Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Blocker
Fix Version/s: None
Affects Version/s: OSSM 3.0-TP1
Component/s: Envoy, Sail Operator
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Git Pull Request:
https://github.com/envoyproxy/envoy-openssl/pull/251, https://github.com/openshift-service-mesh/proxy/pull/3
Steps to Reproduce:
Hide

checkout the release-1.23.0-redhat branch of the product istio fork

(optional) comment out the RunCase calls in tests/integration/pilot/common/traffic.go except for jwtClaimRoute

run the tests using the following command (notice we override the proxy image to the latest product build):

HUB=docker.io/istio TAG=1.23.0 gotestsum -f standard-verbose \ -- \ ./tests/integration/pilot \ -tags integ \ -test.run=TestTraffic \ -istio.test.skipVM=true \ -istio.test.skipWorkloads=tproxy \ -istio.test.ci=true \ -istio.test.env=kube \ -test.v=test2json \ -istio.test.openshift \ -istio.test.istio.enableCNI=true \ -istio.test.kube.helm.values=profile=openshift,global.platform=openshift,global.proxy.image=registry.redhat.io/openshift-service-mesh-tech-preview/istio-proxyv2-rhel9@sha256:e1f70499c125d796b469f468c503e989c85cb581bf16b397315eb0e4c6633218,global.proxy_init.image=registry.redhat.io/openshift-service-mesh-tech-preview/istio-proxyv2-rhel9@sha256:e1f70499c125d796b469f468c503e989c85cb581bf16b397315eb0e4c6633218

running the same tests without the proxy image override will succeed
Show
checkout the release-1.23.0-redhat branch of the product istio fork (optional) comment out the RunCase calls in tests/integration/pilot/common/traffic.go except for jwtClaimRoute run the tests using the following command (notice we override the proxy image to the latest product build): HUB=docker.io/istio TAG=1.23.0 gotestsum -f standard-verbose \ -- \ ./tests/integration/pilot \ -tags integ \ -test.run=TestTraffic \ -istio.test.skipVM=true \ -istio.test.skipWorkloads=tproxy \ -istio.test.ci=true \ -istio.test.env=kube \ -test.v=test2json \ -istio.test.openshift \ -istio.test.istio.enableCNI=true \ -istio.test.kube.helm.values=profile=openshift,global.platform=openshift,global.proxy.image=registry.redhat.io/openshift-service-mesh-tech-preview/istio-proxyv2-rhel9@sha256:e1f70499c125d796b469f468c503e989c85cb581bf16b397315eb0e4c6633218,global.proxy_init.image=registry.redhat.io/openshift-service-mesh-tech-preview/istio-proxyv2-rhel9@sha256:e1f70499c125d796b469f468c503e989c85cb581bf16b397315eb0e4c6633218 running the same tests without the proxy image override will succeed
Intelligence Requested:
Market:

Target Version:

OSSM 3.0-TP1

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Most of the jwt-claim-route tests in the pilot TestTraffic suite fail with productized proxy. The error in the proxy log is

2024-09-04T12:06:23.078917Z    warning    envoy config external/envoy/source/extensions/config_subscription/grpc/delta_subscription_state.cc:269    delta config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) virtualInbound: Provider 'origins-0' in jwt_authn config has invalid local jwks: Jwks RSA [n] or [e] field is missing or has a parse error
    thread=12

Assignee:: Dario Cillerai

Reporter:: Andrej Smigala

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/09/04 12:20 PM

Updated:: 2024/09/06 4:03 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates