Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-4559

Panic in conversion of extensionProviders.envoyExtAuthzHttp

XMLWordPrintable

      Description of problem:

      The SMCP was not able to upgarde to 2.4 successfully.  istio-operator is in crashloopbackoff Logs are as below:

~~~
Observed a panic: &runtime.TypeAssertionError{_interface:(*runtime._type)(0x15f5da0), concrete:(*runtime._type)(0x15be340), asserted:(*runtime._type)(0x15ba980), missingMethod:""} (interface conversion: interface {} is string, not int64)
goroutine 2039 [running]:
k8s.io/apimachinery/pkg/util/runtime.logPanic({0x1638920?, 0xc003229dd0})
        /remote-source/istio-operator/app/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:74 +0x99
k8s.io/apimachinery/pkg/util/runtime.HandleCrash({0x0, 0x0, 0xc0017dc1c0?})
        /remote-source/istio-operator/app/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:48 +0x75
panic({0x1638920, 0xc003229dd0})
        /usr/lib/golang/src/runtime/panic.go:884 +0x212
github.com/maistra/istio-operator/pkg/apis/maistra/conversion.populateExtensionProvidersConfig(0xc002318980?, 0xc000a14218)
~~~

      Version-Release number of selected component (if applicable):

      2.4.0

      How reproducible:

      Always

      Steps to Reproduce:

      1. oc edit smcp < smcp-name > 

2. Add the below spec to smcp

~~~
spec:
  addons:
    grafana:
      enabled: true
    jaeger:
      install:
        storage:
          type: Memory
    kiali:
      enabled: true
    prometheus:
      enabled: true
  policy:
    type: Istiod
  profiles:
    - default
  techPreview:
    meshConfig:
      extensionProviders:
        - envoyExtAuthzGrpc:
            includeRequestBodyInCheck:
              allow_partial_message: true
              maxRequestBytes: 10240
              packAsBytes: true
            port: '9090'
            service: iko-authorization.iko-lab-istio.svc.cluster.local
          name: iko-authz-grpc
        - envoyExtAuthzHttp:
            headersToDownstreamOnDeny:
              - Session-Status
              - x-ext-authz-check-result
            headersToUpstreamOnAllow:
              - Authorization
              - Session-Status
              - x-ext-authz-check-result
              - x-ext-authz-check-received
              - x-ext-authz-additional-header-override
            includeRequestBodyInCheck:
              allow_partial_message: false
              maxRequestBytes: 10240
            includeRequestHeadersInCheck:
              - sid
              - hmac
              - ssl_client_s_dn
            pathPrefix: /check
            port: '8080'
            service: iko-authorization.iko-lab-istio.svc.cluster.local
          name: iko-authz-http
  telemetry:
    type: Istiod
  tracing:
    sampling: 10000
    type: Jaeger
  version: v2.3
~~~

3. After the above smcp has been configued then change the version from v2.3 to v2.4

4. The SMCP upgrade is not completed and we observe the pods istio-operator in CrashLoopbackoff with the above logs.

      Actual results:

       

      Expected results:

       

      Additional info:

       

              mluksa@redhat.com Marko Luksa
              hepatil Hemant Patil (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: