You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please describe your use case / problem.
As I was trying to get telepresence to run, it just didnt work. Always failing with a CrashLoopBackOff.
Some frustrating days of trying (yeah, I'm a mediocre k8s user) it turned out to be a simple permissions problem: error failed to clear chain TEL_INBOUND_TCP: running [/sbin/iptables -t nat -N TEL_INBOUND_TCP --wait]: exit status 4: Fatal: can't open lock file /run/xtables.lock: Permission denied
I was too restrictive with the user permissions and configured my helm deployment to be just a common www-data(33) user.
Describe the solution you'd like
Just a little sentence in the Telepresence Quickstart-docs that describes this requirement in 'Intercept Your Service'. Something like:
'The -container must be configured with root access for Telepresence to intercept traffic.'
Describe alternatives you've considered
Alternative would be telepresence without permission requirements :)
The text was updated successfully, but these errors were encountered:
Thanks for your suggestions. This could be a good href in the QuickStart. My suggestion is just to prevent some stumbling blocks right at the beginning.
I'm using telepresence in a simple, local k3d environment where i try to imitate the production environment. Using a named targetPort won't work with Headless services, so this goes too far. NET_ADMIN is a good advice. But I've already had a helm chart with settable UIDs. Could be helpful in debugging as well, while NET_ADMIN sounds more like a better match for a production environment. Learned a lot! :)
Please describe your use case / problem.
As I was trying to get telepresence to run, it just didnt work. Always failing with a CrashLoopBackOff.
Some frustrating days of trying (yeah, I'm a mediocre k8s user) it turned out to be a simple permissions problem:
error failed to clear chain TEL_INBOUND_TCP: running [/sbin/iptables -t nat -N TEL_INBOUND_TCP --wait]: exit status 4: Fatal: can't open lock file /run/xtables.lock: Permission denied
I was too restrictive with the user permissions and configured my helm deployment to be just a common www-data(33) user.
Describe the solution you'd like
Just a little sentence in the Telepresence Quickstart-docs that describes this requirement in 'Intercept Your Service'. Something like:
'The -container must be configured with root access for Telepresence to intercept traffic.'
Describe alternatives you've considered
Alternative would be telepresence without permission requirements :)
The text was updated successfully, but these errors were encountered: