istio: x509: certificate has expired or is not yet valid
I am getting errors Internal error occurred: failed calling webhook "pilot.validation.istio.io": Post https://istio-galley.istio-system.svc:443/admitpilot?timeout=30s: x509: certificate has expired or is not yet valid in my cluster. Seems a re-occurrence of https://github.com/istio/istio/issues/14517. Has been ongoing for ~12 hours or so, after a GKE node update. Will collect some more info tomorrow
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 1
- Comments: 25 (20 by maintainers)
Commits related to this issue
- make validation watch and reload key/certs (again) Galley watched and reloaded key/certs prior to istio 1.3. https://github.com/istio/istio/pull/12571 refactored galley's validation into two parts: (... — committed to ayj/istio by ayj 5 years ago
- fix galley validation key/cert rotation (#17995) * make validation watch and reload key/certs (again) Galley watched and reloaded key/certs prior to istio 1.3. https://github.com/istio/istio/pull/12... — committed to istio/istio by ayj 5 years ago
- make validation watch and reload key/certs (again) Galley watched and reloaded key/certs prior to istio 1.3. https://github.com/istio/istio/pull/12571 refactored galley's validation into two parts: (... — committed to istio-testing/istio by ayj 5 years ago
- fix galley validation key/cert rotation (#17995) * make validation watch and reload key/certs (again) Galley watched and reloaded key/certs prior to istio 1.3. https://github.com/istio/istio/pull/12... — committed to ayj/istio by ayj 5 years ago
- fix galley validation key/cert rotation (#17995) (#18040) * fix galley validation key/cert rotation (#17995) * make validation watch and reload key/certs (again) Galley watched and reloaded key/cer... — committed to istio/istio by ayj 5 years ago
- [release-1.4] fix galley validation key/cert rotation (#18039) * make validation watch and reload key/certs (again) Galley watched and reloaded key/certs prior to istio 1.3. https://github.com/istio... — committed to istio/istio by istio-testing 5 years ago
Was getting same error in kubeflow if it helps someone. Did the following and it started working. curl -s https://raw.githubusercontent.com/istio/tools/master/bin/root-transition.sh | bash -s – root-transition
I had the same issue. After renewing the certificate with root-transition.sh and proceed with the instructions everything works fine now.