I'm trying to install Istio on a private GKE cluster. I have downloaded the version 1.4.3 of Istio and then applied the default profile. But not all the components are getting installed from the manifest. Below are the error logs.
$ istioctl manifest apply
This will install the default Istio profile into the cluster. Proceed? (y/N) y
- Applying manifest for component Base...
✔ Finished applying manifest for component Base.
- Applying manifest for component Pilot...
- Applying manifest for component Policy...
- Applying manifest for component Galley...
- Applying manifest for component Citadel...
- Applying manifest for component IngressGateway...
- Applying manifest for component Prometheus...
- Applying manifest for component Telemetry...
- Applying manifest for component Injector...
✘ Finished applying manifest for component Pilot.
✘ Finished applying manifest for component Telemetry.
✔ Finished applying manifest for component Prometheus.
✔ Finished applying manifest for component Citadel.
✔ Finished applying manifest for component Galley.
✔ Finished applying manifest for component Policy.
✔ Finished applying manifest for component Injector.
✔ Finished applying manifest for component IngressGateway.
Component Pilot - manifest apply returned the following errors:
Error: error running kubectl: signal: killed
Component Kiali - manifest apply returned the following errors:
Error: error running kubectl: exit status 1
Error detail:
Unable to connect to the server: dial tcp 192.168.0.2:443: i/o timeout (repeated 1 times)
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
Component Grafana - manifest apply returned the following errors:
Error: error running kubectl: exit status 1
Error detail:
Unable to connect to the server: dial tcp 192.168.0.2:443: i/o timeout (repeated 1 times)
apiVersion: v1
items: []
kind: List
metadata:
resourceVersion: ""
selfLink: ""
Component Telemetry - manifest apply returned the following errors:
Error: error running kubectl: exit status 1
Error detail:
Unable to connect to the server: net/http: request canceled (Client.Timeout exceeded while awaiting headers) (repeated 1 times)
✘ Errors were logged during apply operation. Please check component installation logs above.
Failed to generate and apply manifests, error: errors were logged during apply operation
Also, the ingress gateway is not getting created from any of the sample applications (helloworld, bookinfo). Below is the error:
$ kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
Error from server (Timeout): error when creating "samples/bookinfo/networking/bookinfo-gateway.yaml": Timeout: request did not complete within requested timeout 30s
Error from server (Timeout): error when creating "samples/bookinfo/networking/bookinfo-gateway.yaml": Timeout: request did not complete within requested timeout 30s
However, I tried to use istio along with GKE on the same private cluster by following the guide here
This worked and all the components are installed successfully, along with the ingress gateway. I have enabled the ports 80,8080,1000-2000,22,443,9443 on the network as well. Can please someone tell us what would be the issue causing this error.
Kubernetes version:
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.3", GitCommit:"06ad960bfd03b39c8310aaf92d1e7c12ce618213", GitTreeState:"clean", BuildDate:"2020-02-11T18:14:22Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.12-gke.25", GitCommit:"654de8cac69f1fc5db6f2de0b88d6d027bc15828", GitTreeState:"clean", BuildDate:"2020-01-14T06:01:20Z", GoVersion:"go1.12.11b4", Compiler:"gc", Platform:"linux/amd64"}
Istio version:
client version: 1.4.3
control plane version: 1.4.3
data plane version: 1.4.3 (1 proxies)
Platform: GKE
OS: Ubuntu
Try to create a Cloud NAT router on the same network you are creating the cluster and recreate the cluster. After this, try to install Istio again.
Is possible that Istio is not able to get the images for some components because the cluster is not able to access internet.
Cloud NAT on GCP