UNCLASSIFIED - NO CUI

anchore jobs hang with istio sidecars

BB version: 1.18.0 Anchore chart version: 1.14.7-bb.0

Summary: I recently upgraded a deployment from BB 1.13.1 to 1.18.0. Among many other changes, this included the addition of the istio-injection: enabled label on the anchore namespace. The anchore-engine-upgrade and ensure-anchore-db pods now hang waiting for sidecars to exit.

Logs and pod status indicate that the jobs themselves finish without error, but the sidecar containers are not shutting down which leaves the pods in the following state:

~ kubectl get pods -n anchore
NAME                                                  READY   STATUS     RESTARTS   AGE
...
anchore-engine-upgrade-rwrsq                          1/2     NotReady   0          42m
ensure-anchore-db-c8vwb                               1/2     NotReady   0          42m

I believe this commit to the anchore chart was intended to resolve the issue and should be included at/after v. 1.13.0-bb.8 - however, I am still experiencing the behavior at 1.14.7-bb.0.

Please let me know if there is more information I can provide.

UNCLASSIFIED - NO CUI