'Istiod was not restarted after IstioCA was updated

Description Recently the IstioCA got updated on aws-sandbox env but the CAS controller did not restart the IstioD pods. The CA got renewed on 16/04/2022. The Istio cert got rotated on 18/04.

Possible errors:

E0321 08:42:49.647580       1 reflector.go:138] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167: Failed to watch *v1.MutatingWebhookConfiguration: failed to list *v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:chi-cas-controller:chi-cas-controller" cannot list resource "mutatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scope
E0321 08:42:49.523922       1 reflector.go:138] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:167: Failed to watch *v1.Pod: unknown (get pods)
istio


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to configure istio for mesh federation without service discovery?

Istio + minikube + Nginx (React). Cannot get access from browser nor CURL

Locality LoadBalacing not working on Istio

Istio vs Service Mesh Interface

Istio Virtual service dark launch (deployment) Header exact not working

Suddenly getting "Unable to connect to the server: net/http: TLS handshake timeout" from kubectl

Terminate istio sidecar istio-proxy for a kubernetes job / cronjob

Istio traffic routing rules take no effect

The external IP of istio ingress gateway stay pending

fail to run istio-ingressgateway, got Readiness probe failed: connection refused

Add Custom Header to HTTP request in Load Balancer

Unable to setup development environment for Kiali

How to expose kafka using istio ingress?

Istio WorkloadEntry sidecar a requirements?

Istio - Gunicorn - Python getting 503 upstream connect error or disconnect/reset before headers. reset reason: connection failure