How to renew the root certificate for ISTIO/Red Hat Service Mesh in OpenShift version 3.11?

Solution In Progress - Updated -

Issue

  • The upgrade playbook is failing due to the certificate of namespace istio-system is expired.
 TASK [Upgrade all storage] *******************************************************************************************************************************************************************
FAILED - RETRYING: Upgrade all storage (6 retries left).
FAILED - RETRYING: Upgrade all storage (5 retries left).
FAILED - RETRYING: Upgrade all storage (4 retries left).
FAILED - RETRYING: Upgrade all storage (3 retries left).
FAILED - RETRYING: Upgrade all storage (2 retries left).
FAILED - RETRYING: Upgrade all storage (1 retries left).
fatal: [dca-hd-osm-01.int.dca.ca.gov]: FAILED! => {"attempts": 6, "changed": true, "cmd": ["oc", "adm", "--config=/etc/origin/master/admin.kubeconfig", "migrate", "storage", "--include=*"], "delta": "0:01:20.489761", "end": "2020-08-10 16:12:26.252423", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2020-08-10 16:11:05.762662", "stderr": "", "stderr_lines": [], "stdout": "E0810 16:11:07.811775 error:     -n istio-system attributemanifests/istioproxy: Internal error occurred: failed calling admission webhook \"mixer.validation.istio.io\": Post https://istio-galley.istio-system.svc:443/admitmixer?timeout=30s: x509: certificate has expired or is not yet valid\nE0810 16:11:07.817714 error:     -n istio-system attributemanifests/kubernetes: Internal error occurred: failed calling admission webhook \"mixer.validation.istio.io\": Post https://istio-galley.istio-system.svc:443/admitmixer?timeout=30s: x509: certificate has expired or is not yet valid
  • How to regenerate the root certificate of ISTIO in OCP 3.11?

Environment

  • Red Hat OpenShift Service Mesh
  • Red Hat Openshift Container Platform (OCP)
    • 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content