SAP/redis-operator

Istio injection fails on redis clusters

Closed this issue · 1 comments

cbarbian-sap commented

The istio envoy sidecar does not come up on redis clusters created by redis-operator.

2023-07-21T10:02:14.848381Z    info    starting Http service at 127.0.0.1:15004

2023-07-21T10:02:14.848462Z    info    Starting proxy agent
2023-07-21T10:02:14.848498Z    info    starting
2023-07-21T10:02:14.848524Z    info    Envoy command: [-c etc/istio/proxy/envoy-rev.json --drain-time-s 45 --drain-strategy immediate --local-address-ip-version v4 --file-flush-interval-msec 1000 --disable-hot-restart --allow-unknown-static-fields --log-format %Y-%m-%dT%T.%fZ    %l    envoy %n %g:%#    %v    thread=%t -l warning --component-log-level misc:error --concurrency 2]
2023-07-21T10:02:34.819688Z    warn    ca    ca request failed, starting attempt 1 in 103.063351ms
2023-07-21T10:02:34.922902Z    warn    ca    ca request failed, starting attempt 2 in 201.200697ms
2023-07-21T10:02:35.124920Z    warn    ca    ca request failed, starting attempt 3 in 422.03637ms
2023-07-21T10:02:35.547808Z    warn    ca    ca request failed, starting attempt 4 in 761.562536ms
2023-07-21T10:02:56.310433Z    warn    sds    failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 100.68.17.248:15012: i/o timeout"
2023-07-21T10:02:56.776685Z    warn    ca    ca request failed, starting attempt 1 in 109.765121ms
2023-07-21T10:02:56.886978Z    warn    ca    ca request failed, starting attempt 2 in 183.653145ms
2023-07-21T10:02:57.071356Z    warn    ca    ca request failed, starting attempt 3 in 413.458643ms
2023-07-21T10:02:57.484989Z    warn    ca    ca request failed, starting attempt 4 in 776.255744ms
2023-07-21T10:03:14.871321Z    info    Status server has successfully terminated
2023-07-21T10:03:14.871405Z    error    accept tcp :15020: use of closed network connection
2023-07-21T10:03:14.871433Z    info    Agent draining Proxy
2023-07-21T10:03:14.872503Z    info    Graceful termination period is 5s, starting...
cbarbian-sap commented

Most likely this is because the current egress rules in the redis networkpolicy block traffic from the redis pods to istiod.