istio: Containers not starting for istio sidecar and pilot service
I am getting errors when running istio.yaml for sidecar/pilot service and the containers are not starting
I do see the secrets created for both pilot and sidecar
istio-pilot-service-account-token-px5h6 kubernetes.io/service-account-token 9 minutes istio-sidecar-injector-service-account-token-7fcr2 kubernetes.io/service-account-token 9 minutes
MountVolume.SetUp failed for volume “certs” : secrets “istio.istio-sidecar-injector-service-account” not found kubelet worker-0
Unable to mount volumes for pod “istio-sidecar-injector-dbd67c88d-5842z_istio-system(62926544-75a8-11e8-a5ae-000d3a0608da)”: timeout expired waiting for volumes to attach/mount for pod “istio-system”/“istio-sidecar-injector-dbd67c88d-5842z”. list of unattached/unmounted volumes=[certs] MountVolume.SetUp failed for volume “istio-certs” : secrets “istio.istio-pilot-service-account” not found kubelet worker-0 MountVolume.SetUp succeeded for volume “istio-pilot-service-account-token-px5h6” kubelet worker-0 warning Unable to mount volumes for pod “istio-pilot-6c5c6b586c-v8845_istio-system(624c695a-75a8-11e8-a5ae-000d3a0608da)”: timeout expired waiting for volumes to attach/mount for pod “istio-system”/“istio-pilot-6c5c6b586c-v8845”. list of unattached/unmounted volumes=[istio-certs]
Client Version: version.Info{Major:“1”, Minor:“9”, GitVersion:“v1.9.4”, GitCommit:“bee2d1505c4fe820744d26d41ecd3fdd4a3d6546”, GitTreeState:“clean”, BuildDate:“2018-03-12T16:29:47Z”, GoVersion:“go1.9.3”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“9”, GitVersion:“v1.9.4”, GitCommit:“bee2d1505c4fe820744d26d41ecd3fdd4a3d6546”, GitTreeState:“clean”, BuildDate:“2018-03-12T16:21:35Z”, GoVersion:“go1.9.3”, Compiler:“gc”, Platform:“linux/amd64”} Expected behavior Pilot and SideCar containers should start
Version
What version of istio and Kubernetes are you using? Use istioctl version and kubectl version
Version: 0.8.0
GitRevision: 6f9f420f0c7119ff4fa6a1966a6f6d89b1b4db84
User: root@48d5ddfd72da
Hub: docker.io/istio
GolangVersion: go1.10.1
BuildStatus: Clean
Client Version: version.Info{Major:“1”, Minor:“9”, GitVersion:“v1.9.4”, GitCommit:“bee2d1505c4fe820744d26d41ecd3fdd4a3d6546”, GitTreeState:“clean”, BuildDate:“2018-03-12T16:29:47Z”, GoVersion:“go1.9.3”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“9”, GitVersion:“v1.9.4”, GitCommit:“bee2d1505c4fe820744d26d41ecd3fdd4a3d6546”, GitTreeState:“clean”, BuildDate:“2018-03-12T16:21:35Z”, GoVersion:“go1.9.3”, Compiler:“gc”, Platform:“linux/amd64”}
Is Istio Auth enabled or not?
Environment kubernetes cluster in Azure VM Client Version: version.Info{Major:“1”, Minor:“9”, GitVersion:“v1.9.4”, GitCommit:“bee2d1505c4fe820744d26d41ecd3fdd4a3d6546”, GitTreeState:“clean”, BuildDate:“2018-03-12T16:29:47Z”, GoVersion:“go1.9.3”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“9”, GitVersion:“v1.9.4”, GitCommit:“bee2d1505c4fe820744d26d41ecd3fdd4a3d6546”, GitTreeState:“clean”, BuildDate:“2018-03-12T16:21:35Z”, GoVersion:“go1.9.3”, Compiler:“gc”, Platform:“linux/amd64”}
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 3
- Comments: 15 (7 by maintainers)
@brant4test The secret is generated by Citadel. Did
istio-citadel-*pod started with no errors? I think there is some pre-requisites issue here when Istio Pilot loads before the Citadel generated its secret. If Citadel is up and running then in this case deleting the pod will launch a new one that should load (hack, not solution. Just trying to understand if it’s indeed the problem).