OpenShift
By default, OpenShift doesn’t allow containers running with user ID 0. You must enable containers running with UID 0 for Istio’s service accounts by running the command below. Make sure to replace if you are deploying Istio in another namespace:
After installation is complete, expose an OpenShift route for the ingress gateway.
$ oc adm policy add-scc-to-group anyuid system:serviceaccounts:<target-namespace>
When removing your application, remove the permissions as follows.
Additional requirements for the application namespace
$ cat <<EOF | oc -n <target-namespace> create -f -
metadata:
EOF
When removing your application, remove the NetworkAttachmentDefinition
as follows.