After Istio upgrade from 1.2.4 to 1.4.0, we see the Istio Init container getting into Init:CrashLoopBackOff. This is due to the restart of Init container even after the first successful run. From the logs of istio-init, we are able to see:

+ iptables -t nat -N ISTIO_REDIRECT
iptables: Chain already exists.

This error pointed to these issues in Github:

Even after adding securityContext privileged to true, we are still seeing the Init container gets into CrashLoopBackOff.

Any help would be great.

I think the answer in below issue nailed our problem. We are using docker system prune to remove the unused. K8s is removing the init container and restarting it. We have removed the cron that runs the prune, lets hope it resolves it.

But question is why this happening after Istio upgrade ?