This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Anthos Service Mesh on AWS EKS - istiod - no certificate returned for the CSR

Posted on 04-05-2023 01:31 PM
olsson
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I'm trying to install Anthos Service Mesh on AWS EKS cluster.  Below there is a command which I'm using to instal ASM:

./asmcli install \
  --verbose \
  --fleet_id ${fleet_project_id} \
  --kubeconfig ${kubeconfig} \
  --output_dir ${output_dir} \
  --platform multicloud \
  --enable_all \
  --ca mesh_ca

The problem is that, the installation is not finished with success because, istiod components can not go into Running state. It's because of the error:

2023-04-05T20:01:59.436053Z warn discovery is not ready: <nil>
2023-04-05T20:02:02.294910Z error failed to create discovery service: failed generating key and cert by kubernetes: no certificate returned for the CSR: "csr-workload-xzcb47kh26j2qrhfbb"
Error: failed to create discovery service: failed generating key and cert by kubernetes: no certificate returned for the CSR: "csr-workload-xzcb47kh26j2qrhfbb"

Does anybody knows what can be an issue ?

0 1 252
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
bkauf
Staff
Reply posted on --/--/---- --:-- AM

Hello, it looks like you are missing the --attached-cluster option.   If you search this page for EKS you will find the correct EKS installation command

./asmcli install \
  --fleet_id FLEET_PROJECT_ID \
  --kubeconfig KUBECONFIG_FILE \
  --output_dir DIR_PATH \
  --platform multicloud \
  --enable_all \
  --option attached-cluster \
  --ca mesh_ca

 

 

 

0 Likes
Top Labels in this Space