With the dev account got from my employer, the azure policy is getting enabled by default.Even if I disable that, after 2 or 3 min, it is getting enabled again.
This is the policy page of kubernetes
Because of this policy, not able to deploy any containers, the deployment is created but when we describe the replicaset, it is showing error as containers are not getting created due to root access.So we deployed with the below specification and it is working.
securityContext:
runAsUser: 999
runAsNonRoot: true
But when we try to setup istio now.
The istio labelled namespaces are not able to create side car containers.
Even when I try to install latest istio, it is getting stuck at the istiod deplyoment only.
istioctl install --set profile=demo -y
✔ Istio core installed
Processing resources for Istiod. Waiting for Deployment/istio-system/istiod
✔ Istio core installed
✘ Istiod encountered an error: failed to wait for resource: resources not ready after 5m0s: timed out waiting for the condition
Deployment/istio-system/istiod
✘ Ingress gateways encountered an error: failed to wait for resource: resources not ready after 5m0s: timed out waiting for the condition
Deployment/istio-system/istio-ingressgateway
✘ Egress gateways encountered an error: failed to wait for resource: resources not ready after 5m0s: timed out waiting for the condition
Deployment/istio-system/istio-egressgateway
- Pruning removed resources Error: failed to install manifests: errors occurred during operation
