Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-2079

pilot not running and cannot deploy bookinfo after patch SMCP tls specs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • maistra-2.0.1.1
    • openshift
    • None
    • False
    • False
    • +
    • Undefined

      istio operator podlocality-controller Error updating pod's labels: Operation cannot be fulfilled on bookinfo pods

      Build Info:
      OCP 4.6.9
      Istio operator 2.0.1.1 registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:46a29f91e6bc83beee46431b36177f3afe4b98830be6bac2010dcde65bc04a9f
      SMCP v2.0

      How to reproduce:
      1. Deploy OSSM 2.0.1.1 operators and v2.0 SMCP on an OCP 4.6
      2. Create bookinfo ns and add it into a SMMR
      3. Enable mTLS by a patch :

      kubectl patch -n istio-system smcp/basic-install --type merge -p '{"spec":{"security":{"dataPlane":{"mtls":true},"controlPlane":{"mtls":true}}}}'

      4. Update SMCP spec.security.controlPlane.tls by a patch:

      kubectl patch -n istio-system smcp/basic-install --type merge -p '{"spec":{"security":{"controlPlane":{"tls":{"minProtocolVersion":"TLSv1_2","maxProtocolVersion":"TLSv1_2","cipherSuites":["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"],"ecdhCurves":["CurveP256", "CurveP384"]}}}}}'

      5. Wait until all pods are running in SMCP ns
      6. Deploy bookinfo in bookinfo ns

      I see there is no pod in bookinfo and error messages in istio-operator pod log:

            Unassigned Unassigned
            yuaxu@redhat.com Yuanlin Xu
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: