-
Bug
-
Resolution: Done
-
Major
-
None
-
OSSM 2.3.0
-
None
-
False
-
None
-
False
-
Sprint 58 - week 2 and 3
T15 always fail with OSSM-2.3.0.
The configuration of the istio egress Gateway mTLS origination does not work as upstream doc:
https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway-tls-origination/#perform-mutual-tls-origination-with-an-egress-gateway
When following the upstream egress Gateway steps above, the TLS origination works fine on OCP OSSM.
However, the mTLS origination does not return the expected "Welcome to nginx" response.
Build info Maistra istio operator iib:
registry-proxy.engineering.redhat.com/rh-osbs/iib:331915
Reference: test log
time="2022-10-04T17:21:11Z" level=info msg="Running command kubectl apply -n istio-system -f /tmp/kubeapply208508630.yaml"
time="2022-10-04T17:21:12Z" level=info msg="Command output: \ndestinationrule.networking.istio.io/originate-mtls-for-nginx created"
time="2022-10-04T17:21:22Z" level=info msg="Verify NGINX server"
egress_gateways_tls_file_mount.go:174: Expected Welcome to nginx; Got unexpected response: upstream connect error or disconnect/reset before headers. retried and the latest reset reason: connection failure, transport failure reason: TLS error: 337047686:SSL routines:tls_process_server_certificate:certificate verify failed
time="2022-10-04T17:21:22Z" level=error msg="Expected Welcome to nginx; Got unexpected response: upstream connect error or disconnect/reset before headers. retried and the latest reset reason: connection failure, transport failure reason: TLS error: 337047686:SSL routines:tls_process_server_certificate:certificate verify failed"
time="2022-10-04T17:21:22Z" level=info msg=Cleanup
time="2022-10-04T17:21:22Z" level=info msg="Running command kubectl delete -n istio-system -f /tmp/kubedelete958500413.yaml"
time="2022-10-04T17:21:22Z" level=info msg="Running command kubectl delete -n bookinfo -f /tmp/kubedelete081409144.yaml"
time="2022-10-04T17:21:23Z" level=info msg="Running command kubectl -n istio-system rollout undo deploy istio-egressgateway"
time="2022-10-04T17:21:23Z" level=info msg="Command output: \nWarning: spec.template.spec.containers[0].env[17].name: duplicate name \"ISTIO_META_UNPRIVILEGED_POD\"\nWarning: spec.template.spec.containers[0].env[18].name: duplicate name \"ISTIO_META_DNS_AUTO_ALLOCATE\"\nWarning: spec.template.spec.containers[0].env[19].name: duplicate name \"ISTIO_META_DNS_CAPTURE\"\nWarning: spec.template.spec.containers[0].env[20].name: duplicate name \"PROXY_XDS_VIA_AGENT\"\nWarning: would violate PodSecurity \"restricted:v1.24\": seccompProfile (pod or container \"istio-proxy\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\")\ndeployment.apps/istio-egressgateway rolled back"
time="2022-10-04T17:21:43Z" level=info msg="Running command oc wait --for condition=Ready -n istio-system smcp/basic --timeout 180s"
time="2022-10-04T17:21:43Z" level=info msg="Command output: \nservicemeshcontrolplane.maistra.io/basic condition met"
time="2022-10-04T17:21:43Z" level=info msg="Running command kubectl -n istio-system rollout history deploy istio-egressgateway"
time="2022-10-04T17:21:43Z" level=info msg="Command output: \ndeployment.apps/istio-egressgateway \nREVISION CHANGE-CAUSE\n1 <none>\n2 <none>\n4 <none>\n5 <none>\n"
time="2022-10-04T17:21:43Z" level=info msg="Running command kubectl delete -n istio-system secret nginx-client-certs"
time="2022-10-04T17:21:43Z" level=info msg="Command output: \nsecret \"nginx-client-certs\" deleted"
time="2022-10-04T17:21:43Z" level=info msg="Running command kubectl delete -n istio-system secret nginx-ca-certs"
time="2022-10-04T17:21:43Z" level=info msg="Command output: \nsecret \"nginx-ca-certs\" deleted"
time="2022-10-04T17:21:43Z" level=info msg="Running command kubectl delete -n bookinfo -f /tmp/kubedelete185632631.yaml"
time="2022-10-04T17:21:43Z" level=info msg="Running command kubectl delete -n bookinfo -f /tmp/kubedelete379878506.yaml"
time="2022-10-04T17:21:43Z" level=info msg="Cleanup Nginx"
time="2022-10-04T17:21:43Z" level=info msg="Running command kubectl delete -n bookinfo -f ../testdata/examples/x86/nginx/nginx.yaml"
time="2022-10-04T17:21:44Z" level=info msg="Running command kubectl delete configmap nginx-configmap -n bookinfo"
time="2022-10-04T17:21:44Z" level=info msg="Command output: \nconfigmap \"nginx-configmap\" deleted"
time="2022-10-04T17:21:44Z" level=info msg="Running command kubectl delete secret nginx-server-certs -n bookinfo"
time="2022-10-04T17:21:44Z" level=info msg="Command output: \nsecret \"nginx-server-certs\" deleted"
time="2022-10-04T17:21:44Z" level=info msg="Running command kubectl delete secret nginx-ca-certs -n bookinfo"
time="2022-10-04T17:21:44Z" level=info msg="Command output: \nsecret \"nginx-ca-certs\" deleted"
time="2022-10-04T17:21:54Z" level=info msg="Removing Sleep on namespace bookinfo"
time="2022-10-04T17:21:54Z" level=info msg="Running command kubectl delete -n bookinfo -f ../testdata/examples/x86/sleep/sleep.yaml"
time="2022-10-04T17:21:54Z" level=info msg="Running command oc -n bookinfo wait --for=delete -l app=sleep pods --timeout=30s"
— FAIL: T15 (182.01s)
— PASS: T15/TrafficManagement_egress_gateway_perform_TLS_origination (51.89s)
— FAIL: T15/TrafficManagement_egress_gateway_perform_MTLS_origination (52.39s)
- relates to
-
OSSM-755 Istio Integration tests are failing when executed in maistra-builder image
- Closed