istio-networking failing to update gateway

[datadot]

In what area(s)?

/area networking

Ask your question here:

Clean deployments running isio 1.4.
CNI + SDS + Strict mTLS configured

Minimal Serving component installed for knative with cert-manager 0.10 configured with clusterissuer against letsencrypt staging.

For initial testing, I deploy the basic helloworld serving demo which returns:

NAMESPACE   NAME            URL                                               LATESTCREATED         LATESTREADY           READY     REASON
samples     helloworld-go   https://helloworld-go.samples.example.com   helloworld-go-p9b56   helloworld-go-p9b56   Unknown   IngressNotConfigured

LetsEncrypt certificate is created and saved correctly.
Initial pod has all relevant proxy containers injected.
No errors reported within container logs.

knative-ingress-gateway doesn't get updated with the additional host configuration I would expect and looking into the logs for networking-istio pod I have the following lines:

{"level":"info","ts":"2019-12-05T11:50:12.399Z","logger":"istiocontroller","caller":"ingress/ingress.go:436","msg":"Cleaning up Gateway Servers for Ingress helloworld-go","commit":"a1a35b1","knative.dev/traceid":"64d8de38-18f1-4bd7-9c72-e16370724587","knative.dev/key":"samples/helloworld-go"}
{"level":"error","ts":"2019-12-05T11:50:12.410Z","logger":"istiocontroller","caller":"controller/controller.go:357","msg":"Reconcile error","commit":"a1a35b1","error":"failed to update Gateway: Gateway.networking.istio.io \"knative-ingress-gateway\" is invalid: spec.servers.tls.subjectAltNames: Invalid value: \"null\": spec.servers.tls.subjectAltNames in body must be of type array: \"null\"","stacktrace":"knative.dev/serving/vendor/knative.dev/pkg/controller.(*Impl).handleErr\n\t/home/prow/go/src/knative.dev/serving/vendor/knative.dev/pkg/controller/controller.go:357\nknative.dev/serving/vendor/knative.dev/pkg/controller.(*Impl).processNextWorkItem\n\t/home/prow/go/src/knative.dev/serving/vendor/knative.dev/pkg/controller/controller.go:343\nknative.dev/serving/vendor/knative.dev/pkg/controller.(*Impl).Run.func2\n\t/home/prow/go/src/knative.dev/serving/vendor/knative.dev/pkg/controller/controller.go:291"}

It looks like the configuration of gateway by istio-networking is malformed or am I looking in the wrong place?

Thanks.

[nak3]

Are you using Knative v0.10? If so, I remember that the bug should be solved by #6041, which is not included in v0.10 yet.

When updated Istio to v1.4, e2e test (TestIstioProbing) had the same problem. But it was solved by #6041 as #6160 proved it.

[datadot]

Yes this is v0.10, do we know schedule for next release that'll include #6041?

Thanks.

[tcnghia]

Release is scheduled next Tuesday.

In the mean time, can you please try our latest/nightly version here to see if the issue is fixed by #6041 or not? https://pantheon.corp.google.com/storage/browser/knative-nightly/serving/latest/?folder=true&organizationId=true&project=knative-nightly

(replacing the yamls you used with the corresponding ones from this GCS bucket)

[datadot]

@tcnghia this is an internal Google resource, is there a public link?

Thanks.

[vagababov]

https://console.cloud.google.com/storage/browser/knative-nightly/serving/latest/?folder=true&organizationId=true&project=knative-nightly

[datadot]

Fixed in nightly - closing issues.