The Installation of the Knative Istio controller aborts on a private cluster

[Miles-Ahead-Digital]

Describe the bug The Installation of the Knative Istio controller aborts on a private cluster.

Error from server (InternalError): error when creating "https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml": Internal error occurred: failed calling webhook "config.webhook.serving.knative.dev": Post https://webhook.knative-serving.svc:443/config-validation?timeout=10s: dial tcp 10.20.2.5:8443: i/o timeout

The networking-istio Pod fails with: Failed to start configuration manager

Expected behavior Installation process works

To Reproduce Steps to reproduce the behavior. 1.) create cluster:

gcloud container clusters create private-cluster-1 \
    --create-subnetwork name=my-subnet-1 \
    --enable-master-authorized-networks \
    --enable-ip-alias \
    --enable-private-nodes \
    --master-authorized-networks="$(curl -s https://icanhazip.com/)/32" \
    --master-ipv4-cidr 172.16.0.0/28 \
    --machine-type=n2-standard-2 --max-nodes=3 --min-nodes=1

2.) install istio conforming https://istio.io/latest/docs/setup/install/istioctl/ Verion 1.9.1

istioctl install

kubectl apply --filename https://github.com/knative/serving/releases/download/v0.21.0/serving-crds.yaml
kubectl apply --filename https://github.com/knative/serving/releases/download/v0.21.0/serving-core.yaml

kubectl apply --filename https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml

Error from server (InternalError): error when creating "https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml": Internal error occurred: failed calling webhook "config.webhook.serving.knative.dev": Post https://webhook.knative-serving.svc:443/config-validation?timeout=10s: dial tcp 10.20.2.5:8443: i/o timeout

Knative-GCP release version v0.21.0

Additional context If the cluster is not private the installation works

[zhongduo]

Maybe open an issue in net-istio instead: https://github.com/knative-sandbox/net-istio/issues

On Wed, Mar 10, 2021 at 2:24 PM Stefan Klose @.***> wrote:

Describe the bug The Installation of the Knative Istio controller aborts on a private cluster.

Error from server (InternalError): error when creating " https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml": Internal error occurred: failed calling webhook " config.webhook.serving.knative.dev": Post https://webhook.knative-serving.svc:443/config-validation?timeout=10s: dial tcp 10.20.2.5:8443: i/o timeout

The networking-istio Pod fails with: Failed to start configuration manager

Expected behavior Installation process works

To Reproduce Steps to reproduce the behavior. 1.) create cluster:

gcloud container clusters create private-cluster-1 --create-subnetwork name=my-subnet-1 --enable-master-authorized-networks --master-authorized-networks="$(curl -s https://icanhazip.com/)/32" --enable-ip-alias --enable-private-nodes --master-ipv4-cidr 172.16.0.0/28

2.) kubectl apply --filename https://github.com/knative/serving/releases/download/v0.21.0/serving-crds.yaml kubectl apply --filename https://github.com/knative/serving/releases/download/v0.21.0/serving-core.yaml kubectl apply --filename https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml

Knative-GCP release version v0.21.0

Additional context If the cluster is not private the installation works

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/google/knative-gcp/issues/2174, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACE6CNAOMLYWMJWBVEQKJE3TC7BOFANCNFSM4Y6WYLJQ .

[Miles-Ahead-Digital]

https://github.com/knative-sandbox/net-istio/issues/543