The Installation of the Knative Istio controller aborts on a private cluster

[Miles-Ahead-Digital]

Describe the bug
The Installation of the Knative Istio controller aborts on a private cluster.

Error from server (InternalError): error when creating "https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml": Internal error occurred: failed calling webhook "config.webhook.serving.knative.dev": Post https://webhook.knative-serving.svc:443/config-validation?timeout=10s: dial tcp 10.20.2.5:8443: i/o timeout

The networking-istio Pod fails with:
Failed to start configuration manager

Expected behavior
Installation process works

To Reproduce
Steps to reproduce the behavior.
1.) create cluster:

gcloud container clusters create private-cluster-1 \
    --create-subnetwork name=my-subnet-1 \
    --enable-master-authorized-networks \
    --enable-ip-alias \
    --enable-private-nodes \
    --master-authorized-networks="$(curl -s https://icanhazip.com/)/32" \
    --master-ipv4-cidr 172.16.0.0/28 \
    --machine-type=n2-standard-2 --max-nodes=3 --min-nodes=1

2.)
install istio conforming https://istio.io/latest/docs/setup/install/istioctl/ Verion 1.9.1

istioctl install

kubectl apply --filename https://github.com/knative/serving/releases/download/v0.21.0/serving-crds.yaml
kubectl apply --filename https://github.com/knative/serving/releases/download/v0.21.0/serving-core.yaml

kubectl apply --filename https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml

Error from server (InternalError): error when creating "https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml": Internal error occurred: failed calling webhook "config.webhook.serving.knative.dev": Post https://webhook.knative-serving.svc:443/config-validation?timeout=10s: dial tcp 10.20.2.5:8443: i/o timeout

Knative-GCP release version
v0.21.0

Additional context
If the cluster is not private the installation works

[zhongduo]

Maybe open an issue in net-istio instead: https://github.com/knative-sandbox/net-istio/issues

…

On Wed, Mar 10, 2021 at 2:24 PM Stefan Klose ***@***.***> wrote: *Describe the bug* The Installation of the Knative Istio controller aborts on a private cluster. Error from server (InternalError): error when creating " https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml": Internal error occurred: failed calling webhook " config.webhook.serving.knative.dev": Post https://webhook.knative-serving.svc:443/config-validation?timeout=10s: dial tcp 10.20.2.5:8443: i/o timeout The networking-istio Pod fails with: Failed to start configuration manager *Expected behavior* Installation process works *To Reproduce* Steps to reproduce the behavior. 1.) create cluster: gcloud container clusters create private-cluster-1 --create-subnetwork name=my-subnet-1 --enable-master-authorized-networks --master-authorized-networks="$(curl -s https://icanhazip.com/)/32" --enable-ip-alias --enable-private-nodes --master-ipv4-cidr 172.16.0.0/28 2.) kubectl apply --filename https://github.com/knative/serving/releases/download/v0.21.0/serving-crds.yaml kubectl apply --filename https://github.com/knative/serving/releases/download/v0.21.0/serving-core.yaml kubectl apply --filename https://github.com/knative/net-istio/releases/download/v0.21.0/net-istio.yaml *Knative-GCP release version* v0.21.0 *Additional context* If the cluster is not private the installation works — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#2174>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACE6CNAOMLYWMJWBVEQKJE3TC7BOFANCNFSM4Y6WYLJQ> .

[Miles-Ahead-Digital]

knative-sandbox/net-istio#543