Issues when Plugging in External CA Key and Certificate

Barry · February 12, 2020, 2:00pm

Hi Team,

My environments is OpenShift 4.2.8, Istio version is the latest.

Then I want to use my own CA to replace default certificate in Citadel. I follow instructions via the link https://istio.io/docs/tasks/security/citadel-config/plugin-ca-cert/ (Plugging in External CA Key and Certificate) to do it.

When I run command "istioctl manifest apply --set values.global.mtls.enabled=true,values.security.selfSigned=false
", it gets a few of errors like this:

# istioctl manifest apply --set values.global.mtls.enabled=true,values.security.selfSigned=false
Preparing manifests for these components:
- Kiali
- IngressGateway
- Cni
- CertManager
- Injector
- Policy
- Base
- Galley
- Grafana
- Citadel
- Prometheus
- PrometheusOperator
- NodeAgent
- EgressGateway
- Telemetry
- Pilot
- CoreDNS
- Tracing

Applying manifest for component Base
Applying manifest for component Citadel
Applying manifest for component IngressGateway
Finished applying manifest for component Citadel
Finished applying manifest for component IngressGateway
Applying manifest for component Prometheus
Finished applying manifest for component Prometheus
Applying manifest for component Policy
Applying manifest for component Galley
Applying manifest for component Pilot
Finished applying manifest for component Pilot
Finished applying manifest for component Galley
Applying manifest for component Injector
Finished applying manifest for component Policy
Finished applying manifest for component Injector
Applying manifest for component Telemetry
Finished applying manifest for component Telemetry

Component Base install returned the following errors:
=====================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Galley install returned the following errors:
=======================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Grafana install returned the following errors:
========================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Citadel install returned the following errors:
========================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Prometheus install returned the following errors:
===========================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component PrometheusOperator install returned the following errors:
===================================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component NodeAgent install returned the following errors:
==========================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component EgressGateway install returned the following errors:
==============================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Telemetry install returned the following errors:
==========================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Pilot install returned the following errors:
======================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component CoreDNS install returned the following errors:
========================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Tracing install returned the following errors:
========================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Kiali install returned the following errors:
======================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component IngressGateway install returned the following errors:
===============================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Cni install returned the following errors:
====================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component CertManager install returned the following errors:
============================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Injector install returned the following errors:
=========================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH


Component Policy install returned the following errors:
=======================================================
Error: error running kubectl: exec: "kubectl": executable file not found in $PATH



*** Errors were logged during apply operation. Please check component installation logs above. ***

What is wrong here? How to fix it?

I stuck here for a few of days, please do me a favor, Thanks in advanced.

Barry

Topic		Replies	Views
Actions required for external CA key/cert to take effect? Security	2	697	May 29, 2020
External CA key/cert expiration Security	0	327	February 18, 2020
Plugging in existing CA Certificates in istio 1.7 Security	3	2472	February 1, 2021
Plugging in existing CA Certificates in istio1.5 Security	6	1128	April 7, 2020
Istio external certificate Security	0	384	September 12, 2019

Issues when Plugging in External CA Key and Certificate

Related Topics