IstioOperator multiCluster:clusterName auth.go:35 certificate-provider "msg"="failed to authenticate request" "error"="could not get cluster cluster-1's kube client" about istio-csr HOT 8 CLOSED

@palimarium sure thing! I'll push a v0.1.1 now.

from istio-csr.

Tested now with cluster.local but still doesn't seem to work.

E0201 10:04:58.945874       1 auth.go:35] certificate-provider "msg"="failed to authenticate request" "error"="could not get cluster cluster.local's kube client"  
E0201 10:04:59.084455       1 auth.go:35] certificate-provider "msg"="failed to authenticate request" "error"="could not get cluster cluster.local's kube client"  
E0201 10:04:59.788517       1 auth.go:35] certificate-provider "msg"="failed to authenticate request" "error"="could not get cluster cluster.local's kube client" 

I look forward to this release!

from istio-csr.

Hi @palimarium,

Great to see it working for you in the default case!

Auth is currently limited to token, and only the default cluster name. This definitely something we want to include.

/feature
/assign

from istio-csr.

/kind feature

from istio-csr.

@JoshVanL: The label(s) kind/feature cannot be applied, because the repository doesn't have them

from istio-csr.

Hi @JoshVanL

Thank you that you are planning to extend the capabilities!

In the meantime is there any workaround for this? What is the default cluster name, that istio-csr use for auth? If I use this name in the multiCluster(clusterName) config, it should work?

Thanks!

from istio-csr.

@palimarium My feeling is cluster.local is one that would work.. though not tested. Intent to pick this up over the next couple days.

from istio-csr.

Hi @JoshVanL

I have tested your fix and works like a charm!
Any chance to get this pushed into a new release? so can be easily installed with the default helm chart?

Thanks a lot!

from istio-csr.