Jaeger helm charts are deployed having jaeger agent, collector, cassandra , query. The whole set-up works fine on a namespace having injection enabled.
However when we apply the mTLS policy, the jaeger collector fails to connect to the hosts. The istio-proxy of jaeger collector fails to find the JWT token. Copied below are the details:
mtls Policy:
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
name: default
spec:
peers:
- mtls: {}
Destination route:
apiVersion: “networking.istio.io/v1alpha3”
kind: “DestinationRule”
metadata:
name: “default”
spec:
host: “*.local”
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
~
~
LOGS from Jaeger collector pod:
2020/05/28 05:47:52 gocql: dns error: lookup jaeger-cassandra on 10.96.0.10:53: no such host
{“level”:“fatal”,“ts”:1590644872.2643485,“caller”:“collector/main.go:91”,“msg”:“Failed to init storage factory”,“error”:"gocql: unable to create session: failed to resolve any of the provided hostnames
{“level”:“info”,“ts”:1590644962.0080297,“caller”:“flags/admin.go:100”,“msg”:“Admin server started”,“http-port”:14269,“health-status”:“unavailable”}
2020/05/28 05:49:23 gocql: unable to dial control conn 10.32.0.20: EOF
{“level”:“fatal”,“ts”:1590644963.022509,“caller”:“collector/main.go:91”,“msg”:“Failed to init storage factory”,“error”:"gocql: unable to create session: control: unable to connect to initial hosts: EOF
LOGS from istio-proxy side car of jaeger collector
2020-05-28T06:07:41.151144Z info JWT policy is third-party-jwt
2020-05-28T06:07:41.151258Z warn Missing JWT token, can’t use in process SDS ./var/run/secrets/tokens/istio-tokenstat ./var/run/secrets/tokens/istio-token: no such file or directory
2