Prerequisites
Application Requirements
Security Contexts
- Do not run applications with the user ID (UID) value of 1500. This is reserved for the Pipy proxy sidecar container injected into pods by FSM’s sidecar injector.
- If security context
runAsNonRootis set totrueat the pod level, arunAsUservalue must be provided either for the pod or for each container. For example:If the UID is omitted, application containers may attempt to run as root user by default, causing conflict with the pod’s security context.securityContext: runAsNonRoot: true runAsUser: 1200 - Additional capabilities are not required.
Note: the FSM init container is programmed to run as root and add capability
NET_ADMINas it requires these security contexts to finish scheduling. These values are not changed by application security contexts.
Ports
Do not use the following ports as they are used by the Pipy sidecar.
| Port | Description |
|---|---|
| 15000 | Pipy Admin Port |
| 15001 | Pipy Outbound Listener Port |
| 15003 | Pipy Inbound Listener Port |
| 15010 | Pipy Prometheus Inbound Listener Port |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified April 11, 2024: update versions of fsm and pipy (cea5b3e)