Istio ingress gateway not coming up with a lot of certificates

Jamie_Chapman-Brown · April 7, 2022, 2:51pm

I created this issue a while back, but haven’t really got any feedback as to where to go next.

Istio 1.13 seems to have made the issue somewhat better, but there’s still a good chance that new gateways will fail to ever come up, which means we can’t use it on one of our customer facing clusters, as it has enough gateways that it fails to ever go up.

Decreasing the number of certificates is not really viable, as they are related directly to customer actions and are independent on purpose.

Is there some data that needs to be collected to continue forward here?

klarose · April 7, 2022, 3:09pm

For what it’s worth, this issue is completely blocking us from upgrading past Istio 1.10. We have not figured out a workaround despite spending a fair amount of time investigating the problem. This is very serious: we are stuck on an unsupported version which is no longer receiving security updates. In a modern, web-based world this is unacceptable.

Any tips or pointers to start gaining some traction on addressing this would be greatly appreciated.

Thanks!

Topic		Replies	Views
Istio 1.4.10: Do not request client certificate on ingress Security	0	367	August 12, 2020
Istio Gateway not taking updated certs	0	716	July 29, 2021
Ingressgateway TLS SDS not working Networking	0	393	March 10, 2021
'Upgrading' from citadel to istiod (istio 1.4 to 1.5) Security security	0	528	August 10, 2020
Gateways, VirtualServices and Certificates . multiples	2	499	February 5, 2019

Istio ingress gateway not coming up with a lot of certificates

Related topics