The following error message appeared when I attempted to ping google.com from Containerd’s container.
root@istiod-79d65bf5f4-nlwjj:/# ping google.com
bash: /usr/bin/ping: Operation not permitted
Are there any ideas as to why this is happening?
The following error message appeared when I attempted to ping google.com from Containerd’s container.
root@istiod-79d65bf5f4-nlwjj:/# ping google.com
bash: /usr/bin/ping: Operation not permitted
Are there any ideas as to why this is happening?
2
Answers
Most likely the permissions needed to run for ‘ping’ is not given for the pod. You probably need to add ‘NET_RAW’ capabilities for your pod.
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container
By default a container is not allowed to access any devices, but a privileged container is given access to all devices.
You have not configured or given necessary privileges to execute the ping command. Check the capability of the container whether it is running short and check whether ‘CAP_NET_RAW’ is there or not which is required for ‘ping’ command.
You need to install the ping command image if not installed and use –cap-add command to add NET_RAW to give necessary grants. Also check this document. For further reference please check Docker community forums.
Finally, check your security policies.