Open stunn3r-kloud opened 6 years ago
I encountered same problem...
istioctl version: 0.8.0 kubectl version
Client Version: v1.10.3 Server Version: v1.10.3
I created k8s cluster by kubeadm.
The stacktrace points to an assert that checks if the provided certificate has either Common Name or Subject Alternative Name(s). It seems that the certificate you're trying to use doesn't have either, and Envoy refuses to use it (I admit that this isn't the most user friendly startup error).
What's the source of your certificate?
Is this a BUG or FEATURE REQUEST?: BUG
Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?: YES
Bug: Y
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
istioctl version - 0.7.1 kubectl version
Client Version: v1.8.6", Server Version: v1.9.3-gke
Is Istio Auth enabled or not ? Did you install the stable istio.yaml, istio-auth.yaml.... or if using the Helm chart please provide full command line input. Tried with both Auth and without auth
What happened: after deploying istio using "istio.yaml" or "istio-auth.yaml" I created "istio-ingress-certs" needed by "istio-ingress" deployment and to be further used with kubernetes "ingress" resource. After creating certs as I created the "ingress" with TLS, istio-ingress pod went into panic mode as it couldnt reconcile the configuration and restarted when budget got from 10 to 0. After restart it again fails to reconcile configuration and goes into restart-loop This loop breaks as soon as I remove TLS from the "ingress" resource.
Here are the istio-ingress pod logs: