Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-931

Auto injection fails and sidecar does not get ready after manually injecting

    Details

    • Type: Bug
    • Status: New (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: maistra-0.12.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      Describe the bug:

      Fresh install and tried to verify the install with the Bookinfo sample app.

      Auto injection did not work and after manually injecting the istio-proxy gives an error and does not get ready:

      2019-09-10T10:10:31.566346Z info Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected

      [2019-09-10 10:10:31.704][22][warning][config] [bazel-out/k8-opt/bin/external/envoy/source/common/config/_virtual_includes/grpc_stream_lib/common/config/grpc_stream.h:86] gRPC config stream closed: 14, upstream connect error or disconnect/reset before headers. reset reason: connection failure

      The pilot is running without errors.

      Another pod failed with:

      Error creating: Internal error occurred: failed calling admission webhook "sidecar-injector.istio.io": Post https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "cluster.local")

      Expected behaviour:
      Sidecar is injecting and starting

      Steps to reproduce the bug:

      Follow https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html/service_mesh_install/service-mesh-installation

      and try to install the sample application

      Version:

      v1.11.0+d4cacc0
      OKD v3.11.0+ec8630f-265
      maistra 0.12.0-4

      Installation:

      https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html/service_mesh_install/service-mesh-installation

      Followed the documentation and pushed with the below settings:

      apiVersion: maistra.io/v1
      kind: ServiceMeshControlPlane
      metadata:
      name: minimal-install
      spec:
      istio:
      global:
      proxy:

      1. constrain resources for use in smaller environments
        resources:
        requests:
        cpu: 100m
        memory: 128Mi
        limits:
        cpu: 500m
        memory: 128Mi
        proxy_init:
        image: proxy-init-centos7
        gateways:
        istio-egressgateway:
      2. disable autoscaling for use in smaller environments
        autoscaleEnabled: false
        istio-ingressgateway:
      3. disable autoscaling for use in smaller environments
        autoscaleEnabled: false

      mixer:
      policy:

      1. disable autoscaling for use in smaller environments
        autoscaleEnabled: false

      telemetry:

      1. disable autoscaling for use in smaller environments
        autoscaleEnabled: false
      2. constrain resources for use in smaller environments
        resources:
        requests:
        cpu: 100m
        memory: 1G
        limits:
        cpu: 500m
        memory: 4G

      pilot:

      1. disable autoscaling for use in smaller environments
        autoscaleEnabled: false
      2. increase random sampling rate for development/testing
        traceSampling: 100.0

      kiali:
      dashboard:
      user: admin
      passphrase: admin

      1. disable grafana
        grafana:
        enabled: false
      1. to disable tracing (i.e. jaeger)
        tracing:
        enabled: false
        jaeger:
      2. simple, all-in-one strategy
        template: all-in-one
      3. production strategy, utilizing elasticsearch
        #template: production-elasticsearch
      4. if required. only one instance may use agentStrategy=DaemonSet
        #agentStrategy: DaemonSet

      oc new-project myproject
      oc adm policy add-scc-to-user anyuid -z default -n myproject
      oc adm policy add-scc-to-user privileged -z default -n myproject
      oc apply -n myproject -f https://raw.githubusercontent.com/Maistra/bookinfo/master/bookinfo.yaml

      Environment
      CentOS Linux release 7.6.1810 (Core)
      VmWare Cloud

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                tillknuesting Till Knuesting
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: