deployKF
Is the Istio CNI plugin supported by deployKF ? #77
-
|
The Istio Container Network Interface (CNI) plugin is required on our side as we do no want to give elevated Kubernetes RBAC permissions. Is this plugin compatible with deployKF ? Thanks ! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
@thib12 I am interested to know, are you willing to test it out in your environment? You can follow the "bring your own istio" guide and just install the CNI rather than core Istio. Also, as a side note, I want to highlight that using the CNI plugin still means you need to create a DemonSet (a pod that runs with root privileges on literally every node), but I do agree that it's slightly better than giving every pod special network permissions. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, it seems to work. Thanks ! |
Beta Was this translation helpful? Give feedback.
-
|
@thib12 Did you disable the sidecar injection or just leave it as default in deploykF? I am also running the CNI plugin, but I noticed that the deployKF components still get the sidecar injected from the namespace configuration. |
Beta Was this translation helpful? Give feedback.
@thib12 I am interested to know, are you willing to test it out in your environment?
You can follow the "bring your own istio" guide and just install the CNI rather than core Istio.
Also, as a side note, I want to highlight that using the CNI plugin still means you need to create a DemonSet (a pod that runs with root privileges on literally every node), but I do agree that it's slightly better than giving every pod special network permissions.