This message was deleted.

I am not sure what "NET_ADMIN" role is? you can look at this doc and figure out a custom role for your developers? https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permiss[…]e-based-access-control-rbac/cluster-and-project-roles

Containers in pods have capabilities. Not users. It sounds like someone doesn't know exactly what they're asking for. Do they mean, ensure that developers can deploy pods with this capability enabled?

yes

Ok, have you looked into that?

I’m not quite sure I understand your question. I checked the below link: https://medium.com/mercedes-benz-techinnovation-blog/linux-capability-net-admin-in-a-hardened-kubernetes-world-216fc1a7be3 If I’m correct, this should be used in the deployment configuration (https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container), but I was wondering if containerd should also be configured on the nodes to allow that.