Is Styra-das supported on Openshift?

Solution Verified - Updated -

Issue

We are currently evaluating the usage of a Styra-das setup which uses an envoy sidecar as egress proxy next to each container.

To force egress traffic through the envoy, the openpolicy agent project delivers a "proxy_init" script, which should be included as initContainer to the applications.

That init script tries to manipulate iptables rules of the pod to achieve that.

Unfortunately, this means each application initContainers must run with privileged rights to use that mechanism.
And to achieve this, we would need to give every service account the permission to use privileged containers.

Are there any platform agnostic ways to manipulate the way pods communicate with their enviroment (e.g force the traffic through the local egress proxy)?

Environment

.- Red Hat Openshift Container Platform 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content