linkerd_network_validator"}
{"timestamp":"2026-05-06T15:27:55.110599Z","level":"ERROR","fields":{"message":"Failed to validate networking configuration. Please ensure traffic redirection rules are rewriting traffic as expected.","timeout":"10s"},"target":"linkerd_network_validator"}
Hoping I can get some help here