Closed Boenan closed 11 months ago
can you share the iop configuration? there must be one named installed-state
in root namespace(istio-system).
may related to variant
.
I think this is expected. How did you inject that distroless proxy image? Looks like it's not injected by the current istiod. You may check the injector configmap to see the image value.
Istio is installed and managed with Helm so no iop exist.
We are not altering anything with the injector everything is standard.
Looking at the injector configmap we see:
- name: istio-proxy
image: "{{ .ProxyImage }}"
According to the Official Istio documentation, it's translates to:
${hub}/${image_name}/${tag}-${image_type}
Which is what we expect.
We set:
global.hub
→ company ECR repositoryproxyv2
(nothing we override so I guess it default value from global.proxy.image
)global.tag
→ 1.19.4 (default value, nothing we override)meshConfig.defaultConfig.imageType
→ distroless
company-ecr-rep/proxyv2:1.19.4-distroless
The generated image value is correct and it's working with no issue but we still see the warning message. If this is expected then the warning message is a bug?
Istio is installed and managed with Helm so no iop exist.
We are not altering anything with the injector everything is standard.
Looking at the injector configmap we see:
- name: istio-proxy image: "{{ .ProxyImage }}"
According to the Official Istio documentation, it's translates to:
${hub}/${image_name}/${tag}-${image_type}
Which is what we expect.
We set:
- ${hub} →
global.hub
→ company ECR repository- ${image_name} →
proxyv2
(nothing we override so I guess it default value fromglobal.proxy.image
)- ${tag} →
global.tag
→ 1.19.4 (default value, nothing we override)- ${image_type} →
meshConfig.defaultConfig.imageType
→distroless
company-ecr-rep/proxyv2:1.19.4-distroless
The generated image value is correct and it's working with no issue but we still see the warning message. If this is expected then the warning message is a bug?
Thanks for sharing the details. I guess there's a bug in the analysis message; I'll look into it.
Is this the right place to submit this?
Bug Description
We are encountering an IST0158 warning indicating a version mismatch between the Istio proxy images in the pods and the injection configuration. However, both the control-plane and data-plane are running the same version of Istio, suggesting that this warning might be incorrect or misleading.
Will focus on one deployment (httpbin) as the warning occurs for all deployments.
Proxy status:
Docker images:
Output when analysing:
Expected Behavior
No IST0158 warning should be present when the control-plane and data-plane versions match.
Any insights or guidance on this issue would be greatly appreciated. It's causing some confusion as to whether our Istio setup is correctly configured.
Version
Additional Information
Running with the following config:
CLI version:
The following Istio control plane revisions/versions were found in the cluster: Revision default:
The following proxy revisions/versions were found in the cluster:
Fetching logs for the following containers:
Running Istio analyze on all namespaces and report as below: Analysis Report: