I’ve got a namespace with the annotation for
linkerd.io/inject: enabled set and within that I have a deployment with a securitygroup policy applied to it https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html).
That policy allows
0.0.0.0/0 inbound and outbound (for testing) but whenever we apply it to the deployment using the matchLabels we see a readiness probe failure come from linkerd;
Warning Unhealthy 8s kubelet Readiness probe failed: HTTP probe failed with statuscode: 503
Nothing in the logs by way of error from the linkerd-init nor linkerd-proxy container. If I disable linkerd injection then the container starts fine, if I disable the security group and enable linkerd then linkerd works fine