Open RFlintstone opened 10 months ago
Any news here?
Also not working even when running as privileged container as uid/gid 0 and all capabilities.
Appreciate any information getting the ICMP proxy working.
Hey all. I got this working by setting the securityContext of the pod in my deployment to the following:
apiVersion: apps/v1
kind: Deployment
spec:
...
template:
spec:
securityContext:
runAsGroup: 65532
runAsUser: 65532
runAsNonRoot: true
sysctls:
- name: net.ipv4.ping_group_range
value: "0 200000000"
...
Hope that helps!
@philwinder worked great, thanks!
With the inspiration of the solution of @philwinder, I fixed it with the following:
apiVersion: apps/v1
kind: Deployment
spec:
...
template:
spec:
securityContext:
sysctls:
- name: net.ipv4.ping_group_range
value: "65532 65532"
containers:
- name: cloudflared
securityContext:
runAsUser: 65532
runAsGroup: 65532
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
I'm not sure which is the better/safer solution.
FYI for me, I only needed to add:
apiVersion: apps/v1
kind: Deployment
spec:
template:
spec:
securityContext:
sysctls:
- name: net.ipv4.ping_group_range
value: "0 2147483647"
The other stuff, for me, wasn't needed.
Describe the bug A clear and concise description of what the bug is.
To Reproduce Deploy:
Expected behavior Cloudflared connects and doesn't keep restarting the pods.
Environment and versions OS: Ubuntu 22.04.3 LTS x86_64 Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-4.2) Kernel: 5.15.0-88-generic
Logs and errors
Additional context ) I just followed this instruction ) 2022.3.0 worked in the past but the same config doesn't seem to work anymore. This might be unrelated or because of an old version but I'd thought I would mention it.