Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-2649

OSSM 2.1 error inserting data for namespace: error when creating configmap istio-ca-root-cert: configmaps "istio-ca-root-cert" already exists

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • maistra-2.1.0
    • None
    • None
    • Sprint 9

      OSSM 2.1 error inserting data for namespace: error when creating configmap istio-ca-root-cert: configmaps "istio-ca-root-cert" already exists

      When I tested the adding external cert configuration [1] using a sleep sample in foo ns,

      [1] https://docs.openshift.com/container-platform/4.8/service_mesh/v2x/ossm-security.html#ossm-cert-manage_ossm-security

      The existing configmaps "istio-ca-root-cert" doesn't get cleanup after I delete the sleep deployment.
      The configmaps "istio-ca-root-cert" blocks all future SMCP custom root or ca cert configurations.

      istiod error log

      error inserting data for namespace: error when creating configmap istio-ca-root-cert: configmaps "istio-ca-root-cert" already exists

      How to reproduce :
      Try to test the adding external cert configuration [1] twice in a namespace "foo" and use a sample app sleep.
      The second run will fail and istiod log shows errors above.

      Expected behavior:
      User should be able to configure custom or external certs using SMCP spec configurations. An existing configmaps "istio-ca-root-cert" should be updated in member namespace instead of blocking a new cert insertion.

        1. istiod-basic-67b57bc74d-nqrqm-discovery.log
          11 kB
        2. sleep-6d646957b7-mcp6q-istio-proxy.log
          42 kB

              jsantana@redhat.com Jonh Wendell
              yuaxu@redhat.com Yuanlin Xu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: