Istio template fails to install - certificate already exists

[mocenas]

Execuing a command oc new-app istio_installer_template.yaml --param=OPENSHIFT_ISTIO_MASTER_PUBLIC_URL=master.server Causes the openshift-ansible-istio-job to fail, due to error: "Error from server (AlreadyExists): error when creating \"roles/openshift_istio/files/csr.yaml\": certificatesigningrequests.certificates.k8s.io \"istio-sidecar-injector.istio-system\" already exists"

attaching full log openshift-ansible-istio-job-khwjd.log

[knrc]

It looks as if this was not installed on a clean system, there must have been a CRD from a previous installation present. Note that the installer can clean up an installation if openshift_istio_install is set to false in the inventory although I have not tested this on a partial installation.

I'll update the installers (0.7.1 and 0.8.0) to force a clean every time however note that for 0.8.0 the CSR is no longer required.

In the meantime run the following to clean up the previous installation

oc delete csr istio-sidecar-injector.istio-system

[mocenas]

Thanks for help. What I write here is maybe different issue.

After using this command and installing istio on (probably) clear system. The istio-mixer-validator pod ends in crash-loop and reports some error with certificates. Also openshift-ansible-istio pod reports some error. Attaching logs from both pods.

istio-mixer-validator-56488d76d7-f7dnt.log openshift-ansible-istio-job-tklbx.log

[knrc]

It looks as if the job logs are showing a number of pre-existing artifacts (CRDs etc.) which are likely from a previous installation, it would be worth double checking this once I have the removal sorted out.

I'm not sure about the validator, I can double check this. I assume this is 0.7.1 since validator is not included in the 0.8.0 installer.

[mocenas]

Sorry I forgot to specify version, yes it is a 0.7.1

[knrc]

Reopening to also address for 0.7.1

[knrc]

This has now been pushed for 0.7.1