@conorcurlett commented on Tue Feb 13 2018
Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?: Yes
Bug:
Y
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
Istio 0.5.0, procured through https://git.io/getLatestIstio
Canonical Kubernetes in AWS, installed using juju charms, Flannel overlay, Kubernetes v1.9.2
istioctl version
Version: 0.5.0
GitRevision: c9debceacb63a14a9ae24df433e2ec3ce1f16fc7
User: root@211b132eb7f1
Hub: docker.io/istio
GolangVersion: go1.9
BuildStatus: Clean
kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T09:42:01Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Is Istio Auth enabled or not ?
Attempted both installation types, no changes in behaviour detected
What happened:
Attempted to run the bookinfo sample app following instructions in the documentation, and received the error
kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/kube/bookinfo.yaml -c ~/.kube/config.d/juju-context)
Error: could not read valid configmap "istio" from namespace "istio-system": Get https://xx.xxx.xxxx.xxx:443/api/v1/namespaces/istio-system/configmaps/istio: x509: certificate signed by unknown authority - Use --meshConfigFile or re-run kube-inject with `-i <istioSystemNamespace> and ensure valid MeshConfig exists
error: no objects passed to apply
kubectl get configmap istio -n istio-system -o yaml
apiVersion: v1
data:
mesh: |-
# Uncomment the following line to enable mutual TLS between proxies
authPolicy: MUTUAL_TLS
...
What you expected to happen:
The sample application would be deployed successfully. Alternatively, fetching the configmap using kubectl should fail for the same reason as istioctl is failing.
How to reproduce it:
In a vanilla Canonical Kubernetes installation in AWS, install Istio 0.5.0 and run the bookinfo app following the instructions in the documentation.
@terinjokes commented on Fri Mar 23 2018
At least in my cause, it seems istioctl isn't using the "certificate-authority-data" information from my ~/.kube/config.
@Rigdon commented on Fri Apr 13 2018
@terinjokes or @conorcurlett Were you able to find a workaround for this?
@Rigdon commented on Fri Apr 13 2018
Turns out I was able to work around this with kubectl config set-cluster ${KUBE_CONTEXT} --insecure-skip-tls-verify=true.
@conorcurlett commented on Tue Feb 13 2018
Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?: Yes
Bug:
Y
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
Istio 0.5.0, procured through https://git.io/getLatestIstio
Canonical Kubernetes in AWS, installed using juju charms, Flannel overlay, Kubernetes v1.9.2
Is Istio Auth enabled or not ?
Attempted both installation types, no changes in behaviour detected
What happened:
Attempted to run the bookinfo sample app following instructions in the documentation, and received the error
What you expected to happen:
The sample application would be deployed successfully. Alternatively, fetching the configmap using kubectl should fail for the same reason as istioctl is failing.
How to reproduce it:
In a vanilla Canonical Kubernetes installation in AWS, install Istio 0.5.0 and run the bookinfo app following the instructions in the documentation.
@terinjokes commented on Fri Mar 23 2018
At least in my cause, it seems
istioctlisn't using the "certificate-authority-data" information from my ~/.kube/config.@Rigdon commented on Fri Apr 13 2018
@terinjokes or @conorcurlett Were you able to find a workaround for this?
@Rigdon commented on Fri Apr 13 2018
Turns out I was able to work around this with
kubectl config set-cluster ${KUBE_CONTEXT} --insecure-skip-tls-verify=true.