My goal is to have a simple Istio setup on a Kubernetes cluster. I was able to achieve this using Docker Desktop on my laptop.
As a next step, thought of doing this on a Kubernetes cluster hosted on CentOS VMs in my company's internal data center. I have a simple Kubernetes cluster setup and am able to deploy a few sample services there. I then setup Istio and created a new namespace with istio-injection=enabled. When I try to deploy a service in the new namespace, I get the below error.
> Error creating: Internal error occurred: failed calling webhook
> "sidecar-injector.istio.io": Post
> https://istio-sidecar-injector.istio-system.svc:443/inject?timeout=30s:
> dial tcp 10.109.98.58:443: connect: no route to hostI am not sure what I am doing wrong, or if I am missing any configuration.
Any help or pointers would be appreciated.
Below is the output of kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
istio-system grafana-6c8f45499-hv4tq 1/1 Running 0 10d
istio-system istio-citadel-db8578cc4-bsdcj 1/1 Running 0 10d
istio-system istio-egressgateway-f9c7b6669-h9tvh 0/1 Running 0 10d
istio-system istio-galley-786ff7f89b-42snm 1/1 Running 0 10d
istio-system istio-ingressgateway-5654f8bf65-6bg7n 0/1 Running 0 10d
istio-system istio-pilot-c565b478c-j4f8c 0/1 Running 0 10d
istio-system istio-policy-7d5f97776c-n4c96 0/1 CrashLoopBackOff 5031 10d
istio-system istio-sidecar-injector-c7ff9dd99-wh9nf 1/1 Running 0 14h
istio-system istio-telemetry-55dd49cf85-f26hp 0/1 CrashLoopBackOff 5117 10d
istio-system istio-tracing-78548677bc-zqz5j 1/1 Running 0 10d
istio-system kiali-fb5f485fb-ll6bz 1/1 Running 0 10d
istio-system prometheus-685585888b-rwl2r 1/1 Running 0 10d
kube-system coredns-5d4dd4b4db-cj927 1/1 Running 0 11d
kube-system coredns-5d4dd4b4db-kwcqf 1/1 Running 0 11d
kube-system etcd-master-node 1/1 Running 0 11d
kube-system kube-apiserver-master-node 1/1 Running 0 11d
kube-system kube-controller-manager-master-node 1/1 Running 0 11d
kube-system kube-proxy-49qdq 1/1 Running 0 11d
kube-system kube-proxy-h2p7c 1/1 Running 1 10d
kube-system kube-proxy-ncwnx 1/1 Running 1 10d
kube-system kube-scheduler-master-node 1/1 Running 0 11d
kube-system weave-net-67r6x 2/2 Running 0 11d
kube-system weave-net-kxvbc 2/2 Running 2 10d
kube-system weave-net-spv99 2/2 Running 3 10dThe logs of executing kubectl --v=9 apply -f https://raw.githubusercontent.com/istio/istio/release-1.4/samples/bookinfo/networking/bookinfo-gateway.yaml are available here (It's too huge to be attached to the post).
Thank you.
PS: I used the word service loosely earlier.
-Anoop
Kindly check the connection between your api-server and sidecar-injector. I have faced this issue before and it was that the ports were not open on host level. So, you can check node ports if they are open and also if there are any network policy that you need to open to establish the connection. Check sidecar-injector pod logs if it received any request.