Bug Description
Hi, is Istio CNI plugin compatible with Cilium kube-proxy free setup?
I ve enabled DNS proxying and after that all my pods are starting to fail with error Failed to execute: iptables-restore --noflush errors. ; in istio-init containers.
Then I tried to enable CNI plugin via --set components.cni.enabled=true . I could see that CNI daemonset is running on all the nodes. However, whenever I create a pod with injection enabled/disabled, pods are failing with
Warning FailedCreatePodSandBox 1s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "1d364156d98e1eb7f6ab03765b8fff02474ab17dd8c139e67b015ad08ee06f2a": plugin type="istio-cni" name="istio-cni" failed (add): netplugin failed but error parsing its diagnostic message "2022-05-08T19:56:33.418196Z\twarn\tOS CA Cert could not be found for agent\n": invalid character '-' after top-level value
or
Warning FailedCreatePodSandBox 2s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "7ec243813ed979c2799a28160a4d9c4176c5ad8183ce5f7a79eb4bcd6ba4816c": plugin type="istio-cni" name="istio-cni" failed (add): decoding version from network config: invalid character '-' after top-level value
Did anyone have the same issue before?
Setup:
Vanilla k8s with cilium installed via helm install cilium cilium/cilium --version 1.11.4 --namespace kube-system --set ipam.mode=kubernetes --set kubeProxyReplacement=strict --set k8sServiceHost="my.api.com" --set k8sServicePort="6443" --set hostServices.hostNamespaceOnly=true
Thank you
Version
istioctl version
client version: 1.13.3
control plane version: 1.13.3
data plane version: 1.13.3 (1 proxies)
kubectl version --short
Client Version: v1.22.1
Server Version: v1.23.6
Additional Information
Istio CNI pod logs - https://paste.opendev.org/show/bXCRYC98CGoUIiLXKu01/
Bug Description
Hi, is Istio CNI plugin compatible with Cilium kube-proxy free setup?
I ve enabled DNS proxying and after that all my pods are starting to fail with error
Failed to execute: iptables-restore --noflush errors.; in istio-init containers.Then I tried to enable CNI plugin via --set components.cni.enabled=true . I could see that CNI daemonset is running on all the nodes. However, whenever I create a pod with injection enabled/disabled, pods are failing with
Did anyone have the same issue before?
Setup:
Vanilla k8s with cilium installed via
helm install cilium cilium/cilium --version 1.11.4 --namespace kube-system --set ipam.mode=kubernetes --set kubeProxyReplacement=strict --set k8sServiceHost="my.api.com" --set k8sServicePort="6443" --set hostServices.hostNamespaceOnly=trueThank you
Version
Additional Information
Istio CNI pod logs - https://paste.opendev.org/show/bXCRYC98CGoUIiLXKu01/