Error: Istio installation failed, incomplete or does not match "istio-new.yaml" - deployment "istio-ingressgateway" exceeded its progress deadline

we are installing istio using istioctl manifest generate with below options -

istioctl manifest generate
–set values.prometheus.enabled=true
–set components.pilot.enabled=true
–set components.base.enabled=true
–set components.citadel.enabled=true
–set components.galley.enabled=true
–set components.policy.enabled=true
–set components.sidecarInjector.enabled=true
–set components.telemetry.enabled=true
–set values.mixer.adapters.stackdriver.enabled=true
–set values.gateways.enabled=true
–set values.global.mtls.enabled=true
–set values.gateways.istio-ingressgateway.enabled=true
–set values.gateways.istio-ingressgateway.sds.enabled=true
–set values.global.k8sIngress.enabled=true
–set values.global.k8sIngress.enableHttps=true > istio-new.yaml

kubectl apply -f istio-new.yaml

istioctl verify-install -f istio-new.yaml throws below error
Error: Istio installation failed, incomplete or does not match “istio-new.yaml” - deployment “istio-ingressgateway” exceeded its progress deadline

When checked the status of pods -
kubectl get pods -n istio-system

NAME READY STATUS RESTARTS AGE
istio-citadel-657c747d77-9ssjr 1/1 Running 0 30m
istio-galley-5d54bc88b8-pw97s 2/2 Running 0 30m
istio-ingressgateway-598796f4d9-zm2sp 0/1 Running 0 30m
istio-policy-b7678b6b6-2nprr 2/2 Running 0 29m
istio-sidecar-injector-66bd566876-9rdx6 1/1 Running 0 29m
istio-telemetry-597bbb79b6-9f5vm 2/2 Running 0 29m
istiod-7d9c7bdd6-st8lf 1/1 Running 0 30m
prometheus-b47d8c58c-zwt8r 2/2 Running 0 6m52s

there is issue with istio-ingress gateway pod. Logs from istio-proxy container from istio-ingressgateway pod -
info Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 9 successful, 0 rejected; lds updates: 0 successful, 8 rejected

Events -
containers with unready status: [istio-proxy]
Readiness probe failed: HTTP probe failed with statuscode: 503

We have installed pilot using --set components.pilot.enabled=true. But log says info Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?).

I have the same issue as well. @nikhil_balekundargi did you resolve it ?

I think you are hitting the following

try removing
–set values.gateways.istio-ingressgateway.sds.enabled=true
it would work.

i have same issue with 1.5.1, it didnt resolve after setting “values.gateways.istio-ingressgateway.sds.enabled” to false

istioctl upgrade -f istio-operator-override.yaml --set values.global.jwtPolicy=first-party-jwt --set values.gateways.istio-ingressgateway.sds.enabled=false

restarted the ingres g/w but still the same isssue:

2020-04-10T12:18:52.887177Z     info    Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 1 successful, 0 rejected; lds updates: 0 successful, 1 rejected
2020-04-10T12:18:54.885369Z     info    Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 1 successful, 0 rejected; lds updates: 0 successful, 1 rejected

clean install doesn’t give any issue regardless of “values.gateways.istio-ingressgateway.sds.enabled” true or false

in my case i am upgrading from 1.4.6 to 1.5.1 and getting this issue after upgrade, will raise a bug if the issue is reproducible

@deepak_deore by default sds is enabled in 1.5. Pls read the upgrade notes/ release notes of 1.5 as many thing have changed. Most the components are merged with Isitod.

Making this issue as resolved as I was enabling all the components manually which was unnecessary.

Telemetry, pilot etc are now part of istiod. Also sds is enabled by default in 1.5.