Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-2760

Istio must-gather does not work on OpenShift 4.13 clusters

    XMLWordPrintable

Details

    • Bug
    • Resolution: Not a Bug
    • Undefined
    • None
    • None
    • must gather
    • None
    • False
    • None
    • False

    Description

      Logging this here as I've run into the same issue while working on the gitops-must-gather and I'm not sure if other custom must-gathers are aware of it. Please feel free to delete if this is a known issue already

      When running the istio must-gather against an OpenShift 4.13 cluster, the script fails to execute.

      The error states: 
      {{}}

      Error from server (Forbidden): pods "must-gather-ll5hh" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "gather", "copy" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "gather", "copy" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "gather", "copy" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "gather", "copy" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

      {{}}

      To Reproduce
      Steps to reproduce the behavior:

      1. log into an OpenShift 4.13 cluster
      2. Try to execute the istio-must-gather script with  
        oc adm must-gather --image=docker.io/maistra/istio-must-gather:0.12.0

      Attachments

        Activity

          People

            Unassigned Unassigned
            rescott1 Regina Scott
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: