-
-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: Container/Image requires root #3380
Comments
Hello @Reris, thank you for your feedback. One good thing to know though is that this root access is only required if the service you intercept is using a numeric So I think you want to fix that by doing one of the following:
Let me know if that's related so I can eventually see how to add that to the quickstart :) |
Thanks for your suggestions. This could be a good href in the QuickStart. My suggestion is just to prevent some stumbling blocks right at the beginning. I'm using telepresence in a simple, local k3d environment where i try to imitate the production environment. Using a named targetPort won't work with Headless services, so this goes too far. NET_ADMIN is a good advice. But I've already had a helm chart with settable UIDs. Could be helpful in debugging as well, while NET_ADMIN sounds more like a better match for a production environment. Learned a lot! :) |
This issue was closed because it has been stalled for 7 days with no activity. |
Please describe your use case / problem.
As I was trying to get telepresence to run, it just didnt work. Always failing with a CrashLoopBackOff.
Some frustrating days of trying (yeah, I'm a mediocre k8s user) it turned out to be a simple permissions problem:
error failed to clear chain TEL_INBOUND_TCP: running [/sbin/iptables -t nat -N TEL_INBOUND_TCP --wait]: exit status 4: Fatal: can't open lock file /run/xtables.lock: Permission denied
I was too restrictive with the user permissions and configured my helm deployment to be just a common www-data(33) user.
Describe the solution you'd like
Just a little sentence in the Telepresence Quickstart-docs that describes this requirement in 'Intercept Your Service'. Something like:
'The -container must be configured with root access for Telepresence to intercept traffic.'
Describe alternatives you've considered
Alternative would be telepresence without permission requirements :)
The text was updated successfully, but these errors were encountered: