Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-2760

Istio must-gather does not work on OpenShift 4.13 clusters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • None
    • must gather
    • None
    • False
    • None
    • False

      Logging this here as I've run into the same issue while working on the gitops-must-gather and I'm not sure if other custom must-gathers are aware of it. Please feel free to delete if this is a known issue already

      When running the istio must-gather against an OpenShift 4.13 cluster, the script fails to execute.

      The error states: 
      {{}}

      Error from server (Forbidden): pods "must-gather-ll5hh" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "gather", "copy" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "gather", "copy" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "gather", "copy" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "gather", "copy" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

      {{}}

      To Reproduce
      Steps to reproduce the behavior:

      1. log into an OpenShift 4.13 cluster
      2. Try to execute the istio-must-gather script with  
        oc adm must-gather --image=docker.io/maistra/istio-must-gather:0.12.0

              Unassigned Unassigned
              rescott1 Regina Scott (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: