Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Prometheus cert provisioning is broken on istio-1.5.0-beta.5 #21843
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
Steps to reproduce the bug
Version (include the output of
How was Istio installed?
Environment where bug was observed (cloud vendor, OS, etc)
Additionally, please consider attaching a cluster state archive by attaching
Cause for #21843: outputKeyCertToDir used by Prometheus cert provisioning reads its value from the environmental variable OUTPUT_KEY_CERT_TO_DIRECTORY. On release-1.5 branch, a commit in istio-1.5.0-beta.5 changes outputKeyCertToDir to read its value from the environmental variable OUTPUT_CERTS, which was not set in the Prometheus deployment.
The master branch does not have the problem in #21843 because the commit in istio-1.5.0-beta.5 that changes outputKeyCertToDir to read its value from the environmental variable OUTPUT_CERTS is only merged in the release-1.5 branch but not in the master branch.
For Istio 1.5.0 users, here's how to manually fix this issue:
When the deploy config is opened, find the
Wait for the new Prometheus instance to come up. Check the key and certificates are loaded by: