Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Istio fails to run when installed with ODH on IBM Cloud cluster #148

Open
eyalcha opened this issue Feb 26, 2024 · 6 comments
Open

[Bug]: Istio fails to run when installed with ODH on IBM Cloud cluster #148

eyalcha opened this issue Feb 26, 2024 · 6 comments
Labels
kind/bug Something isn't working

Comments

@eyalcha
Copy link

eyalcha commented Feb 26, 2024

ODH Component

ODH Operator

Current Behavior

Istio Ingress / Egress gateways fails on IBM Cloud cluster. If I patched it with runAsNonRoot: false all runs well.

Expected Behavior

Services should run

Steps To Reproduce

Install ODH 2.8.0 with servicemesh

Workaround (if any)

patched it with runAsNonRoot: false

What browsers are you seeing the problem on? (If applicable)

Chrome

Open Data Hub Version

2.8.0

Anything else

No
@eyalcha eyalcha added the kind/bug Something isn't working label Feb 26, 2024
@zdtsw
Copy link
Member

zdtsw commented Mar 14, 2024

I would not think this is a bug rather a different config in the cluster which not work with the standard offering of ODH.

plus, use Root to run container might bring some security concern.

@jiridanek
Copy link
Member

Random observation, I noticed service-ca operator has special manifest for deployment on IBM Cloud, https://github.com/openshift/service-ca-operator/blob/master/manifests/05_deploy-ibm-cloud-managed.yaml.

The same project recently configured the required-scc

Anyways, this issue is with https://github.com/maistra/istio-operator, if I am not mistaken. The gateways in the report are pods in the istio-system namespace, named something like istio-egressgateway-7c46668687-r8lzs, istio-ingressgateway-77f94d8f85-vzsq9.

@eyalcha Does the issue with the istio gateway pods startup/scheduling appear right after you install the servicemesh operator, even before you even install ODH on IBM Cloud?

What is the precise error message you are seeing? You haven't quoted a single message from the system in your bug report. Do you happen to see the Error: container has runAsNonRoot and image will run as root by any chance?

@eyalcha
Copy link
Author

eyalcha commented Apr 6, 2024

@jiridanek
I think the servicemesh now installed after installing ODH operator as part of the DCI. In any case, it happens after servicemesh is installed for the first time.
I don't have the precise error message now, will try to recreate the error.

@jiridanek
Copy link
Member

jiridanek commented Apr 8, 2024
edited
Loading

I got myself IBM cloud. Looking into community-operators catalogsource, I do see ODH, but I can't find version 2.8.0 there, only 2.10. I have OpenShift 4.15, maybe that's why, and I'd need 4.14 to be able to install older ODH.

image

The 2.10 version seems to have been installed correctly. From DSC status

  installedComponents:
    codeflare: false
    kserve: true
    trustyai: false
    ray: false
    kueue: false
    data-science-pipelines-operator: true
    workbenches: true
    model-registry-operator: false
    model-mesh: true
    dashboard: true
  phase: Ready

@jiridanek
Copy link
Member

@eyalcha any updates?

@zdtsw
Copy link
Member

zdtsw commented Aug 28, 2024

@eyalcha should we close this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jiridanek @zdtsw @eyalcha