Add a note about init containers and OpenShift (#15117)

* Add a note about init containers and OpenShift * Update content/en/docs/setup/additional-setup/cni/index.md Co-authored-by: Faseela K <k.faseela@gmail.com> --------- Co-authored-by: Faseela K <k.faseela@gmail.com>
2024-05-16 02:33:12 -04:00 · 2024-05-16 02:33:12 -04:00 · c3cba3e4f2
parent 9aa9a5ddcc
commit c3cba3e4f2
1 changed files with 4 additions and 0 deletions
--- a/content/en/docs/setup/additional-setup/cni/index.md
+++ b/content/en/docs/setup/additional-setup/cni/index.md
@ -256,6 +256,10 @@ Avoid this traffic loss with one of the following settings:
 You must use the `runAsUser 1337` workaround if [DNS proxying](/docs/ops/configuration/traffic-management/dns-proxy/) is enabled, and an init container sends traffic to a host name which requires DNS resolution.
 {{< /tip >}}

+{{< tip >}}
+Some platforms (e.g. OpenShift) do not use `1337` as the sidecar `uid` and instead use a pseudo-random number, that is only known at runtime. In such cases, you can instruct the proxy to run as a predefined `uid` by leveraging the [custom injection feature](/docs/setup/additional-setup/sidecar-injection/#customizing-injection), and use that same `uid` for the init container.
+{{< /tip >}}
+
 {{< warning >}}
 Please use traffic capture exclusions with caution, since the IP/port exclusion annotations not only apply to init container traffic,
 but also application container traffic. i.e. application traffic sent to the configured IP/port will bypass the Istio sidecar.