Bug Description

I am using Istio (v1.13.*) in my setup. Also I using Istio-CSR for assigning self signed certs in my setup using ISTIO.

But while validating certs in setup I am not able to see expected output for following command:

kubectl logs $(kubectl get pod -n $NAMESPACE -o jsonpath="{.items...metadata.name}" --selector app=$APP) -c istio-proxy

Expected output: 
  2022-01-13T16:51:58.495493Z	info	CA Endpoint cert-manager-istio-csr.cert-manager.svc:443, provider Citadel
  2022-01-13T16:51:58.495817Z	info	Using CA cert-manager-istio-csr.cert-manager.svc:443 cert with certs: var/run/secrets/istio/root-cert.pem
  2022-01-13T16:51:58.495941Z	info	citadelclient	Citadel client using custom root cert: cert-manager-istio-csr.cert-manager.svc:443

Actual output(issue):
  2022-01-13T16:51:58.495493Z	info	CA Endpoint cert-manager-istio-csr.cert-manager.svc:443, provider Citadel
  2022-01-13T16:51:58.495817Z	info	Using CA cert-manager-istio-csr.cert-manager.svc:443 cert with certs: var/run/secrets/istio/root-cert.pem
  2022-01-13T16:51:58.495941Z	info	citadelclient	Citadel client using custom root cert: var/run/secrets/istio/root-cert.pem

I am not getting any another issues from logs.

NOTE: In Istio v1.12. I am getting expected output.

Is there anything I missing?

Additional Information

No response

Hi @shinderupesh, both outputs look to be expected dependant on the istio version you are using.

On 1.13:

$ git checkout 1.13.2
$ $ grep -nir . -e "Citadel client using custom root cert"
./security/pkg/nodeagent/caclient/providers/citadel/client.go:186:	citadelClientLog.Info("Citadel client using custom root cert: ", rootCertFile)

On 1.12:

$ git checkout 1.12.6
$ $ grep -nir . -e "Citadel client using custom root cert"
./security/pkg/nodeagent/caclient/providers/citadel/client.go:131:		citadelClientLog.Info("Citadel client using custom root cert: ", c.opts.CAEndpoint)

I've opened up this PR to remove confusion #146

@JoshVanL Thanks for your response.