You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently it does not seem possible to have synthetic-monitoring-agent run as a non-root user in Kubernetes when using traceroute checks. It works fine with "normal" HTTP check as non-root, but when you enable a traceroute probe you get the following error:
Error
2023/11/10 20:46:22 Failed to listen to address 0.0.0.0. Msg: listen ip4:icmp 0.0.0.0: socket: operation not permitted.
panic: Failed to listen to address 0.0.0.0. Msg: listen ip4:icmp 0.0.0.0: socket: operation not permitted.
Hi!
Currently it does not seem possible to have
synthetic-monitoring-agent
run as a non-root user in Kubernetes when using traceroute checks. It works fine with "normal" HTTP check as non-root, but when you enable a traceroute probe you get the following error:Error
This error occurs despite setting capabilities in
securityContext
to addNET_ADMIN
andSYS_TIME
.I'm no expert, but it seems that some containers (like BusyBox) need root for traceroute to be able to build packets from scratch (raw sockets).
Thoughts? Is it even possible to fix this issue given that traceroute seems to require root?
Steps to reproduce
auth-token-secret
with theapi-token
fieldCode
The text was updated successfully, but these errors were encountered: