Describe the bug
After install istio-1.1.0-snapshot.6, and deploy applications with istio, find lots of error message in pilot discovery container:
2019-02-27T00:58:27.161235Z info ads Push debounce stable[174] 1: 100.139211ms since last change, 100.139211ms since last push, full=true
2019-02-27T00:58:27.450424Z error namespace or service account can't be empty ns=kube-system serviceaccount=
2019-02-27T00:58:27.521175Z error namespace or service account can't be empty ns=kube-system serviceaccount=
2019-02-27T00:58:27.715277Z error namespace or service account can't be empty ns=kube-system serviceaccount=
2019-02-27T00:58:27.957708Z error namespace or service account can't be empty ns=kube-system serviceaccount=
These error messages should be generated during converting k8s serviceaccount to istio serviceaccount(in spiffe format).
Why pilot can't get serviceaccount for pod while getting namespace is normal?
Expected behavior
No error messages
Version
istio-1.1.0-snapshot.6
[root@master istio-1.1.0-snapshot.6]# ./bin/istioctl version
version.BuildInfo{Version:"1.1.0-snapshot.6", GitRevision:"14777199b85ba56ebca2a4516afff33c97199eb4", User:"root", Host:"f0f1db73-2fb5-11e9-86e9-0a580a2c0304", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Clean", GitTag:"1.1.0-snapshot.5-156-g1477719"}
[root@master istio-1.1.0-snapshot.6]# kubectl version
Client Version: version.Info{Major:"1", Minor:"11+", GitVersion:"v1.11.0+d4cacc0", GitCommit:"d4cacc0", GitTreeState:"clean", BuildDate:"2018-10-10T16:38:01Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11+", GitVersion:"v1.11.0+d4cacc0", GitCommit:"d4cacc0", GitTreeState:"clean", BuildDate:"2019-02-08T23:07:29Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
{{ Which environment, cloud vendor, OS, etc are you using? }}
openshift
redhat
Cluster state
{{ If you're running on Kubernetes, consider following the
instructions
to generate "istio-dump.tar.gz", then attach it here by dragging and dropping
the file onto this issue. }}
Describe the bug
After install istio-1.1.0-snapshot.6, and deploy applications with istio, find lots of error message in pilot discovery container:
These error messages should be generated during converting k8s serviceaccount to istio serviceaccount(in spiffe format).
Why pilot can't get
serviceaccountfor pod while getting namespace is normal?Expected behavior
No error messages
Version
istio-1.1.0-snapshot.6
{{ Which environment, cloud vendor, OS, etc are you using? }}
openshift
redhat
Cluster state
{{ If you're running on Kubernetes, consider following the
instructions
to generate "istio-dump.tar.gz", then attach it here by dragging and dropping
the file onto this issue. }}