Unable to install istio with terraform helm plugin


#1

I’ve got a super weird issue.

If I run helm 1.1.0-snapshot.3 manually via the command line it will install. If I try to install it via the terraform plugin, istio-security-post-install never completes. The error log returns

  • kubectl apply -f /tmp/security/custom-resources.yaml
    Error from server (Timeout): error when creating “/tmp/security/custom-resources.yaml”: Timeout: request did not complete within allowed duration

I’m having a hard time understand why installing it through the plugin would fail. I’ve spent the day troubleshooting the issue, and AFAIK, the plugin is doing the same thing I do manually. Both tools seem to set the same configuration values, and the resources between it working and not working seem to be the same.

FYI, this only seems to occur on AWS. Running all of this locally with no issue and Istio works.

Any ideas?


#3

I identified my issue. Was missing an open port on 443 between the control plane and the worker nodes. That was added when they enabled support for validating webhooks. It is not really called out anywhere in their documentation that 443 is required for that to work.


#4

Thanks, that is good feedback! Eric is helping to put out a table of ports used by istio control plane in istio.io, so it would help once we get the data in. :slight_smile: