Unable to get v1.4.3 working on EKS

vikas027 · January 15, 2020, 5:32am

Environment

Platform: AWS EKS (Platform Version eks.7)
K8s: v1.14.7
istioctl: 1.4.3
CNI: Weave

Problem

Unable to create a Gateway

root@b2102059b9a6:~# kubectl apply -f - <<EOF
> apiVersion: networking.istio.io/v1alpha3
> kind: Gateway
> metadata:
>   name: httpbin-gateway
> spec:
>   selector:
>     istio: ingressgateway # use Istio default gateway implementation
>   servers:
>   - port:
>       number: 80
>       name: http
>       protocol: HTTP
>     hosts:
>     - "httpbin.example.com"
> EOF
Error from server (Timeout): error when creating "STDIN": Timeout: request did not complete within requested timeout 30s
root@b2102059b9a6:~#

Steps to Reproduce

Install Istio

- Applying manifest for component Base...
✔ Finished applying manifest for component Base.
- Applying manifest for component Pilot...
- Applying manifest for component IngressGateway...
- Applying manifest for component Prometheus...
- Applying manifest for component Injector...
- Applying manifest for component Policy...
- Applying manifest for component Citadel...
- Applying manifest for component Galley...
- Applying manifest for component Telemetry...
✔ Finished applying manifest for component IngressGateway.
✔ Finished applying manifest for component Injector.
✔ Finished applying manifest for component Galley.
✔ Finished applying manifest for component Policy.
✔ Finished applying manifest for component Telemetry.
✔ Finished applying manifest for component Citadel.
✔ Finished applying manifest for component Prometheus.
✔ Finished applying manifest for component Pilot.


✔ Installation complete

root@b2102059b9a6:~# 

root@b2102059b9a6:~# k -n istio-system get svc,po
NAME                             TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                                                                                                      AGE
service/istio-citadel            ClusterIP   172.20.71.210    <none>        8060/TCP,15014/TCP                                                                                                           9m37s
service/istio-galley             ClusterIP   172.20.191.246   <none>        443/TCP,15014/TCP,9901/TCP,15019/TCP                                                                                         9m39s
service/istio-ingressgateway     NodePort    172.20.89.195    <none>        15020:31189/TCP,80:32767/TCP,443:32274/TCP,15029:31655/TCP,15030:31955/TCP,15031:32033/TCP,15032:32724/TCP,15443:31243/TCP   9m39s
service/istio-pilot              ClusterIP   172.20.35.108    <none>        15010/TCP,15011/TCP,8080/TCP,15014/TCP                                                                                       9m37s
service/istio-policy             ClusterIP   172.20.163.213   <none>        9091/TCP,15004/TCP,15014/TCP                                                                                                 9m38s
service/istio-sidecar-injector   ClusterIP   172.20.123.145   <none>        443/TCP                                                                                                                      9m39s
service/istio-telemetry          ClusterIP   172.20.23.153    <none>        9091/TCP,15004/TCP,15014/TCP,42422/TCP                                                                                       9m37s
service/prometheus               ClusterIP   172.20.121.87    <none>        9090/TCP                                                                                                                     9m37s

NAME                                          READY   STATUS    RESTARTS   AGE
pod/istio-citadel-6d6cbfdddb-khqgv            1/1     Running   0          9m37s
pod/istio-galley-65bd4d4c96-7spc8             2/2     Running   0          9m39s
pod/istio-ingressgateway-5b694f6978-s62xl     1/1     Running   0          6m53s
pod/istio-pilot-6777944bc8-fcx8h              2/2     Running   0          9m37s
pod/istio-policy-77875887d4-qshwf             2/2     Running   1          9m38s
pod/istio-sidecar-injector-75ff97b4d8-227zf   1/1     Running   0          9m39s
pod/istio-telemetry-78d4dc589-hbkzc           2/2     Running   2          9m38s
pod/prometheus-586d4445c7-prhlz               1/1     Running   0          9m37s
root@b2102059b9a6:~#

Try creating an ingress Gateway
It will throw the error as mentioned in the Problem

Other

I have also tried to generate the manifest and apply it, even it hangs forever.

root@b2102059b9a6:~# istioctl manifest generate --set profile=default --set values.gateways.istio-ingressgateway.type=NodePort > generated-manifest.yaml

root@b2102059b9a6:~# kubectl apply -f generated-manifest.yaml
clusterrole.rbac.authorization.k8s.io/istio-reader-istio-system configured
clusterrolebinding.rbac.authorization.k8s.io/istio-reader-istio-system configured
customresourcedefinition.apiextensions.k8s.io/attributemanifests.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/clusterrbacconfigs.rbac.istio.io configured
customresourcedefinition.apiextensions.k8s.io/destinationrules.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/envoyfilters.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/gateways.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/httpapispecbindings.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/httpapispecs.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/meshpolicies.authentication.istio.io configured
customresourcedefinition.apiextensions.k8s.io/policies.authentication.istio.io configured
customresourcedefinition.apiextensions.k8s.io/quotaspecbindings.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/quotaspecs.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/rbacconfigs.rbac.istio.io configured
customresourcedefinition.apiextensions.k8s.io/rules.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/serviceentries.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/servicerolebindings.rbac.istio.io configured
customresourcedefinition.apiextensions.k8s.io/serviceroles.rbac.istio.io configured
customresourcedefinition.apiextensions.k8s.io/virtualservices.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/adapters.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/instances.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/templates.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/handlers.config.istio.io configured
customresourcedefinition.apiextensions.k8s.io/sidecars.networking.istio.io configured
customresourcedefinition.apiextensions.k8s.io/authorizationpolicies.security.istio.io configured
namespace/istio-system configured
serviceaccount/istio-reader-service-account configured
clusterrole.rbac.authorization.k8s.io/istio-citadel-istio-system configured
clusterrolebinding.rbac.authorization.k8s.io/istio-citadel-istio-system configured
deployment.apps/istio-citadel configured
poddisruptionbudget.policy/istio-citadel configured
service/istio-citadel configured
serviceaccount/istio-citadel-service-account configured
clusterrole.rbac.authorization.k8s.io/istio-galley-istio-system configured
clusterrolebinding.rbac.authorization.k8s.io/istio-galley-admin-role-binding-istio-system configured
configmap/galley-envoy-config configured
configmap/istio-mesh-galley configured
configmap/istio-galley-configuration configured
deployment.apps/istio-galley configured
poddisruptionbudget.policy/istio-galley configured
service/istio-galley configured
serviceaccount/istio-galley-service-account configured
horizontalpodautoscaler.autoscaling/istio-ingressgateway configured
deployment.apps/istio-ingressgateway configured
poddisruptionbudget.policy/ingressgateway configured
service/istio-ingressgateway configured
serviceaccount/istio-ingressgateway-service-account configured
clusterrole.rbac.authorization.k8s.io/istio-sidecar-injector-istio-system configured
clusterrolebinding.rbac.authorization.k8s.io/istio-sidecar-injector-admin-role-binding-istio-system configured
configmap/injector-mesh configured
deployment.apps/istio-sidecar-injector configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/istio-sidecar-injector configured
poddisruptionbudget.policy/istio-sidecar-injector configured
service/istio-sidecar-injector configured
serviceaccount/istio-sidecar-injector-service-account configured
configmap/istio-sidecar-injector configured
horizontalpodautoscaler.autoscaling/istio-pilot configured
clusterrole.rbac.authorization.k8s.io/istio-pilot-istio-system configured
clusterrolebinding.rbac.authorization.k8s.io/istio-pilot-istio-system configured
configmap/pilot-envoy-config configured
configmap/istio configured
deployment.apps/istio-pilot configured
poddisruptionbudget.policy/istio-pilot configured
service/istio-pilot configured
serviceaccount/istio-pilot-service-account configured
horizontalpodautoscaler.autoscaling/istio-policy configured
clusterrole.rbac.authorization.k8s.io/istio-policy configured
clusterrolebinding.rbac.authorization.k8s.io/istio-policy-admin-role-binding-istio-system configured
configmap/policy-envoy-config configured
deployment.apps/istio-policy configured
poddisruptionbudget.policy/istio-policy configured
service/istio-policy configured
serviceaccount/istio-policy-service-account configured
clusterrole.rbac.authorization.k8s.io/prometheus-istio-system configured
clusterrolebinding.rbac.authorization.k8s.io/prometheus-istio-system configured
configmap/prometheus configured
deployment.apps/prometheus configured
service/prometheus configured
serviceaccount/prometheus configured
horizontalpodautoscaler.autoscaling/istio-telemetry configured
clusterrole.rbac.authorization.k8s.io/istio-mixer-istio-system configured
clusterrolebinding.rbac.authorization.k8s.io/istio-mixer-admin-role-binding-istio-system configured


^C
root@b2102059b9a6:~#

Meghana · February 16, 2020, 1:08pm

Can you try using versions earlier to 1.3? I had a similar issue with GKE and I got it to work by using v1.2.10.

Topic		Replies	Views
Impossible to create a Gateway resource Networking	6	4322	April 16, 2020
Testing istio with Filebeat -> Logstash -> Elasticsearch	0	1895	January 15, 2019
Ingress gateway timing out while setting up bookinfo Networking	0	351	June 19, 2020
Error when creating any istio gateway: context deadline exceeded	1	6473	August 5, 2020
Could k8s master node timeouts cause istio gateway errors?	1	796	November 3, 2020

Unable to get v1.4.3 working on EKS

Environment

Problem

Steps to Reproduce

Other

Related topics