My istioctl version 1.16.0
kubernetes version 1.25
CNI - cilium 1.12.4
my install process
kubectl create namespace istio-system
istioctl operator init
cat <<EOF | kubectl apply -f -
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: istio
namespace: istio-system
spec:
profile: demo
components:
ingressGateways:
- name: istio-ingressgateway
k8s:
service:
ports:
- port: 15021
targetPort: 15021
name: status-port
- port: 80
targetPort: 8080
nodePort: 31080
name: http2
- port: 443
targetPort: 8443
nodePort: 31443
name: https
- port: 32400
targetPort: 31400
nodePort: 32400
name: tcp
- port: 15443
targetPort: 15443
nodePort: 32443
name: tls
EOF
cat <<EOF | kubectl apply -f -
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: http-compressor-v3
namespace: istio-system
spec:
workloadSelector:
labels:
# Put same labels that will identify your application
istio: ingressgateway
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: envoy.filters.network.http_connection_manager
subFilter:
name: envoy.filters.http.router
patch:
operation: INSERT_BEFORE
value:
name: envoy.filters.http.compressor
typed_config:
# See https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/compressor_filter for full options
'@type': type.googleapis.com/envoy.extensions.filters.http.compressor.v3.Compressor
compressor_library:
name: text_optimized
compression_level: DEFAULT
memory_level: 9
window_bits: 15
typed_config:
'@type': type.googleapis.com/envoy.extensions.compression.gzip.compressor.v3.Gzip
remove_accept_encoding_header: true
EOF
When installing the cluster external secret, the following error log appears.
Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "validate.clustersecretstore.external-secrets.io": failed to call webhook: Post "https://external-secrets-webhook.external-secrets.svc:443/validate-external-secrets-io-v1beta1-clustersecretstore?timeout=5s": context deadline exceeded
istiod pod log
2023-01-09T08:53:20.335936Z info validationController Not ready to switch validation to fail-closed: dummy invalid config not rejected
2023-01-09T08:53:20.336028Z info validationController validatingwebhookconfiguration istio-validator-istio-system (failurePolicy=Ignore, resourceVersion=1351) is up-to-date. No change required.
2023-01-09T08:58:30.352403Z info validationController Not ready to switch validation to fail-closed: dummy invalid config not rejected
kube-api-server pod log
W0109 09:03:40.358944 1 dispatcher.go:174] Failed calling webhook, failing open rev.validation.istio.io: failed calling webhook "rev.validation.istio.io": failed to call webhook: Post "https://istiod.istio-system.svc:443/validate?timeout=10s": context deadline exceeded
E0109 09:03:40.358983 1 dispatcher.go:181] failed calling webhook "rev.validation.istio.io": failed to call webhook: Post "https://istiod.istio-system.svc:443/validate?timeout=10s": context deadline exceeded
Which part do I need to fix?
i tried