Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?: Y
Bug:Y/N
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
istioctl version
(not using istioctl binary)
kubectl version --client --short
Client Version: v1.9.2
Is Istio Auth enabled or not ?
Did you install the stable istio.yaml, istio-auth.yaml.... or if using the Helm chart please provide full command line input.
helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set global.rbacEnabled=false
What happened:
On both Minikube and on AKS, the pilot pod is in ContainerCreating status perpetually.
Doing kubectl describe ${PILOT_POD}, I see the last two entries are:
Warning FailedMount 14m (x23 over 45m) kubelet, aks-agentpool-22784792-1 MountVolume.SetUp failed for volume "istio-certs" : secrets "istio.istio-pilot-service-account" not found
Warning FailedMount 12s (x20 over 43m) kubelet, aks-agentpool-22784792-1 Unable to mount volumes for pod "istio-pilot-556cf655c9-wdqsk_istio-system(db521473-6b3d-11e8-bed7-0649e3aaad46)": timeout expired waiting for volumes to attach/mount for pod "istio-system"/"istio-pilot-556cf655c9-wdqsk". list of unattached/unmounted volumes=[istio-certs]
This causes a helm install to time out (waiting forever for the pilot to be ready).
What you expected to happen:
I expect all Istio components to be running after running the helm install command above (with RBAC disabled) on AKS and minikube.
It seems it's trying to mount a service account as a secret, which doesn't really make sense to me. It can be seen in the pilot's Deployment yaml file:
Is this a BUG or FEATURE REQUEST?: BUG
Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?: Y
Bug: Y/N
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
Is Istio Auth enabled or not ? Did you install the stable istio.yaml, istio-auth.yaml.... or if using the Helm chart please provide full command line input.
helm install install/kubernetes/helm/istio --name istio --namespace istio-system --set global.rbacEnabled=false
What happened: On both Minikube and on AKS, the pilot pod is in
ContainerCreating
status perpetually.Doing
kubectl describe ${PILOT_POD}
, I see the last two entries are:This causes a helm install to time out (waiting forever for the pilot to be ready).
What you expected to happen: I expect all Istio components to be running after running the helm install command above (with RBAC disabled) on AKS and minikube.
It seems it's trying to mount a service account as a secret, which doesn't really make sense to me. It can be seen in the pilot's Deployment yaml file:
The Pilot's service account is wrapped in a check for rbacEnabled, so it will never be created.
How to reproduce it: Start minikube with:
Then run the helm install command from the
Istio 0.8.0
release folder: