-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Running istio-proxy suddenly starts reporting authentication failure #51663
Comments
istiod will show detailed error logs about why it was rejected |
Thanks @howardjohn . Somehow missed them earlier. Found the below logs
The bearer token here is same as istio-token mounted at kubernetes.io~projected/istio-token/istio-token ? These seem to have 12hours validity from the time of issuing. As per documentation,
So istio agent failed to rotate the istio-token in time? |
Kubernetes is responsible for mounting and rotating this. Istio just reads from the file and rotates it. If its stale, it is a k8s issue |
Is this the right place to submit this?
Bug Description
Istio-proxy both as sidecar and ingress gateway previously running fine, suddenly started reporting authentication failure. And these are not recovering and needed to delete the pods.
Logs around the time once the error starts reporting. Need help in understanding why authentication is failing and hoping that could help find what is triggering this scenario.
Version
Additional Information
No response
The text was updated successfully, but these errors were encountered: