Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to use Istio-CSR in istio(1.13.*) #145

Open
shinderupesh opened this issue Apr 9, 2022 · 2 comments
Open

Not able to use Istio-CSR in istio(1.13.*) #145

shinderupesh opened this issue Apr 9, 2022 · 2 comments

Comments

@shinderupesh
Copy link

Bug Description

I am using Istio (v1.13.*) in my setup. Also I using Istio-CSR for assigning self signed certs in my setup using ISTIO.

But while validating certs in setup I am not able to see expected output for following command:

kubectl logs $(kubectl get pod -n $NAMESPACE -o jsonpath="{.items...metadata.name}" --selector app=$APP) -c istio-proxy
Expected output: 
  2022-01-13T16:51:58.495493Z	info	CA Endpoint cert-manager-istio-csr.cert-manager.svc:443, provider Citadel
  2022-01-13T16:51:58.495817Z	info	Using CA cert-manager-istio-csr.cert-manager.svc:443 cert with certs: var/run/secrets/istio/root-cert.pem
  2022-01-13T16:51:58.495941Z	info	citadelclient	Citadel client using custom root cert: cert-manager-istio-csr.cert-manager.svc:443

Actual output(issue):
  2022-01-13T16:51:58.495493Z	info	CA Endpoint cert-manager-istio-csr.cert-manager.svc:443, provider Citadel
  2022-01-13T16:51:58.495817Z	info	Using CA cert-manager-istio-csr.cert-manager.svc:443 cert with certs: var/run/secrets/istio/root-cert.pem
  2022-01-13T16:51:58.495941Z	info	citadelclient	Citadel client using custom root cert: var/run/secrets/istio/root-cert.pem

I am not getting any another issues from logs.

NOTE: In Istio v1.12. I am getting expected output.

Is there anything I missing?

Additional Information

No response
@JoshVanL
Copy link
Contributor

JoshVanL commented Apr 12, 2022
edited
Loading

Hi @shinderupesh, both outputs look to be expected dependant on the istio version you are using.

On 1.13:

$ git checkout 1.13.2
$ $ grep -nir . -e "Citadel client using custom root cert"
./security/pkg/nodeagent/caclient/providers/citadel/client.go:186:	citadelClientLog.Info("Citadel client using custom root cert: ", rootCertFile)

On 1.12:

$ git checkout 1.12.6
$ $ grep -nir . -e "Citadel client using custom root cert"
./security/pkg/nodeagent/caclient/providers/citadel/client.go:131:		citadelClientLog.Info("Citadel client using custom root cert: ", c.opts.CAEndpoint)

I've opened up this PR to remove confusion #146

@JoshVanL JoshVanL mentioned this issue Apr 12, 2022
Closed
@shinderupesh
Copy link
Author

@JoshVanL Thanks for your response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Updates getting started doc to include new expected istiod output JoshVanL/istio-csr
2 participants
@JoshVanL @shinderupesh