Comments (8)
cc @mattmoor
from net-istio.
I am suspecting this Istio's issue istio/istio#23463. The DestinationRule and some behavior were different whether external service has the port or not.
from net-istio.
@nak3 I think this is fixed in 1.6?
from net-istio.
cc @ZhiminXiang @JRBANCEL @Cynocracy
from net-istio.
It is still broken.
The webhook
Container of webhook
Pod never gets ready (example), because the probes defined here:
2020-10-02T01:16:54.849646Z error Request to probe app failed: Get "https://localhost:8443/": remote error: tls: internal error, original URL path = /app-health/webhook/readyz app URL path = /
2020-10-02T01:16:55.347043Z error Request to probe app failed: Get "https://localhost:8443/": remote error: tls: internal error, original URL path = /app-health/webhook/livez app URL path = /
It might be an Istio issue, see this similar issue.
from net-istio.
What seems to be happening is that Kubelet does indeed call the modified probes (on Istio Proxy) and then the proxy calls the Webhook probes, but this fails with the not useful remote error: tls: internal error
.
I suspect that it fails because this is endpoint uses a self-signed certificate.
from net-istio.
Istio skips TLS validation: https://github.com/istio/istio/blob/master/pilot/cmd/pilot-agent/status/server.go#L421
So it is failing for another reason. In the webhook
logs I see 2020/10/02 01:20:23 http: TLS handshake error from 127.0.0.1:55830: server key missing
.
Someone complained about this recently: knative/eventing#4165
from net-istio.
Closing. There are still some failures but they are tracked by #340.
from net-istio.
Related Issues (20)
- Test Istio release "Istio 1.16.2"
- Test Istio release "Istio 1.15.5"
- Support system-internal-tls in net-istio HOT 4
- switch to Istio v1beta1 API
- Use ambient mesh instead of current sidecar mesh for CI HOT 1
- Is the mesh virtual service duplicate when knative-local-gateway is used? HOT 4
- Customize Istio Virtual Service `spec.gateways` via Kservice HOT 15
- Add default TLS cert HOT 7
- Bump Kind and Go Versions in Kind e2e testing
- Bump Istio to v1.19 HOT 2
- Use istio v1.19 manifests
- Test Istio's 1.20 ExternalName Changes HOT 4
- Bump min k8s version to v1.27
- New configuration format HOT 2
- Filtering on external istio gateway
- How to remove the knative-local-gateway? HOT 4
- `DomainMapping` creates configuration that routes through the local gateway HOT 1
- Allow `STRICT` mode in the knative-serving namespace HOT 5
- Bump e2e cluster version to 1.28
- Do the gateway service parsing while parsing the configuration HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from net-istio.