Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-2649

OSSM 2.1 error inserting data for namespace: error when creating configmap istio-ca-root-cert: configmaps "istio-ca-root-cert" already exists

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • None
    • maistra-2.1.0
    • None
    • None
    • Sprint 9

    Description

      OSSM 2.1 error inserting data for namespace: error when creating configmap istio-ca-root-cert: configmaps "istio-ca-root-cert" already exists

      When I tested the adding external cert configuration [1] using a sleep sample in foo ns,

      [1] https://docs.openshift.com/container-platform/4.8/service_mesh/v2x/ossm-security.html#ossm-cert-manage_ossm-security

      The existing configmaps "istio-ca-root-cert" doesn't get cleanup after I delete the sleep deployment.
      The configmaps "istio-ca-root-cert" blocks all future SMCP custom root or ca cert configurations.

      istiod error log

      error inserting data for namespace: error when creating configmap istio-ca-root-cert: configmaps "istio-ca-root-cert" already exists

      How to reproduce :
      Try to test the adding external cert configuration [1] twice in a namespace "foo" and use a sample app sleep.
      The second run will fail and istiod log shows errors above.

      Expected behavior:
      User should be able to configure custom or external certs using SMCP spec configurations. An existing configmaps "istio-ca-root-cert" should be updated in member namespace instead of blocking a new cert insertion.

      Attachments

        Issue Links

          blocks

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MAISTRA-2242 Support different root certificates

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. MAISTRA-2630 ossm SMCP 2.0 and 2.1 adding an external ca cert failed in SMCP

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. OSSM-638 OSSM 2.1 error inserting data for namespace: error when creating configmap istio-ca-root-cert: configmaps "istio-ca-root-cert" already exists

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              jsantana@redhat.com Jonh Wendell
              yuaxu@redhat.com Yuanlin Xu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: