Skip to content

Commit

Permalink
Skip privileged ports when building listeners for non-root gateways
Browse files Browse the repository at this point in the history 
See: istio/istio#28268
  • Loading branch information
@Laci21 @waynz0r
Laci21 authored and waynz0r committed Feb 22, 2021
1 parent 4b1ee69 commit 2faea4b
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions pkg/resources/gateways/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,13 @@ func (r *Reconciler) envVars() []apiv1.EnvVar {
},
}...)

if !util.PointerToBool(r.gw.Spec.RunAsRoot) {
envVars = append(envVars, apiv1.EnvVar{
Name: "ISTIO_META_UNPRIVILEGED_POD",
Value: "true",
})
}

if util.PointerToBool(r.Config.Spec.Pilot.SPIFFE.OperatorEndpoints.Enabled) {
envVars = append(envVars, apiv1.EnvVar{
Name: "TRUSTBUNDLE_MANAGER",
Expand Down

0 comments on commit 2faea4b

Please sign in to comment.