Istio ingress gateway not coming up with a lot of certificates

I created this issue a while back, but haven’t really got any feedback as to where to go next.

Istio 1.13 seems to have made the issue somewhat better, but there’s still a good chance that new gateways will fail to ever come up, which means we can’t use it on one of our customer facing clusters, as it has enough gateways that it fails to ever go up.

Decreasing the number of certificates is not really viable, as they are related directly to customer actions and are independent on purpose.

Is there some data that needs to be collected to continue forward here?

1 Like

For what it’s worth, this issue is completely blocking us from upgrading past Istio 1.10. We have not figured out a workaround despite spending a fair amount of time investigating the problem. This is very serious: we are stuck on an unsupported version which is no longer receiving security updates. In a modern, web-based world this is unacceptable.

Any tips or pointers to start gaining some traction on addressing this would be greatly appreciated.