OSM Components & Interations
OSM Components & Interactions
When a new Pod creation is initiated, OSM’s
operations for namespaces joined to the mesh,
and forwards these API calls to the
OSM control plane.
OSM control plane augments (patches)
the Pod spec with 2 new containers.
One is the Envoy sidecar,
the other is an init container.
The init container is ephemeral. It executes the init-iptables.sh bash script
The init container requires NET_ADMIN Kernel capability for
iptables changes to be applied.
iptables to ensure that all inbound and outbound traffic flows through the Envoy sidecar.
The init container Docker image
is passed as a string pointing to a container registry. This is passed via the
--init-container-image CLI param to the OSM controller on startup. The default value is defined in the OSM Deployment chart.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.