OSM Components & Interations
OSM Components & Interactions
Containers
When a new Pod creation is initiated, OSM’s
MutatingWebhookConfiguration
intercepts the
create
pod
operations for namespaces joined to the mesh,
and forwards these API calls to the
OSM control plane.
OSM control plane augments (patches)
the Pod spec with 2 new containers.
One is the Envoy sidecar,
the other is an init container.
The init container is ephemeral. It executes the init-iptables.sh bash script
and terminates.
The init container requires NET_ADMIN Kernel capability for
iptables changes to be applied.
OSM uses iptables to ensure that all inbound and outbound traffic flows through the Envoy sidecar.
The init container Docker image
is passed as a string pointing to a container registry. This is passed via the --init-container-image CLI param to the OSM controller on startup. The default value is defined in the OSM Deployment chart.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.