asm/ERR/2024_001
Getting timed out error for secret not found for ingress gateway
Product: Anthos Service Mesh
Rule class: ERR - Something that is very likely to be wrong
Description
When deploying Ingress gateway which is using a secret, you may get the following error: gRPC config: initial fetch timed out for type.googleapis.com/envoy.extensions. transport_sockets.tls.v3.Secret
This means Ingress gateway is trying to get certs but failing. This could mean istiod is denying the requests or otherwise cannot access them.
Remediation
One possible solution is to confirm if the secret exists in the given namespace.
You can use the command kubectl get secrets -n <namespace> to verify the
existence of secret. One way to check is by looking at the audit logs to confirm
if the secret was deleted somehow.
Further information
- Further, checking the Istiod logs will likely give more info.