As the title shows, origin authentication of Istio failed after cluster maintainance last week. I surveyed logs, but I couldn't find the clue to solve the problem.
I'd appreciate if anyone teaches me what the cause is or how to find out the effective logs.
I confirmed that a request to our web server was with a valid JWT, but the response was 401 unauthorized and its message was origin authentication failed
.
And after recreating pods, origin authentication worked again.
Besides, I found out that requests failed after the maintainance of GKE by checking the access logs
Therefore, I thought sidecars (envoy) had problems after the maintainance, but couldn't find any envoy's helpful logs.
I installed Istio as GKE add-on, and versions are following. Origin authentication had been working fine for two months.
Thank you for reading my question!
The issue was solved recreating the application's pod.
Since there is no way to reproduce the same bahavior from ISTIO side, I recommend you to open a Issue on GCP to investigation.