Not able to use Istio-CSR in istio(1.13.*)
shinderupesh opened this issue · comments
Bug Description
I am using Istio (v1.13.*) in my setup. Also I using Istio-CSR for assigning self signed certs in my setup using ISTIO.
But while validating certs in setup I am not able to see expected output for following command:
kubectl logs $(kubectl get pod -n $NAMESPACE -o jsonpath="{.items...metadata.name}" --selector app=$APP) -c istio-proxy
Expected output: 2022-01-13T16:51:58.495493Z info CA Endpoint cert-manager-istio-csr.cert-manager.svc:443, provider Citadel 2022-01-13T16:51:58.495817Z info Using CA cert-manager-istio-csr.cert-manager.svc:443 cert with certs: var/run/secrets/istio/root-cert.pem 2022-01-13T16:51:58.495941Z info citadelclient Citadel client using custom root cert: cert-manager-istio-csr.cert-manager.svc:443 Actual output(issue): 2022-01-13T16:51:58.495493Z info CA Endpoint cert-manager-istio-csr.cert-manager.svc:443, provider Citadel 2022-01-13T16:51:58.495817Z info Using CA cert-manager-istio-csr.cert-manager.svc:443 cert with certs: var/run/secrets/istio/root-cert.pem 2022-01-13T16:51:58.495941Z info citadelclient Citadel client using custom root cert: var/run/secrets/istio/root-cert.pem
I am not getting any another issues from logs.
NOTE: In Istio v1.12. I am getting expected output.
Is there anything I missing?
Additional Information
No response
Hi @shinderupesh, both outputs look to be expected dependant on the istio version you are using.
On 1.13:
$ git checkout 1.13.2
$ $ grep -nir . -e "Citadel client using custom root cert"
./security/pkg/nodeagent/caclient/providers/citadel/client.go:186: citadelClientLog.Info("Citadel client using custom root cert: ", rootCertFile)
On 1.12:
$ git checkout 1.12.6
$ $ grep -nir . -e "Citadel client using custom root cert"
./security/pkg/nodeagent/caclient/providers/citadel/client.go:131: citadelClientLog.Info("Citadel client using custom root cert: ", c.opts.CAEndpoint)
I've opened up this PR to remove confusion #146
@JoshVanL Thanks for your response.