We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(NOTE: This is used to report product bugs: To report a security vulnerability, please visit https://istio.io/about/security-vulnerabilities/ To ask questions about how to use Istio, please visit https://discuss.istio.io )
Bug description
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure [ ] Docs [ ] Installation [ ] Networking [ ] Performance and Scalability [ ] Policies and Telemetry [x] Security [ ] Test and Release [ ] User Experience
Expected behavior The JWT public key resolver should handle network error with retry logic, and shouldn't delete cached public key for network error.
Steps to reproduce the bug
Version (include the output of istioctl version --remote and kubectl version) 1.0, 1.1, 1.2 and master
istioctl version --remote
kubectl version
How was Istio installed? GKE Istio-addon (1.0)
Environment where bug was observed (cloud vendor, OS, etc)
Additionally, please consider attaching a cluster state archive by attaching the dump file to this issue.
The text was updated successfully, but these errors were encountered:
/cc @wenchenglu @liminw @duderino @ellis-bigelow
Sorry, something went wrong.
Some follow-up work:
Report metrics about public key refresh failure, that would give customers enough time to fix some network and idp setup issue.
Make this how long the old public key will be kept) configurable, customers can set their own default based on their need.
yangminzhu
No branches or pull requests
(NOTE: This is used to report product bugs:
To report a security vulnerability, please visit https://istio.io/about/security-vulnerabilities/
To ask questions about how to use Istio, please visit https://discuss.istio.io
)
Bug description
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[x] Security
[ ] Test and Release
[ ] User Experience
Expected behavior
The JWT public key resolver should handle network error with retry logic, and shouldn't delete cached public key for network error.
Steps to reproduce the bug
Version (include the output of
istioctl version --remote
andkubectl version
)1.0, 1.1, 1.2 and master
How was Istio installed?
GKE Istio-addon (1.0)
Environment where bug was observed (cloud vendor, OS, etc)
Additionally, please consider attaching a cluster state archive by attaching
the dump file to this issue.
The text was updated successfully, but these errors were encountered: