Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updating ConfigMap data doesn't stop #161

Open
ceastman-r7 opened this issue Jun 13, 2022 · 6 comments
Open

updating ConfigMap data doesn't stop #161

ceastman-r7 opened this issue Jun 13, 2022 · 6 comments

Comments

@ceastman-r7
Copy link

helm chart version:v0.4.2 for istio-csr

The log entry updating ConfigMap data just keeps repeating for all the namespaces in the cluster.

2022-06-13T16:23:06.577141Z info klog "msg"="-----------------------------------------------------------------"
2022-06-13T16:23:06.577166Z info klog "msg"="Using root CAs from file: /var/run/secrets/istio-csr/ca.crt"
2022-06-13T16:23:06.577171Z info klog "msg"="-----------------------------------------------------------------"
2022-06-13T16:23:06.610615Z info klog tls-provider/root-ca-watcher "msg"="loading root CAs bundle" "file"="/var/run/secrets/istio-csr/ca.crt"
2022-06-13T16:23:06.610651Z info klog manager "msg"="Starting server" "addr"={"IP":"::","Port":9402,"Zone":""} "kind"="metrics" "path"="/metrics"
2022-06-13T16:23:06.610664Z info klog tls-provider/root-ca-watcher "msg"="updating root CAs from file" "file"="/var/run/secrets/istio-csr/ca.crt"
2022-06-13T16:23:06.610760Z info klog manager "msg"="Starting server" "addr"={"IP":"::","Port":6060,"Zone":""} "kind"="health probe"
2022-06-13T16:23:06.610813Z info klog attempting to acquire leader lease istio-system/istio-csr...
2022-06-13T16:23:06.639640Z info klog successfully acquired lease istio-system/istio-csr
2022-06-13T16:23:06.640303Z info klog manager/events "msg"="Normal" "message"="cert-manager-istio-csr-7bf86d579f-5xg8f_b59ef618-0e58-4001-9b52-b8489467929d became leader" "object"={"kind":"ConfigMap","namespace":"is
tio-system","name":"istio-csr","uid":"3f358c3a-79ea-47b4-a4a2-96b886847ad6","apiVersion":"v1","resourceVersion":"5297621"} "reason"="LeaderElection"
2022-06-13T16:23:06.640366Z info klog manager/events "msg"="Normal" "message"="cert-manager-istio-csr-7bf86d579f-5xg8f_b59ef618-0e58-4001-9b52-b8489467929d became leader" "object"={"kind":"Lease","namespace":"istio-
system","name":"istio-csr","uid":"aa2672a4-54b5-4dfb-856a-4e58ae2e8b76","apiVersion":"coordination.k8s.io/v1","resourceVersion":"5297622"} "reason"="LeaderElection"
2022-06-13T16:23:06.640380Z info klog manager/controller/configmap "msg"="Starting EventSource" "reconciler group"="" "reconciler kind"="ConfigMap" "source"="kind source: *v1.PartialObjectMetadata"
2022-06-13T16:23:06.640411Z info klog manager/controller/configmap "msg"="Starting EventSource" "reconciler group"="" "reconciler kind"="ConfigMap" "source"="kind source: *v1.Namespace"
2022-06-13T16:23:06.640456Z info klog manager/controller/configmap "msg"="Starting EventSource" "reconciler group"="" "reconciler kind"="ConfigMap" "source"="channel source: 0xc000eb0b40"
2022-06-13T16:23:06.640484Z info klog manager/controller/configmap "msg"="Starting Controller" "reconciler group"="" "reconciler kind"="ConfigMap"
2022-06-13T16:23:06.741832Z info klog manager/controller/configmap "msg"="Starting workers" "reconciler group"="" "reconciler kind"="ConfigMap" "worker count"=1
2022-06-13T16:23:06.843105Z info klog controller/configmap "msg"="updating ConfigMap data" "configmap"="istio-ca-root-cert" "namespace"="platform-delivery"
2022-06-13T16:23:06.857005Z info klog controller/configmap "msg"="updating ConfigMap data" "configmap"="istio-ca-root-cert" "namespace"="istio-addons-ingress"
2022-06-13T16:23:06.870137Z info klog controller/configmap "msg"="updating ConfigMap data" "configmap"="istio-ca-root-cert" "namespace"="cert-manager"
2022-06-13T16:23:06.884143Z info klog controller/configmap "msg"="creating configmap with root CA data" "configmap"="istio-ca-root-cert" "namespace"="kube-public"
2022-06-13T16:23:06.897590Z info klog controller/configmap "msg"="updating ConfigMap data" "configmap"="istio-ca-root-cert" "namespace"="calico-system"
2022-06-13T16:23:06.909220Z info klog controller/configmap updating ConfigMap data"istio-ca-root-cert" "namespace"="gatekeeper-system"
2022-06-13T16:23:06.918472Z info klog controller/configmap "msg"="updating ConfigMap data" "configmap"="istio-ca-root-cert" "namespace"="istio-ingress"
2022-06-13T16:23:06.928778Z info klog controller/configmap "msg"="updating ConfigMap data" "configmap"="istio-ca-root-cert" "namespace"="istio-system"
@JoshVanL
Copy link
Contributor

JoshVanL commented Jun 13, 2022
edited
Loading

Hi @ceastman-r7, do you mean it is repeated once for each namespace, or is continuously logged for every namespace over and over again?

If the latter, then this suggests that some other entity (like istiod) is also attempting to write to these ConfigMaps which will thrash both controllers.

@ceastman-r7
Copy link
Author

continuously logging.

Oh could istiod be trying to reset it back to the self signed certificate?

@JoshVanL
Copy link
Contributor

Yes, sounds like to me istiod might be missing this configuration

istio-csr/hack/istio-config-1.13.4.yaml

Line 20 in 4200304

- name: ENABLE_CA_SERVER

@ceastman-r7
Copy link
Author

yeah i havent switched the istio config yet. thank you.

@ceastman-r7
Copy link
Author

Do you have a values.yaml override file that can be used with helm instead of an istiooperating yaml to accomplish: https://github.com/cert-manager/istio-csr/blob/main/docs/istio-config-getting-started.yaml

@JoshVanL
Copy link
Contributor

This thread should be of help 🙂

#113

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JoshVanL @ceastman-r7