-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
OSSM 3.1.1
-
None
Istio deprecated traffic.sidecar.istio.io/kubevirtInterfaces annotation in Istio v1.25 https://istio.io/latest/news/releases/1.25.x/announcing-1.25/change-notes/#deprecation-notices.
It was replaced with istio.io/reroute-virtual-interfaces ,
However due to a bug it no longer functions in Istio >= v1.25 and as such in OSSM 3.1.
In Openshift Virtualization QE running OCP 4.20 with OSSM 3.1.x the following was noticed:
Version:
./install-cni version
client version: version.BuildInfo{Version:"1.26.3_ossm", GitRevision:"613899110556e092b4994384c47ab8d98f235b3c", GolangVersion:"go1.24.4 (Red Hat 1.24.4-2.el9)", BuildStatus:"Clean", GitTag:"1.26.3_ossm"}
nftables nat table:
nft list table nat # Warning: table ip nat is managed by iptables-nft, do not touch! table ip nat { chain ISTIO_INBOUND { tcp dport 15008 counter packets 0 bytes 0 return tcp dport 15020 counter packets 0 bytes 0 return tcp dport 15021 counter packets 1485 bytes 89100 return tcp dport 15090 counter packets 0 bytes 0 return ip protocol tcp counter packets 1 bytes 60 jump ISTIO_IN_REDIRECT } chain ISTIO_REDIRECT { ip protocol tcp counter packets 0 bytes 0 redirect to :15001 } chain ISTIO_IN_REDIRECT { ip protocol tcp counter packets 2 bytes 120 redirect to :15006 } chain ISTIO_OUTPUT { tcp dport 15020 counter packets 2 bytes 120 return udp dport 15020 counter packets 0 bytes 0 return ip saddr 127.0.0.6 oifname "lo" counter packets 0 bytes 0 return ip daddr != 127.0.0.1 oifname "lo" tcp dport != 15008 skuid 1000829999 counter packets 1 bytes 60 jump ISTIO_IN_REDIRECT oifname "lo" skuid != 1000829999 counter packets 0 bytes 0 return skuid 1000829999 counter packets 103 bytes 10149 return ip daddr != 127.0.0.1 oifname "lo" tcp dport != 15008 skgid 1000829999 counter packets 0 bytes 0 jump ISTIO_IN_REDIRECT oifname "lo" skgid != 1000829999 counter packets 0 bytes 0 return skgid 1000829999 counter packets 0 bytes 0 return ip daddr 127.0.0.1 counter packets 0 bytes 0 return counter packets 2 bytes 559 jump ISTIO_REDIRECT } chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; ip protocol tcp counter packets 1486 bytes 89160 jump ISTIO_INBOUND } chain OUTPUT { type nat hook output priority dstnat; policy accept; counter packets 108 bytes 10888 jump ISTIO_OUTPUT } chain prerouting { type nat hook prerouting priority dstnat; policy accept; iifname "eth0" counter packets 1484 bytes 89040 jump KUBEVIRT_PREINBOUND } chain input { type nat hook input priority srcnat; policy accept; } chain output { type nat hook output priority dstnat; policy accept; tcp dport { 15000, 15001, 15004, 15006, 15008, 15009, 15020, 15021, 15053, 15090 } ip saddr 127.0.0.1 counter packets 3 bytes 180 return ip daddr { 10.129.2.140, 127.0.0.1 } counter packets 0 bytes 0 dnat to 10.0.2.2 } chain postrouting { type nat hook postrouting priority srcnat; policy accept; ip saddr 10.0.2.2 counter packets 306 bytes 23306 masquerade oifname "k6t-eth0" counter packets 1 bytes 519 jump KUBEVIRT_POSTINBOUND } chain KUBEVIRT_PREINBOUND { tcp dport 22 counter packets 0 bytes 0 dnat to 10.0.2.2 } chain KUBEVIRT_POSTINBOUND { tcp dport { 15000, 15001, 15004, 15006, 15008, 15009, 15020, 15021, 15053, 15090 } ip saddr 127.0.0.1 counter packets 0 bytes 0 return ip saddr { 127.0.0.1, 127.0.0.6 } counter packets 0 bytes 0 snat to 10.0.2.1 } }
Expected PREROUTING table:
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
iifname "k6t-eth0" counter packets 1 bytes 328 jump ISTIO_REDIRECT
iifname "k6t-eth0" counter packets 1 bytes 328 return
ip protocol tcp counter packets 8 bytes 480 jump ISTIO_INBOUND
}
Pod spec:
apiVersion: v1
kind: Pod
metadata:
annotations:
descheduler.alpha.kubernetes.io/request-evict-only: ""
istio.io/rev: default
k8s.ovn.org/pod-networks: '{"default":{"ip_addresses":["10.129.2.140/23"],"mac_address":"0a:58:0a:81:02:8c","gateway_ips":["10.129.2.1"],"routes":[{"dest":"10.128.0.0/14","nextHop":"10.129.2.1"},{"dest":"172.30.0.0/16","nextHop":"10.129.2.1"},{"dest":"169.254.0.5/32","nextHop":"10.129.2.1"},{"dest":"100.64.0.0/16","nextHop":"10.129.2.1"}],"ip_address":"10.129.2.140/23","gateway_ip":"10.129.2.1","role":"primary"}}'
k8s.v1.cni.cncf.io/network-status: |-
[{
"name": "ovn-kubernetes",
"interface": "eth0",
"ips": [
"10.129.2.140"
],
"mac": "0a:58:0a:81:02:8c",
"default": true,
"dns": {}
}]
k8s.v1.cni.cncf.io/networks: ""
kubectl.kubernetes.io/default-container: compute
kubectl.kubernetes.io/default-logs-container: compute
kubevirt.io/domain: service-mesh-vm-1758094302-0670893
kubevirt.io/migrationTransportUnix: "true"
kubevirt.io/vm-generation: "2"
openshift.io/scc: kubevirt-controller
post.hook.backup.velero.io/command: '["/usr/bin/virt-freezer", "--unfreeze", "--name",
"service-mesh-vm-1758094302-0670893", "--namespace", "service-mesh-test-service-mesh"]'
post.hook.backup.velero.io/container: compute
pre.hook.backup.velero.io/command: '["/usr/bin/virt-freezer", "--freeze", "--name",
"service-mesh-vm-1758094302-0670893", "--namespace", "service-mesh-test-service-mesh"]'
pre.hook.backup.velero.io/container: compute
prometheus.io/path: /stats/prometheus
prometheus.io/port: "15020"
prometheus.io/scrape: "true"
seccomp.security.alpha.kubernetes.io/pod: localhost/kubevirt/kubevirt.json
security.openshift.io/validated-scc-subject-type: user
sidecar.istio.io/inject: "true"
sidecar.istio.io/interceptionMode: REDIRECT
sidecar.istio.io/status: '{"initContainers":["istio-validation"],"containers":["istio-proxy"],"volumes":["workload-socket","credential-socket","workload-certs","istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null,"revision":"default"}'
traffic.sidecar.istio.io/excludeInboundPorts: "15020"
traffic.sidecar.istio.io/includeInboundPorts: '*'
traffic.sidecar.istio.io/includeOutboundIPRanges: '*'
traffic.sidecar.istio.io/kubevirtInterfaces: k6t-eth0
creationTimestamp: "2025-09-17T07:31:43Z"
generateName: virt-launcher-service-mesh-vm-1758094302-0670893-
generation: 1
labels:
debugLogs: "true"
kubevirt.io: virt-launcher
kubevirt.io/created-by: 19cd7d85-5056-4f03-b2ff-743502d57fd3
kubevirt.io/domain: service-mesh-vm-1758094302-0670893
kubevirt.io/nodeName: net-asiazk-420-9mz9w-worker-0-kzm5p
kubevirt.io/vm: service-mesh-vm-1758094302-0670893
security.istio.io/tlsMode: istio
service.istio.io/canonical-name: service-mesh-vm-1758094302-0670893
service.istio.io/canonical-revision: latest
vm.kubevirt.io/name: service-mesh-vm-1758094302-0670893
name: virt-launcher-service-mesh-vm-1758094302-0670893-474tr
namespace: service-mesh-test-service-mesh
ownerReferences:
- apiVersion: kubevirt.io/v1
blockOwnerDeletion: true
controller: true
kind: VirtualMachineInstance
name: service-mesh-vm-1758094302-0670893
uid: 19cd7d85-5056-4f03-b2ff-743502d57fd3
resourceVersion: "891316"
uid: b723c8dd-4974-47cf-9f55-29efe3a46b33
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-labeller.kubevirt.io/obsolete-host-model
operator: DoesNotExist
automountServiceAccountToken: true
containers:
- command:
- /usr/bin/virt-launcher-monitor
- --qemu-timeout
- 280s
- --name
- service-mesh-vm-1758094302-0670893
- --uid
- 19cd7d85-5056-4f03-b2ff-743502d57fd3
- --namespace
- service-mesh-test-service-mesh
- --kubevirt-share-dir
- /var/run/kubevirt
- --ephemeral-disk-dir
- /var/run/kubevirt-ephemeral-disks
- --container-disk-dir
- /var/run/kubevirt/container-disks
- --grace-period-seconds
- "45"
- --hook-sidecars
- "0"
- --ovmf-path
- /usr/share/OVMF
- --disk-memory-limit
- "2000000000"
- --run-as-nonroot
env:
- name: XDG_CACHE_HOME
value: /var/run/kubevirt-private
- name: XDG_CONFIG_HOME
value: /var/run/kubevirt-private
- name: XDG_RUNTIME_DIR
value: /var/run
- name: LIBVIRT_DEBUG_LOGS
value: "1"
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
image: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:1c128ba0c85294a6de7ee6055b8490f8082ac49117c24cd64e1acca872362232
imagePullPolicy: IfNotPresent
name: compute
resources:
limits:
devices.kubevirt.io/kvm: "1"
devices.kubevirt.io/tun: "1"
devices.kubevirt.io/vhost-net: "1"
requests:
cpu: 100m
devices.kubevirt.io/kvm: "1"
devices.kubevirt.io/tun: "1"
devices.kubevirt.io/vhost-net: "1"
ephemeral-storage: 50M
memory: 1294Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
privileged: false
runAsGroup: 107
runAsNonRoot: true
runAsUser: 107
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/kubevirt-private
name: private
- mountPath: /var/run/kubevirt
name: public
- mountPath: /var/run/kubevirt-ephemeral-disks
name: ephemeral-disks
- mountPath: /var/run/libvirt
name: libvirt-runtime
- mountPath: /var/run/kubevirt/sockets
name: sockets
- mountPath: /var/run/kubevirt/container-disks
mountPropagation: HostToContainer
name: container-disks
- mountPath: /var/run/kubevirt/hotplug-disks
mountPropagation: HostToContainer
name: hotplug-disks
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
- args:
- --copy-path
- /var/run/kubevirt-ephemeral-disks/container-disk-data/19cd7d85-5056-4f03-b2ff-743502d57fd3/disk_0
command:
- /usr/bin/container-disk
image: quay.io/openshift-cnv/qe-cnv-tests-fedora:41@sha256:a91659fba4e0258dda1be076dd6e56e34d9bf3dce082e57f939994ce0f124348
imagePullPolicy: IfNotPresent
name: volumecontainerdisk
resources:
limits:
cpu: 10m
memory: 40M
requests:
cpu: 1m
ephemeral-storage: 50M
memory: 1M
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 107
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/kubevirt-ephemeral-disks/container-disk-data/19cd7d85-5056-4f03-b2ff-743502d57fd3
name: container-disks
- mountPath: /usr/bin
name: virt-bin-share-dir
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
- args:
- proxy
- sidecar
- --domain
- $(POD_NAMESPACE).svc.cluster.local
- --proxyLogLevel=warning
- --proxyComponentLogLevel=misc:error
- --log_output_level=default:info
env:
- name: PILOT_CERT_PROVIDER
value: istiod
- name: CA_ADDR
value: istiod.istio-system.svc:15012
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: INSTANCE_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: SERVICE_ACCOUNT
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.serviceAccountName
- name: HOST_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
- name: ISTIO_CPU_LIMIT
valueFrom:
resourceFieldRef:
divisor: "0"
resource: limits.cpu
- name: PROXY_CONFIG
value: |
{}
- name: ISTIO_META_POD_PORTS
value: |-
[
]
- name: ISTIO_META_APP_CONTAINERS
value: compute,volumecontainerdisk
- name: GOMEMLIMIT
valueFrom:
resourceFieldRef:
divisor: "0"
resource: limits.memory
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
divisor: "0"
resource: limits.cpu
- name: ISTIO_META_CLUSTER_ID
value: Kubernetes
- name: ISTIO_META_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: ISTIO_META_INTERCEPTION_MODE
value: REDIRECT
- name: ISTIO_META_WORKLOAD_NAME
value: service-mesh-vm-1758094302-0670893
- name: ISTIO_META_OWNER
value: kubernetes://apis/kubevirt.io/v1/namespaces/service-mesh-test-service-mesh/virtualmachineinstances/service-mesh-vm-1758094302-0670893
- name: ISTIO_META_MESH_ID
value: cluster.local
- name: TRUST_DOMAIN
value: cluster.local
image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:26747627ae22bbdffcf9de58077454fc0c890cda83659d7834b15dea2b5aaaf2
imagePullPolicy: IfNotPresent
name: istio-proxy
ports:
- containerPort: 15090
name: http-envoy-prom
protocol: TCP
readinessProbe:
failureThreshold: 4
httpGet:
path: /healthz/ready
port: 15021
scheme: HTTP
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 3
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000829999
runAsNonRoot: true
runAsUser: 1000829999
startupProbe:
failureThreshold: 600
httpGet:
path: /healthz/ready
port: 15021
scheme: HTTP
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 3
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/workload-spiffe-uds
name: workload-socket
- mountPath: /var/run/secrets/credential-uds
name: credential-socket
- mountPath: /var/run/secrets/workload-spiffe-credentials
name: workload-certs
- mountPath: /var/run/secrets/istio
name: istiod-ca-cert
- mountPath: /var/lib/istio/data
name: istio-data
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /var/run/secrets/tokens
name: istio-token
- mountPath: /etc/istio/pod
name: istio-podinfo
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: false
hostname: service-mesh-vm-1758094302-0670893
imagePullSecrets:
- name: default-dockercfg-ns9dh
initContainers:
- args:
- istio-iptables
- -p
- "15001"
- -z
- "15006"
- -u
- "1000829999"
- -m
- REDIRECT
- -i
- '*'
- -x
- ""
- -b
- '*'
- -d
- 15090,15021,15020
- -k
- k6t-eth0
- --log_output_level=default:info
- --run-validation
- --skip-rule-apply
image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:26747627ae22bbdffcf9de58077454fc0c890cda83659d7834b15dea2b5aaaf2
imagePullPolicy: IfNotPresent
name: istio-validation
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 1000829999
runAsNonRoot: true
runAsUser: 1000829999
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
- args:
- --logfile
- /var/run/kubevirt-private/19cd7d85-5056-4f03-b2ff-743502d57fd3/virt-serial0-log
command:
- /usr/bin/virt-tail
env:
- name: VIRT_LAUNCHER_LOG_VERBOSITY
value: "2"
image: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:1c128ba0c85294a6de7ee6055b8490f8082ac49117c24cd64e1acca872362232
imagePullPolicy: IfNotPresent
name: guest-console-log
resources:
limits:
cpu: 15m
memory: 60M
requests:
cpu: 5m
memory: 35M
restartPolicy: Always
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 107
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/kubevirt-private
name: private
readOnly: true
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
- command:
- /usr/bin/cp
- /usr/bin/container-disk
- /init/usr/bin/container-disk
env:
- name: XDG_CACHE_HOME
value: /var/run/kubevirt-private
- name: XDG_CONFIG_HOME
value: /var/run/kubevirt-private
- name: XDG_RUNTIME_DIR
value: /var/run
image: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:1c128ba0c85294a6de7ee6055b8490f8082ac49117c24cd64e1acca872362232
imagePullPolicy: IfNotPresent
name: container-disk-binary
resources:
limits:
cpu: 100m
memory: 40M
requests:
cpu: 10m
memory: 1M
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 107
runAsNonRoot: true
runAsUser: 107
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /init/usr/bin
name: virt-bin-share-dir
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
- args:
- --no-op
command:
- /usr/bin/container-disk
image: quay.io/openshift-cnv/qe-cnv-tests-fedora:41@sha256:a91659fba4e0258dda1be076dd6e56e34d9bf3dce082e57f939994ce0f124348
imagePullPolicy: IfNotPresent
name: volumecontainerdisk-init
resources:
limits:
cpu: 10m
memory: 40M
requests:
cpu: 1m
ephemeral-storage: 50M
memory: 1M
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
runAsUser: 107
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/kubevirt-ephemeral-disks/container-disk-data/19cd7d85-5056-4f03-b2ff-743502d57fd3
name: container-disks
- mountPath: /usr/bin
name: virt-bin-share-dir
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
nodeName: net-asiazk-420-9mz9w-worker-0-kzm5p
nodeSelector:
kubernetes.io/arch: amd64
kubevirt.io/schedulable: "true"
machine-type.node.kubevirt.io/pc-q35-rhel9.6.0: "true"
preemptionPolicy: PreemptLowerPriority
priority: 0
readinessGates:
- conditionType: kubevirt.io/virtual-machine-unpaused
restartPolicy: Never
schedulerName: default-scheduler
securityContext:
fsGroup: 107
runAsGroup: 107
runAsNonRoot: true
runAsUser: 107
seccompProfile:
localhostProfile: kubevirt/kubevirt.json
type: Localhost
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 60
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
- effect: NoSchedule
key: node.kubernetes.io/memory-pressure
operator: Exists
volumes:
- emptyDir: {}
name: workload-socket
- emptyDir: {}
name: credential-socket
- emptyDir: {}
name: workload-certs
- emptyDir:
medium: Memory
name: istio-envoy
- emptyDir: {}
name: istio-data
- downwardAPI:
defaultMode: 420
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.labels
path: labels
- fieldRef:
apiVersion: v1
fieldPath: metadata.annotations
path: annotations
name: istio-podinfo
- name: istio-token
projected:
defaultMode: 420
sources:
- serviceAccountToken:
audience: istio-ca
expirationSeconds: 43200
path: istio-token
- configMap:
defaultMode: 420
name: istio-ca-root-cert
name: istiod-ca-cert
- emptyDir: {}
name: private
- emptyDir: {}
name: public
- emptyDir: {}
name: sockets
- emptyDir: {}
name: virt-bin-share-dir
- emptyDir: {}
name: libvirt-runtime
- emptyDir: {}
name: ephemeral-disks
- emptyDir: {}
name: container-disks
- emptyDir: {}
name: hotplug-disks
- name: kube-api-access-wcssc
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
- configMap:
items:
- key: service-ca.crt
path: service-ca.crt
name: openshift-service-ca.crt
status:
conditions:
- lastProbeTime: "2025-09-17T07:31:43Z"
lastTransitionTime: "2025-09-17T07:31:43Z"
message: the virtual machine is not paused
reason: NotPaused
status: "True"
type: kubevirt.io/virtual-machine-unpaused
- lastProbeTime: null
lastTransitionTime: "2025-09-17T07:31:44Z"
status: "True"
type: PodReadyToStartContainers
- lastProbeTime: null
lastTransitionTime: "2025-09-17T07:31:48Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2025-09-17T07:31:51Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2025-09-17T07:31:51Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2025-09-17T07:31:43Z"
status: "True"
type: PodScheduled
containerStatuses:
- allocatedResources:
cpu: 100m
devices.kubevirt.io/kvm: "1"
devices.kubevirt.io/tun: "1"
devices.kubevirt.io/vhost-net: "1"
ephemeral-storage: 50M
memory: 1294Mi
containerID: cri-o://213519b35dc517cf80d52eb131a081856d780d7f4b02e7faa4a501d5d9ac1c0c
image: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:1c128ba0c85294a6de7ee6055b8490f8082ac49117c24cd64e1acca872362232
imageID: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:122f2724db9a8370760ed3060edb7b2546a5d7e2f98d2a02f9f7b0aba29315ec
