Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-6289

Enabling "validationMessages" in the SMCP causes istiod pod to log errors and never get into ready state

XMLWordPrintable

      When I create SMCP on 2.5.1 with `spec.general.validationMessages=true`, the istiod pod contains errors:

      2024-04-10T12:44:58.182906Z error watch error in cluster : failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:istio-system:istiod-basic" cannot list resource "namespaces" in API group "" at the cluster scope
      2024-04-10T12:45:00.815466Z warn discovery is not ready
      

      and it never gets into Ready state.
      Full log: istiod-basic-6866c66b75-h9xrm-discovery.clean_install.log

      However, when I upgrade from SMCP v2.4 -> SMCP v2.5, there are some errors like

      2024-04-10T12:34:54.962804Z error watch error in cluster : failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:istio-system:istiod-basic" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
      

      but istiod pod is running and in a Ready state.
      Full log: istiod-basic-5bf748c984-zb2nd-discovery.after_upgrade.log

              mluksa@redhat.com Marko Luksa
              mkralik@redhat.com Matej Kralik
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: