I installed istio in a custom namespace (not istio-system). The configuration I used is the following:
apiVersion: install.istio.io/v1alpha1 kind: IstioOperator metadata: namespace: infrastructure name: istiocontrolplane spec: profile: default values: global: istioNamespace: infrastructure components: ingressGateways: - name: istio-ingressgateway enabled: true egressGateways: - name: istio-egressgateway enabled: true meshConfig: accessLogFile: /dev/stdout accessLogEncoding: TEXT
I added a new ingress gateway in a new namespace as follows:
- name: istio-ingressgateway-lab #namespace: lab enabled: true label: istio: istio-ingressgateway-lab namespace: lab
However the ingress is looking for istiod in the istio-system namespace, not in infrastructure as I defined. These are the logs from the new ingress gateway pod:
2021-05-20T03:21:40.627632Z warn Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected
2021-05-20T03:21:41.924256Z warning envoy config StreamAggregatedResources gRPC config stream closed: 14, connection error: desc = “transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 172.21.0.10:53: no such host”
2021-05-20T03:21:42.627991Z warn Envoy proxy is NOT ready: config not received from Pilot (is Pilot running?): cds updates: 0 successful, 0 rejected; lds updates: 0 successful, 0 rejected
⇒ kubectl get pods -n infrastructure
NAME READY STATUS RESTARTS AGE
istio-egressgateway-8566868998-v6gmq 1/1 Running 0 46d
istio-ingressgateway-79d586f476-q4824 1/1 Running 0 46d
istio-ingressgateway-lab-84585cdb6f-qlsfj 1/1 Running 0 3d5h
istio-operator-84769fc9c-cnbqf 1/1 Running 0 48d
istio-webhook-5b8bc67c99-crcmd 1/1 Running 0 34d
istiod-858bc85849-75ns8 1/1 Running 0 46d
Could someone help me to address the issue? Thanks.
Related issue: Ingress-gateway in customized namescpace still connect istiod after install canary revision