lastState: {}
name: compute
ready: true
resources:
limits:
devices.kubevirt.io/kvm: "1"
devices.kubevirt.io/tun: "1"
devices.kubevirt.io/vhost-net: "1"
requests:
cpu: 100m
devices.kubevirt.io/kvm: "1"
devices.kubevirt.io/tun: "1"
devices.kubevirt.io/vhost-net: "1"
ephemeral-storage: 50M
memory: 1294Mi
restartCount: 0
started: true
state:
running:
startedAt: "2025-09-17T07:31:48Z"
user:
linux:
gid: 107
supplementalGroups:
- 107
- 36
uid: 107
volumeMounts:
- mountPath: /var/run/kubevirt-private
name: private
- mountPath: /var/run/kubevirt
name: public
- mountPath: /var/run/kubevirt-ephemeral-disks
name: ephemeral-disks
- mountPath: /var/run/libvirt
name: libvirt-runtime
- mountPath: /var/run/kubevirt/sockets
name: sockets
- mountPath: /var/run/kubevirt/container-disks
name: container-disks
- mountPath: /var/run/kubevirt/hotplug-disks
name: hotplug-disks
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
recursiveReadOnly: Disabled
- allocatedResources:
cpu: 100m
memory: 128Mi
containerID: cri-o://56c3cb8b14a298b9db0fcf9eb1d129e994912707bb6a42df56eda985bdd68391
image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:26747627ae22bbdffcf9de58077454fc0c890cda83659d7834b15dea2b5aaaf2
imageID: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:26747627ae22bbdffcf9de58077454fc0c890cda83659d7834b15dea2b5aaaf2
lastState: {}
name: istio-proxy
ready: true
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
restartCount: 0
started: true
state:
running:
startedAt: "2025-09-17T07:31:49Z"
user:
linux:
gid: 1000829999
supplementalGroups:
- 1000829999
- 107
uid: 1000829999
volumeMounts:
- mountPath: /var/run/secrets/workload-spiffe-uds
name: workload-socket
- mountPath: /var/run/secrets/credential-uds
name: credential-socket
- mountPath: /var/run/secrets/workload-spiffe-credentials
name: workload-certs
- mountPath: /var/run/secrets/istio
name: istiod-ca-cert
- mountPath: /var/lib/istio/data
name: istio-data
- mountPath: /etc/istio/proxy
name: istio-envoy
- mountPath: /var/run/secrets/tokens
name: istio-token
- mountPath: /etc/istio/pod
name: istio-podinfo
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
recursiveReadOnly: Disabled
- allocatedResources:
cpu: 1m
ephemeral-storage: 50M
memory: 1M
containerID: cri-o://b75cdc4b8a641a7811946aa1706546582a394708da1fd6150d481ab883ac22de
image: quay.io/openshift-cnv/qe-cnv-tests-fedora@sha256:a91659fba4e0258dda1be076dd6e56e34d9bf3dce082e57f939994ce0f124348
imageID: quay.io/openshift-cnv/qe-cnv-tests-fedora@sha256:a91659fba4e0258dda1be076dd6e56e34d9bf3dce082e57f939994ce0f124348
lastState: {}
name: volumecontainerdisk
ready: true
resources:
limits:
cpu: 10m
memory: 40M
requests:
cpu: 1m
ephemeral-storage: 50M
memory: 1M
restartCount: 0
started: true
state:
running:
startedAt: "2025-09-17T07:31:49Z"
user:
linux:
gid: 107
supplementalGroups:
- 107
uid: 107
volumeMounts:
- mountPath: /var/run/kubevirt-ephemeral-disks/container-disk-data/19cd7d85-5056-4f03-b2ff-743502d57fd3
name: container-disks
- mountPath: /usr/bin
name: virt-bin-share-dir
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
recursiveReadOnly: Disabled
hostIP: 192.168.3.111
hostIPs:
- ip: 192.168.3.111
initContainerStatuses:
- allocatedResources:
cpu: 100m
memory: 128Mi
containerID: cri-o://71b2247c5a0c27d9801c41f1053fc5136dcdc9f2c4454e3c987e8a733187de19
image: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:26747627ae22bbdffcf9de58077454fc0c890cda83659d7834b15dea2b5aaaf2
imageID: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:26747627ae22bbdffcf9de58077454fc0c890cda83659d7834b15dea2b5aaaf2
lastState: {}
name: istio-validation
ready: true
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi
restartCount: 0
started: false
state:
terminated:
containerID: cri-o://71b2247c5a0c27d9801c41f1053fc5136dcdc9f2c4454e3c987e8a733187de19
exitCode: 0
finishedAt: "2025-09-17T07:31:44Z"
reason: Completed
startedAt: "2025-09-17T07:31:44Z"
user:
linux:
gid: 1000829999
supplementalGroups:
- 1000829999
- 107
uid: 1000829999
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
recursiveReadOnly: Disabled
- allocatedResources:
cpu: 5m
memory: 35M
containerID: cri-o://fcd6aa24bda12a6db23674afadcba41e02164842f0d29eeb31f9c458fea7d7b0
image: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:1c128ba0c85294a6de7ee6055b8490f8082ac49117c24cd64e1acca872362232
imageID: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:122f2724db9a8370760ed3060edb7b2546a5d7e2f98d2a02f9f7b0aba29315ec
lastState: {}
name: guest-console-log
ready: true
resources:
limits:
cpu: 15m
memory: 60M
requests:
cpu: 5m
memory: 35M
restartCount: 0
started: true
state:
running:
startedAt: "2025-09-17T07:31:45Z"
user:
linux:
gid: 107
supplementalGroups:
- 107
- 36
uid: 107
volumeMounts:
- mountPath: /var/run/kubevirt-private
name: private
readOnly: true
recursiveReadOnly: Disabled
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
recursiveReadOnly: Disabled
- allocatedResources:
cpu: 10m
memory: 1M
containerID: cri-o://46d9e0a2cd1c6a83270dd42bae22e9717453745dfcbbfcede913d32affeb217b
image: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:1c128ba0c85294a6de7ee6055b8490f8082ac49117c24cd64e1acca872362232
imageID: registry.redhat.io/container-native-virtualization/virt-launcher-rhel9@sha256:122f2724db9a8370760ed3060edb7b2546a5d7e2f98d2a02f9f7b0aba29315ec
lastState: {}
name: container-disk-binary
ready: true
resources:
limits:
cpu: 100m
memory: 40M
requests:
cpu: 10m
memory: 1M
restartCount: 0
started: false
state:
terminated:
containerID: cri-o://46d9e0a2cd1c6a83270dd42bae22e9717453745dfcbbfcede913d32affeb217b
exitCode: 0
finishedAt: "2025-09-17T07:31:45Z"
reason: Completed
startedAt: "2025-09-17T07:31:45Z"
user:
linux:
gid: 107
supplementalGroups:
- 107
- 36
uid: 107
volumeMounts:
- mountPath: /init/usr/bin
name: virt-bin-share-dir
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
recursiveReadOnly: Disabled
- allocatedResources:
cpu: 1m
ephemeral-storage: 50M
memory: 1M
containerID: cri-o://b146429ffa81f34163be3871b6e8fb73179592b0a60525be3bb6a7f76039e6ad
image: quay.io/openshift-cnv/qe-cnv-tests-fedora@sha256:a91659fba4e0258dda1be076dd6e56e34d9bf3dce082e57f939994ce0f124348
imageID: quay.io/openshift-cnv/qe-cnv-tests-fedora@sha256:a91659fba4e0258dda1be076dd6e56e34d9bf3dce082e57f939994ce0f124348
lastState: {}
name: volumecontainerdisk-init
ready: true
resources:
limits:
cpu: 10m
memory: 40M
requests:
cpu: 1m
ephemeral-storage: 50M
memory: 1M
restartCount: 0
started: false
state:
terminated:
containerID: cri-o://b146429ffa81f34163be3871b6e8fb73179592b0a60525be3bb6a7f76039e6ad
exitCode: 0
finishedAt: "2025-09-17T07:31:48Z"
reason: Completed
startedAt: "2025-09-17T07:31:47Z"
user:
linux:
gid: 107
supplementalGroups:
- 107
uid: 107
volumeMounts:
- mountPath: /var/run/kubevirt-ephemeral-disks/container-disk-data/19cd7d85-5056-4f03-b2ff-743502d57fd3
name: container-disks
- mountPath: /usr/bin
name: virt-bin-share-dir
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-wcssc
readOnly: true
recursiveReadOnly: Disabled
phase: Running
podIP: 10.129.2.140
podIPs:
- ip: 10.129.2.140
qosClass: Burstable
startTime: "2025-09-17T07:31:43Z"
- causes
-
-
- Closed
-
- links to