asm/ERR/2024_001

Getting timed out error for secret not found for ingress gateway

Product: Anthos Service Mesh
Rule class: ERR - Something that is very likely to be wrong

Description

When deploying Ingress gateway which is using a secret, you may get the following error: gRPC config: initial fetch timed out for type.googleapis.com/envoy.extensions. transport_sockets.tls.v3.Secret

This means Ingress gateway is trying to get certs but failing. This could mean istiod is denying the requests or otherwise cannot access them.

Remediation

One possible solution is to confirm if the secret exists in the given namespace. You can use the command kubectl get secrets -n <namespace> to verify the existence of secret. One way to check is by looking at the audit logs to confirm if the secret was deleted somehow.

Further information

  • Further, checking the Istiod logs will likely give more info.