You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have observed an unexpected behaviour with Aporeto on the platform - when a pod gets started, there is a delay before the enforcers recognize it as a processing unit and enforce an NSP on it.
The suggested fix is to use a custom resource definition PodInjectorSelector - to add an init container to all pods that need security setup before starting as described here.
Might need to have a playbook(?) that would populate all Platform pods with the PodInjectorSelector CR.
The text was updated successfully, but these errors were encountered:
marcus.aporeto
2:52 PM
as an fyi on the init container: moving forward, by July there will be no CR anymore for the init container, it will be injected for every pod by default ... OpenShift issues/difficulties will obviously be taken care of by then, so that the injection always works ... that's in general the goal here: it should just work always ... in the longer run (by the end of the year) the init container might even potentially be superfluous
We have observed an unexpected behaviour with Aporeto on the platform - when a pod gets started, there is a delay before the enforcers recognize it as a processing unit and enforce an NSP on it.
The suggested fix is to use a custom resource definition
PodInjectorSelector
- to add an init container to all pods that need security setup before starting as described here.Might need to have a playbook(?) that would populate all Platform pods with the PodInjectorSelector CR.
The text was updated successfully, but these errors were encountered: