certificate expiration after 1 day #50485
Replies: 3 comments 10 replies
-
I'm not sure if this is related but it sure seems like it would be |
Beta Was this translation helpful? Give feedback.
-
Is it possible there are configs that need to be tweaked to enable certificate renewal? What component does the renewal is it istio or envoy making the cert renewal request?
|
Beta Was this translation helpful? Give feedback.
-
So I'm trying to collect additional information on this issue. I toggled debug logging in istiod for all of the components. I have a log -f running on one of the pods with proxy logging set to debug. istiod logging:
For the pod I picked one of the pods and toggled debug logging for the proxy:
The cert:
I can see the certificate generated:
Looking in the istio-proxy pod I see 2 processes:
I can't think of anything else to capture - please let me know if there is more I can grab! |
Beta Was this translation helpful? Give feedback.
-
I've been trying to understand why this is happening. The certificate generated by istio appears to be set for a validity of 1 day and then not getting renewed.
I'm using istioctl to install istio. The version is 1.21.0, kubernetes version is 1.29 ( kind inside docker )
The application in question is grafana tempo. The cluster component fails to join the cluster for all instances. I enabled debug logging of envoy and noticed something interesting:
When I uninstalled istio, removed the ca cert secret from the namespace and re-installed ( restarting all pods in-between ) istio everything lights up again. When I looked at the certificate generated:
( This certificate is still valid at the time of the post - showing for demonstration purposes )
Shouldn't this certificate be renewed automatically? Is there a configuration which is not set by default that should be? I'm not using cert-manager for certificates as I expected istio and its components to handle this renewal for me.
I've done a lot of google searching and not come up with anything related to cert renewal so coming here hoping for some help ;)
Beta Was this translation helpful? Give feedback.
All reactions