New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EKS API server downtime may corrupt "istio-sidecar-injector"? #24388
Comments
Can you examine the cert being used? |
@howardjohn
|
Hm, looks like the cert there is the same as it has been for the last 100 days most likely. I wonder if this means either EKS is somehow not using the cert (seems unlikely) or the injector/galley started serving under a different cert but didn't update the webhook. Is both injection and validation broken? |
I don't see any non-manual restarts for that pods.
The injection is broken but I not fully sure about validation.
|
@howardjohn
|
@howardjohn
And Citadel up and fixed my issue. Looks like it was deployed from the start, but seems someone or me changed |
I am getting the same error. Where did you add security.enabled=true ? |
That bug may be a replication of #17718 or #20478 but they have closed and nothing from them helps with my issue.
I faced the issue with the
istio-sidecar-injector
on EKS. Before that issue, I got notification from Alertmanager that the EKS API server has short-time downtime.k8s describe of failed ReplicaSet :
Galley logs:
istio-sidecar-injector
pod logs:"10.132.26.79" is EKS API server IP.
Istio installed from Helm Chart and works like a charm about 109 days.
[X] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[ ] Policies and Telemetry
[X] Security
[ ] Test and Release
[X] User Experience
[ ] Developer Infrastructure
Steps to reproduce the bug
Run Istio in EKS until EKS API gets downtime.
Version (include the output of
istioctl version --remote
andkubectl version
andhelm version
if you used Helm)How was Istio installed?
Helm
Environment where bug was observed (cloud vendor, OS, etc)
AWS EKS: 1.14
The text was updated successfully, but these errors were encountered: