When running the gateway deployment on openshift, the pod will fail to start unless I can override the values of runAsUser and runAsGroup and set them to blank - at which point it runs without errors.
However when the deployment is reconciled by the istio operator it will reconcile the values back to 1337 when I change them.
Is there some manner that I can override these and set them to empty?
I have added the following in the pilot component section of the istio operator CR:
pilot:
enabled: true
k8s:
securityContext:
runAsUser: 0
runAsGroup: 0
fsGroup: 0
env:
- name: ENABLE_LEGACY_FSGROUP_INJECTION
value: "false"
On the suggestion from another topic, I also tried running:
oc adm policy add-scc-to-group anyuid system:serviceaccounts:<gateway namespace>
Unfortunately, this also did not solve the issue.
Thanks very much!
Phil.