backoff restarting of the agent-init when PodSecurityContext is set

[smehboub]

Hello,

First, thank you very much for this awesome work.

Unfortunately, we won't be able to force all users in our clusters quickly enough to avoid injecting the init container to deploy telepresence and use interception.

Documentation :
https://www.telepresence.io/docs/troubleshooting/#injected-init-container-doesnt-function-properly

Also for security reasons, we recommend deploying applications with a PodSecurityContext with a high UID number.

For example :

pod.spec.securityContext:
  runAsUser: 10001

In this case the securityContext.runAsUser inherit of PodSecurityContext.runAsUser if securityContext.runAsUser is not set, so by wanting to intercept the traffic of an application, we obtain the errors :

2025-02-18 10:30:44.7234 info    Traffic Agent Init v2.21.2
2025-02-18 10:30:44.7263 error   failed to clear chain TEL_PREROUTING_TCP: running [/usr/sbin/iptables -t nat -N TEL_PREROUTING_TCP --wait]: exit status 4: iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)

2025-02-18 10:30:44.7263 error   quit: failed to clear chain TEL_PREROUTING_TCP: running [/usr/sbin/iptables -t nat -N TEL_PREROUTING_TCP --wait]: exit status 4: iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)

To avoid these configuration issues, a PR could resolve this dilemma : #3803

Thanks in advance.
Rgs