This repository was archived by the owner on Dec 3, 2025. It is now read-only.
This repository was archived by the owner on Dec 3, 2025. It is now read-only.
Does not work with baseline pod security standard #170
Description
Describe the bug
❯ k describe rs
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 109s replicaset-controller Error creating: pods "media-dep-878876c8d-vxz94" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 109s replicaset-controller Error creating: pods "media-dep-878876c8d-xz8fh" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 109s replicaset-controller Error creating: pods "media-dep-878876c8d-85956" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 109s replicaset-controller Error creating: pods "media-dep-878876c8d-bh8p7" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 109s replicaset-controller Error creating: pods "media-dep-878876c8d-ln28h" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 109s replicaset-controller Error creating: pods "media-dep-878876c8d-wjsrs" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 109s replicaset-controller Error creating: pods "media-dep-878876c8d-psmgq" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 109s replicaset-controller Error creating: pods "media-dep-878876c8d-ctlb4" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 108s replicaset-controller Error creating: pods "media-dep-878876c8d-qwstr" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)
Warning FailedCreate 27s (x6 over 107s) replicaset-controller (combined from similar events): Error creating: pods "media-dep-878876c8d-fvh5h" is forbidden: violates PodSecurity "baseline:latest": non-default capabilities (containers "metrics", "agent" must not include "NET_ADMIN" in securityContext.capabilities.add)To Reproduce
Run a Kubernetes cluster with the baseline pod security standard (e.g Talos).
https://kubernetes.io/docs/concepts/security/pod-security-admission/
Expected behavior
Optionally use the userspace wireguard implementation.
Screenshots
N/A
Additional context