Open yogeshgadge opened 2 weeks ago
Can istiod retrieve from my-outside-cluster-host.com ? I do have a ServiceEntry and Destination rule against this host. So why istiod not able to retieve from it.
Istiod does not use SE and DR when it retrive jwks
Is this the right place to submit this?
Bug Description
I have a request authentication deployed in my namespace
All my Auth requests fail with
Jwks doesn't have key to match kid or alg from Jwt.
errorUpon inspection of logs of istio-proxy inside my-app pod I see weird/old values of jwks
Note: example.com is not what t is - it is an outside cluster machine
Notice the
kid: abc
andn: RXJyb3ItSXN0aW9kRmFpbGVkVG9GZXRjaEp3a3NVcmkt
Further mystery
Error-IstiodFailedToFetchJwksUri-
wowSo I have following bugs to report:
1) Can istiod retrieve from my-outside-cluster-host.com ? I do have a ServiceEntry and Destination rule against this host. So why istiod not able to retieve from it.
2) Should the errors be obfustcated with bae64 ?
3) Why the deployment of such RequestAUthentication does not fail if it can't retrieve the jwks ?
At this time I am interested in getting solution/workaround for 1) fixed. Wondering if anybody has idea.
Version
Additional Information
No response