-
Bug
-
Resolution: Done
-
Major
-
maistra-0.7.0
-
None
-
Maistra TP sprint 10
I've installed TP 0.70 following the instructions in my AWS OpenShift 3.11 environment. When I install it everything works fine, however when I stop and start the cluster (i.e. stop the VMs in AWS and start them again) the istio-sidecar-injector pod keeps failing with the following error:
Error: failed to start patch cert loop mutatingwebhookconfigurations.admissionregistration.k8s.io "istio-sidecar-injector" not found
Using kube proxy, it doesn't look like I have this admission controller when I curl the endpoint after a cluster restart:
kubectl proxy &
curl localhost:8001/apis/admissionregistration.k8s.io/v1beta1/mutatingwebhookconfigurations/istio-sidecar-injector
Returns this:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "mutatingwebhookconfigurations.admissionregistration.k8s.io \"istio-sidecar-injector\" not found",
"reason": "NotFound",
"details": {
"name": "istio-sidecar-injector",
"group": "admissionregistration.k8s.io",
"kind": "mutatingwebhookconfigurations"
},
"code": 404
}
However if I execute the above right after the installation (i.e. before cluster shutdown and restart) it shows the admission controller as expected.
I have patched my master config to add the admission controllers specified in the documentation and I can see them in the configuration, here's a snippet of my master-config.yaml:
admissionConfig: pluginConfig: BuildDefaults: configuration: apiVersion: v1 env: [] kind: BuildDefaultsConfig resources: limits: {} requests: {} location: "" BuildOverrides: configuration: apiVersion: v1 kind: BuildOverridesConfig location: "" MutatingAdmissionWebhook: configuration: apiVersion: apiserver.config.k8s.io/v1alpha1 kind: WebhookAdmission kubeConfigFile: /dev/null ValidatingAdmissionWebhook: configuration: apiVersion: apiserver.config.k8s.io/v1alpha1 kind: WebhookAdmission kubeConfigFile: /dev/null openshift.io/ImagePolicy:
