Istio envoy proxy throws uncaught critical exception when sidecar injected with kong ingress controller

Istio version : 1.10.3
Kong proxy version: 2.4
Kong ingress controller version: 1.3

Envoy proxy log:

$ kubectl logs -f  kong-kong-7946cfcd87-p59rj  -n kong  -c istio-proxy --previous
2021-09-02T09:43:58.195496Z	info	FLAG: --concurrency="2"
2021-09-02T09:43:58.195554Z	info	FLAG: --domain="kong.svc.cluster.local"
2021-09-02T09:43:58.195567Z	info	FLAG: --help="false"
2021-09-02T09:43:58.195572Z	info	FLAG: --log_as_json="false"
2021-09-02T09:43:58.195575Z	info	FLAG: --log_caller=""
2021-09-02T09:43:58.195578Z	info	FLAG: --log_output_level="default:info"
2021-09-02T09:43:58.195580Z	info	FLAG: --log_rotate=""
2021-09-02T09:43:58.195584Z	info	FLAG: --log_rotate_max_age="30"
2021-09-02T09:43:58.195589Z	info	FLAG: --log_rotate_max_backups="1000"
2021-09-02T09:43:58.195593Z	info	FLAG: --log_rotate_max_size="104857600"
2021-09-02T09:43:58.195598Z	info	FLAG: --log_stacktrace_level="default:none"
2021-09-02T09:43:58.195607Z	info	FLAG: --log_target="[stdout]"
2021-09-02T09:43:58.195612Z	info	FLAG: --meshConfig="./etc/istio/config/mesh"
2021-09-02T09:43:58.195614Z	info	FLAG: --outlierLogPath=""
2021-09-02T09:43:58.195617Z	info	FLAG: --proxyComponentLogLevel="misc:error"
2021-09-02T09:43:58.195620Z	info	FLAG: --proxyLogLevel="warning"
2021-09-02T09:43:58.195623Z	info	FLAG: --serviceCluster="kong-kong.kong"
2021-09-02T09:43:58.195626Z	info	FLAG: --stsPort="0"
2021-09-02T09:43:58.195629Z	info	FLAG: --templateFile=""
2021-09-02T09:43:58.195632Z	info	FLAG: --tokenManagerPlugin="GoogleTokenExchange"
2021-09-02T09:43:58.195635Z	info	Version 1.10.3-61313778e0b785e401c696f5e92f47af069f96d0-Clean
2021-09-02T09:43:58.195767Z	info	Proxy role	ips=[10.200.95.66] type=sidecar id=kong-kong-7946cfcd87-p59rj.kong domain=kong.svc.cluster.local
2021-09-02T09:43:58.195873Z	info	Apply proxy config from env {}

2021-09-02T09:43:58.196822Z	info	Effective config: binaryPath: /usr/local/bin/envoy
concurrency: 2
configPath: ./etc/istio/proxy
controlPlaneAuthPolicy: MUTUAL_TLS
discoveryAddress: istiod.istio-system.svc:15012
drainDuration: 45s
parentShutdownDuration: 60s
proxyAdminPort: 15000
serviceCluster: kong-kong.kong
statNameLength: 189
statusPort: 15020
terminationDrainDuration: 5s
tracing:
  zipkin:
    address: zipkin.istio-system:9411

2021-09-02T09:43:58.196856Z	info	JWT policy is third-party-jwt
2021-09-02T09:43:58.196880Z	info	Pilot SAN: [istiod.istio-system.svc]
2021-09-02T09:43:58.196886Z	info	CA Endpoint istiod.istio-system.svc:15012, provider Citadel
2021-09-02T09:43:58.196938Z	info	Using CA istiod.istio-system.svc:15012 cert with certs: var/run/secrets/istio/root-cert.pem
2021-09-02T09:43:58.197096Z	info	citadelclient	Citadel client using custom root cert: istiod.istio-system.svc:15012
2021-09-02T09:43:58.228291Z	info	ads	All caches have been synced up in 37.047168ms, marking server ready
2021-09-02T09:43:58.228749Z	info	sds	SDS server for workload certificates started, listening on "./etc/istio/proxy/SDS"
2021-09-02T09:43:58.228775Z	info	xdsproxy	Initializing with upstream address "istiod.istio-system.svc:15012" and cluster "Kubernetes"
2021-09-02T09:43:58.228938Z	info	sds	Start SDS grpc server
2021-09-02T09:43:58.229091Z	info	Opening status port 15020
2021-09-02T09:43:58.234550Z	info	Starting proxy agent
2021-09-02T09:43:58.234691Z	info	Epoch 0 starting
2021-09-02T09:43:58.236994Z	info	Envoy command: [-c etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --drain-strategy immediate --parent-shutdown-time-s 60 --service-cluster kong-kong.kong --service-node sidecar~10.200.95.66~kong-kong-7946cfcd87-p59rj.kong~kong.svc.cluster.local --local-address-ip-version v4 --bootstrap-version 3 --disable-hot-restart --log-format %Y-%m-%dT%T.%fZ	%l	envoy %n	%v -l warning --component-log-level misc:error --concurrency 2]
2021-09-02T09:43:58.363790Z	info	xdsproxy	connected to upstream XDS server: istiod.istio-system.svc:15012
2021-09-02T09:43:58.364162Z	info	cache	generated new workload certificate	latency=135.336082ms ttl=23h59m59.635859243s
2021-09-02T09:43:58.364196Z	info	cache	Root cert has changed, start rotating root cert
2021-09-02T09:43:58.364216Z	info	ads	XDS: Incremental Pushing:0 ConnectedEndpoints:0 Version:
2021-09-02T09:43:58.364294Z	info	cache	returned workload trust anchor from cache	ttl=23h59m59.635708981s
2021-09-02T09:43:58.431685Z	info	ads	ADS: new connection for node:sidecar~10.200.95.66~kong-kong-7946cfcd87-p59rj.kong~kong.svc.cluster.local-2
2021-09-02T09:43:58.431776Z	info	ads	ADS: new connection for node:sidecar~10.200.95.66~kong-kong-7946cfcd87-p59rj.kong~kong.svc.cluster.local-1
2021-09-02T09:43:58.431845Z	info	cache	returned workload certificate from cache	ttl=23h59m59.568162082s
2021-09-02T09:43:58.431920Z	info	cache	returned workload trust anchor from cache	ttl=23h59m59.568087036s
2021-09-02T09:43:58.432266Z	info	sds	SDS: PUSH	resource=default
2021-09-02T09:43:58.432408Z	info	sds	SDS: PUSH	resource=ROOTCA
2021-09-02T09:44:00.606797Z	info	Initialization took 2.414372404s
2021-09-02T09:44:00.606876Z	info	Envoy proxy is ready
2021-09-02T09:45:21.848191Z	critical	envoy main	std::terminate called! (possible uncaught exception, see trace)
2021-09-02T09:45:21.848228Z	critical	envoy backtrace	Backtrace (use tools/stack_decode.py to get line numbers):
2021-09-02T09:45:21.848234Z	critical	envoy backtrace	Envoy version: 4b528a87271e841bd64daf841a1a384ed4fcac68/1.18.4-dev/Clean/RELEASE/BoringSSL
2021-09-02T09:45:21.859271Z	critical	envoy backtrace	#0: Envoy::TerminateHandler::logOnTerminate()::$_0::operator()() [0x557ce26fbb86]
2021-09-02T09:45:21.868220Z	critical	envoy backtrace	#1: [0x557ce26fb9e9]
2021-09-02T09:45:21.877503Z	critical	envoy backtrace	#2: std::__terminate() [0x557ce2d97ac3]
2021-09-02T09:45:21.887390Z	critical	envoy backtrace	#3: Envoy::Network::Address::Ipv6Instance::Ipv6Instance() [0x557ce25747e2]
2021-09-02T09:45:21.896393Z	critical	envoy backtrace	#4: Envoy::Network::Utility::parseInternetAddressNoThrow() [0x557ce2566abd]
2021-09-02T09:45:21.905149Z	critical	envoy backtrace	#5: Envoy::Http::Utility::getLastAddressFromXFF() [0x557ce2558478]
2021-09-02T09:45:21.914172Z	critical	envoy backtrace	#6: Envoy::Http::ConnectionManagerUtility::mutateRequestHeaders() [0x557ce2209862]
2021-09-02T09:45:21.922186Z	critical	envoy backtrace	#7: Envoy::Http::ConnectionManagerImpl::ActiveStream::decodeHeaders() [0x557ce21ffd8c]
2021-09-02T09:45:21.931123Z	critical	envoy backtrace	#8: Envoy::Http::Http1::ServerConnectionImpl::onMessageCompleteBase() [0x557ce22362b1]
2021-09-02T09:45:21.940558Z	critical	envoy backtrace	#9: Envoy::Http::Http1::ConnectionImpl::onMessageComplete() [0x557ce22339dd]
2021-09-02T09:45:21.949197Z	critical	envoy backtrace	#10: Envoy::Http::Http1::LegacyHttpParserImpl::Impl::Impl()::{lambda()#3}::__invoke() [0x557ce223bb6f]
2021-09-02T09:45:21.957392Z	critical	envoy backtrace	#11: http_parser_execute [0x557ce257ce5b]
2021-09-02T09:45:21.965670Z	critical	envoy backtrace	#12: Envoy::Http::Http1::LegacyHttpParserImpl::execute() [0x557ce223b58f]
2021-09-02T09:45:21.974314Z	critical	envoy backtrace	#13: Envoy::Http::Http1::ConnectionImpl::dispatchSlice() [0x557ce2231da4]
2021-09-02T09:45:21.984028Z	critical	envoy backtrace	#14: Envoy::Http::Http1::ConnectionImpl::dispatch() [0x557ce223151f]
2021-09-02T09:45:21.993140Z	critical	envoy backtrace	#15: Envoy::Http::Http1::ConnectionImpl::dispatch() [0x557ce2231fe5]
2021-09-02T09:45:22.001238Z	critical	envoy backtrace	#16: Envoy::Http::ConnectionManagerImpl::onData() [0x557ce21fbd4c]
2021-09-02T09:45:22.009099Z	critical	envoy backtrace	#17: Envoy::Network::FilterManagerImpl::onContinueReading() [0x557ce23c7ccf]
2021-09-02T09:45:22.017469Z	critical	envoy backtrace	#18: Envoy::Network::ConnectionImpl::onReadReady() [0x557ce23be579]
2021-09-02T09:45:22.027851Z	critical	envoy backtrace	#19: Envoy::Network::ConnectionImpl::onFileEvent() [0x557ce23bc12f]
2021-09-02T09:45:22.039848Z	critical	envoy backtrace	#20: std::__1::__function::__func<>::operator()() [0x557ce1f12721]
2021-09-02T09:45:22.048877Z	critical	envoy backtrace	#21: Envoy::Event::FileEventImpl::assignEvents()::$_1::__invoke() [0x557ce1f13e8c]
2021-09-02T09:45:22.052364Z	critical	envoy main	std::terminate called! (possible uncaught exception, see trace)
2021-09-02T09:45:22.052467Z	critical	envoy backtrace	Backtrace (use tools/stack_decode.py to get line numbers):
2021-09-02T09:45:22.052500Z	critical	envoy backtrace	Envoy version: 4b528a87271e841bd64daf841a1a384ed4fcac68/1.18.4-dev/Clean/RELEASE/BoringSSL
2021-09-02T09:45:22.058663Z	critical	envoy backtrace	#22: event_process_active_single_queue [0x557ce259b8e8]
2021-09-02T09:45:22.062128Z	critical	envoy backtrace	#0: Envoy::TerminateHandler::logOnTerminate()::$_0::operator()() [0x557ce26fbb86]
2021-09-02T09:45:22.068841Z	critical	envoy backtrace	#23: event_base_loop [0x557ce259a2be]
2021-09-02T09:45:22.073231Z	critical	envoy backtrace	#1: [0x557ce26fb9e9]
2021-09-02T09:45:22.080677Z	critical	envoy backtrace	#24: Envoy::Server::WorkerImpl::threadRoutine() [0x557ce1f09983]
2021-09-02T09:45:22.082302Z	critical	envoy backtrace	#2: std::__terminate() [0x557ce2d97ac3]
2021-09-02T09:45:22.089604Z	critical	envoy backtrace	#25: Envoy::Thread::ThreadImplPosix::ThreadImplPosix()::{lambda()#1}::__invoke() [0x557ce2cdea63]
2021-09-02T09:45:22.089717Z	critical	envoy backtrace	#26: start_thread [0x7f34eb7b16db]
2021-09-02T09:45:22.089776Z	critical	envoy backtrace	Caught Aborted, suspect faulting address 0x53900000010
2021-09-02T09:45:22.089783Z	critical	envoy backtrace	Backtrace (use tools/stack_decode.py to get line numbers):
2021-09-02T09:45:22.089847Z	critical	envoy backtrace	Envoy version: 4b528a87271e841bd64daf841a1a384ed4fcac68/1.18.4-dev/Clean/RELEASE/BoringSSL
2021-09-02T09:45:22.089889Z	critical	envoy backtrace	#0: __restore_rt [0x7f34eb7bc980]
2021-09-02T09:45:22.090915Z	critical	envoy backtrace	#3: Envoy::Network::Address::Ipv6Instance::Ipv6Instance() [0x557ce25747e2]
2021-09-02T09:45:22.098294Z	critical	envoy backtrace	#1: [0x557ce26fb9e9]
2021-09-02T09:45:22.098317Z	critical	envoy backtrace	#2: std::__terminate() [0x557ce2d97ac3]
2021-09-02T09:45:22.098320Z	critical	envoy backtrace	#3: Envoy::Network::Address::Ipv6Instance::Ipv6Instance() [0x557ce25747e2]
2021-09-02T09:45:22.098322Z	critical	envoy backtrace	#4: Envoy::Network::Utility::parseInternetAddressNoThrow() [0x557ce2566abd]
2021-09-02T09:45:22.098324Z	critical	envoy backtrace	#5: Envoy::Http::Utility::getLastAddressFromXFF() [0x557ce2558478]
2021-09-02T09:45:22.098326Z	critical	envoy backtrace	#6: Envoy::Http::ConnectionManagerUtility::mutateRequestHeaders() [0x557ce2209862]
2021-09-02T09:45:22.098328Z	critical	envoy backtrace	#7: Envoy::Http::ConnectionManagerImpl::ActiveStream::decodeHeaders() [0x557ce21ffd8c]
2021-09-02T09:45:22.098330Z	critical	envoy backtrace	#8: Envoy::Http::Http1::ServerConnectionImpl::onMessageCompleteBase() [0x557ce22362b1]
2021-09-02T09:45:22.098331Z	critical	envoy backtrace	#9: Envoy::Http::Http1::ConnectionImpl::onMessageComplete() [0x557ce22339dd]
2021-09-02T09:45:22.098333Z	critical	envoy backtrace	#10: Envoy::Http::Http1::LegacyHttpParserImpl::Impl::Impl()::{lambda()#3}::__invoke() [0x557ce223bb6f]
2021-09-02T09:45:22.098335Z	critical	envoy backtrace	#11: http_parser_execute [0x557ce257ce5b]
2021-09-02T09:45:22.098337Z	critical	envoy backtrace	#12: Envoy::Http::Http1::LegacyHttpParserImpl::execute() [0x557ce223b58f]
2021-09-02T09:45:22.098338Z	critical	envoy backtrace	#13: Envoy::Http::Http1::ConnectionImpl::dispatchSlice() [0x557ce2231da4]
2021-09-02T09:45:22.098340Z	critical	envoy backtrace	#14: Envoy::Http::Http1::ConnectionImpl::dispatch() [0x557ce223151f]
2021-09-02T09:45:22.098341Z	critical	envoy backtrace	#15: Envoy::Http::Http1::ConnectionImpl::dispatch() [0x557ce2231fe5]
2021-09-02T09:45:22.098343Z	critical	envoy backtrace	#16: Envoy::Http::ConnectionManagerImpl::onData() [0x557ce21fbd4c]
2021-09-02T09:45:22.098345Z	critical	envoy backtrace	#17: Envoy::Network::FilterManagerImpl::onContinueReading() [0x557ce23c7ccf]
2021-09-02T09:45:22.098346Z	critical	envoy backtrace	#18: Envoy::Network::ConnectionImpl::onReadReady() [0x557ce23be579]
2021-09-02T09:45:22.098348Z	critical	envoy backtrace	#19: Envoy::Network::ConnectionImpl::onFileEvent() [0x557ce23bc12f]
2021-09-02T09:45:22.098350Z	critical	envoy backtrace	#20: std::__1::__function::__func<>::operator()() [0x557ce1f12721]
2021-09-02T09:45:22.098352Z	critical	envoy backtrace	#21: Envoy::Event::FileEventImpl::assignEvents()::$_1::__invoke() [0x557ce1f13e8c]
2021-09-02T09:45:22.098353Z	critical	envoy backtrace	#22: event_process_active_single_queue [0x557ce259b8e8]
2021-09-02T09:45:22.098355Z	critical	envoy backtrace	#23: event_base_loop [0x557ce259a2be]
2021-09-02T09:45:22.098356Z	critical	envoy backtrace	#24: Envoy::Server::WorkerImpl::threadRoutine() [0x557ce1f09983]
2021-09-02T09:45:22.098358Z	critical	envoy backtrace	#25: Envoy::Thread::ThreadImplPosix::ThreadImplPosix()::{lambda()#1}::__invoke() [0x557ce2cdea63]
2021-09-02T09:45:22.098360Z	critical	envoy backtrace	#26: start_thread [0x7f34eb7b16db]
ActiveStream 0x557ce6ca6000, stream_id_: 2919886871986043075&filter_manager_: 
  FilterManager 0x557ce6ca6078, state_.has_continue_headers_: 0
  filter_manager_callbacks_.requestHeaders(): 
    ':authority', 'ozone-dev.in2tive.xyz'
    ':path', '/api/admin/env?id=60ae0c004a20cb41367520fc'
    ':method', 'GET'
    'user-agent', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36'
    'accept', 'application/json'
    'accept-encoding', 'gzip'
    'accept-language', 'en-US,en;q=0.9'
    'authorization', 'e4ac3c8ddf3c8f2d6242766bc4558414451232fc069c4b05eddca416d3f23404'
    'cdn-loop', 'cloudflare'
    'cf-connecting-ip', '2405:201:5007:d08a:90d:6e7b:997a:cce6'
    'cf-ipcountry', 'IN'
    'cf-ray', '6885ce15d9f11b64-HKG'
    'cf-visitor', '{"scheme":"https"}'
    'content-type', 'application/json; charset=utf-8'
    'cookie', '_ga=GA1.3.704294877.1625107447; _gcl_au=1.1.168746253.1627991926; _ga=GA1.2.665868310.1627991926; _gid=GA1.2.942751864.1630295721; _gid=GA1.3.942751864.1630295721'
    'referer', 'https://ozone-dev.in2tive.xyz/'
    'sec-fetch-dest', 'empty'
    'sec-fetch-mode', 'cors'
    'sec-fetch-site', 'same-origin'
    'x-forwarded-for', '2405:201:5007:d08a:90d:6e7b:997a:cce6'
    'x-forwarded-proto', 'https'
    'x-workspace-id', '3'
  filter_manager_callbacks_.requestTrailers():   null
  filter_manager_callbacks_.responseHeaders():   null
  filter_manager_callbacks_.responseTrailers():   null
  &stream_info_: 
    StreamInfoImpl 0x557ce6ca6168, protocol_: 1, response_code_: null, response_code_details_: null, health_check_request_: 0, route_name_: 
    OverridableRemoteSocketAddressSetterStreamInfo 0x557ce6ca6168, remoteAddress(): 10.200.43.86:37890, directRemoteAddress(): 10.200.43.86:37890, localAddress(): 10.200.95.66:8000
Http1::ConnectionImpl 0x557ce6ac1e08, dispatching_: 1, dispatching_slice_already_drained_: 0, reset_stream_called_: 0, handling_upgrade_: 0, deferred_end_stream_headers_: 1, strict_1xx_and_204_headers_: 0, processing_trailers_: 0, buffered_body_.length(): 0, header_parsing_state_: Done, current_header_field_: , current_header_value_: 
, active_request_.request_url_: null
absl::get<RequestHeaderMapPtr>(headers_or_trailers_): null
current_dispatching_buffer_ front_slice length: 987 contents: "GET /api/admin/env?id=60ae0c004a20cb41367520fc HTTP/1.1\r\nHost: ozone-dev.in2tive.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\r\nAccept: application/json\r\nAccept-Encoding: gzip\r\nAccept-Language: en-US,en;q=0.9\r\nAuthorization: e4ac3c8ddf3c8f2d6242766bc4558414451232fc069c4b05eddca416d3f23404\r\nCdn-Loop: cloudflare\r\nCf-Connecting-Ip: 2405:201:5007:d08a:90d:6e7b:997a:cce6\r\nCf-Ipcountry: IN\r\nCf-Ray: 6885ce15d9f11b64-HKG\r\nCf-Visitor: {\"scheme\":\"https\"}\r\nConnection: keep-alive\r\nContent-Type: application/json; charset=utf-8\r\nCookie: _ga=GA1.3.704294877.1625107447; _gcl_au=1.1.168746253.1627991926; _ga=GA1.2.665868310.1627991926; _gid=GA1.2.942751864.1630295721; _gid=GA1.3.942751864.1630295721\r\nReferer: https://ozone-dev.in2tive.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nX-Forwarded-For: 2405:201:5007:d08a:90d:6e7b:997a:cce6\r\nX-Forwarded-Proto: https\r\nX-Workspace-Id: 3\r\n\r\n"
ConnectionImpl 0x557ce54cbb80, connecting_: 0, bind_error_: 0, state(): Open, read_buffer_limit_: 1048576
socket_: 
  ListenSocketImpl 0x557ce6b8f950, transport_protocol_: raw_buffer, server_name_: 
  address_provider_: 
    SocketAddressSetterImpl 0x557ce69d9c38, remote_address_: 10.200.43.86:37890, direct_remote_address_: 10.200.43.86:37890, local_address_: 10.200.95.66:8000
2021-09-02T09:45:22.109478Z	info	ads	ADS: "@" sidecar~10.200.95.66~kong-kong-7946cfcd87-p59rj.kong~kong.svc.cluster.local-1 terminated rpc error: code = Canceled desc = context canceled
2021-09-02T09:45:22.110235Z	error	Epoch 0 exited with error: signal: aborted
2021-09-02T09:45:22.110374Z	info	No more active epochs, terminating```
$ kubectl get po kong-kong-7946cfcd87-jzxvk -n kong -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    prometheus.io/path: /stats/prometheus
    prometheus.io/port: "15020"
    prometheus.io/scrape: "true"
    sidecar.istio.io/status: '{"initContainers":["istio-init"],"containers":["istio-proxy"],"volumes":["istio-envoy","istio-data","istio-podinfo","istio-token","istiod-ca-cert"],"imagePullSecrets":null}'
  creationTimestamp: "2021-09-02T08:57:03Z"
  generateName: kong-kong-7946cfcd87-
  labels:
    app.kubernetes.io/component: app
    app.kubernetes.io/instance: kong
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kong
    app.kubernetes.io/version: "2.4"
    helm.sh/chart: kong-2.1.0
    istio.io/rev: default
    pod-template-hash: 7946cfcd87
    security.istio.io/tlsMode: istio
    service.istio.io/canonical-name: kong
    service.istio.io/canonical-revision: "2.4"
  name: kong-kong-7946cfcd87-jzxvk
  namespace: kong
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: kong-kong-7946cfcd87
    uid: bc997e99-90fa-41df-9ad0-418bd7d1c55e
  resourceVersion: "36802574"
  uid: a590eb84-851b-420d-8211-8bc759018679
spec:
  containers:
  - args:
    - /kong-ingress-controller
    env:
    - name: POD_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    - name: CONTROLLER_ELECTION_ID
      value: kong-ingress-controller-leader-kong
    - name: CONTROLLER_INGRESS_CLASS
      value: kong
    - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY
      value: "true"
    - name: CONTROLLER_KONG_ADMIN_URL
      value: http://localhost:8001
    - name: CONTROLLER_PUBLISH_SERVICE
      value: kong/kong-kong-proxy
    image: kong/kubernetes-ingress-controller:1.3
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /app-health/ingress-controller/livez
        port: 15020
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    name: ingress-controller
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /app-health/ingress-controller/readyz
        port: 15020
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    resources:
      limits:
        cpu: 50m
        memory: 200Mi
      requests:
        cpu: 50m
        memory: 200Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kong-kong-token-jw58l
      readOnly: true
  - env:
    - name: KONG_ADMIN_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_ADMIN_ERROR_LOG
      value: /dev/stderr
    - name: KONG_ADMIN_GUI_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_ADMIN_GUI_ERROR_LOG
      value: /dev/stderr
    - name: KONG_ADMIN_LISTEN
      value: 0.0.0.0:8001
    - name: KONG_CLUSTER_LISTEN
      value: "off"
    - name: KONG_DATABASE
      value: postgres
    - name: KONG_KIC
      value: "on"
    - name: KONG_LUA_PACKAGE_PATH
      value: /opt/?.lua;/opt/?/init.lua;;
    - name: KONG_NGINX_WORKER_PROCESSES
      value: "2"
    - name: KONG_PG_HOST
      value: kong-postgresql
    - name: KONG_PG_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgresql-password
          name: kong-postgresql
    - name: KONG_PG_PORT
      value: "5432"
    - name: KONG_PLUGINS
      value: bundled
    - name: KONG_PORTAL_API_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_PORTAL_API_ERROR_LOG
      value: /dev/stderr
    - name: KONG_PORT_MAPS
      value: 80:8000
    - name: KONG_PREFIX
      value: /kong_prefix/
    - name: KONG_PROXY_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_PROXY_ERROR_LOG
      value: /dev/stderr
    - name: KONG_PROXY_LISTEN
      value: 0.0.0.0:8000
    - name: KONG_STATUS_LISTEN
      value: 0.0.0.0:8100
    - name: KONG_STREAM_LISTEN
      value: "off"
    - name: KONG_NGINX_DAEMON
      value: "off"
    image: kong:2.4
    imagePullPolicy: IfNotPresent
    lifecycle:
      preStop:
        exec:
          command:
          - /bin/sh
          - -c
          - /bin/sleep 15 && kong quit
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /app-health/proxy/livez
        port: 15020
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    name: proxy
    ports:
    - containerPort: 8001
      name: admin
      protocol: TCP
    - containerPort: 8000
      name: proxy
      protocol: TCP
    - containerPort: 8100
      name: status
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /app-health/proxy/readyz
        port: 15020
        scheme: HTTP
      initialDelaySeconds: 5
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 5
    resources:
      limits:
        cpu: 100m
        memory: 500Mi
      requests:
        cpu: 75m
        memory: 350Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /kong_prefix/
      name: kong-kong-prefix-dir
    - mountPath: /tmp
      name: kong-kong-tmp
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kong-kong-token-jw58l
      readOnly: true
  - args:
    - proxy
    - sidecar
    - --domain
    - $(POD_NAMESPACE).svc.cluster.local
    - --serviceCluster
    - kong-kong.kong
    - --proxyLogLevel=warning
    - --proxyComponentLogLevel=misc:error
    - --log_output_level=default:info
    - --concurrency
    - "2"
    env:
    - name: JWT_POLICY
      value: third-party-jwt
    - name: PILOT_CERT_PROVIDER
      value: istiod
    - name: CA_ADDR
      value: istiod.istio-system.svc:15012
    - name: POD_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    - name: INSTANCE_IP
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: status.podIP
    - name: SERVICE_ACCOUNT
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: spec.serviceAccountName
    - name: HOST_IP
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: status.hostIP
    - name: CANONICAL_SERVICE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.labels['service.istio.io/canonical-name']
    - name: CANONICAL_REVISION
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.labels['service.istio.io/canonical-revision']
    - name: PROXY_CONFIG
      value: |
        {}
    - name: ISTIO_META_POD_PORTS
      value: |-
        [
            {"name":"admin","containerPort":8001,"protocol":"TCP"}
            ,{"name":"proxy","containerPort":8000,"protocol":"TCP"}
            ,{"name":"status","containerPort":8100,"protocol":"TCP"}
        ]
    - name: ISTIO_META_APP_CONTAINERS
      value: ingress-controller,proxy
    - name: ISTIO_META_CLUSTER_ID
      value: Kubernetes
    - name: ISTIO_META_INTERCEPTION_MODE
      value: REDIRECT
    - name: ISTIO_META_WORKLOAD_NAME
      value: kong-kong
    - name: ISTIO_META_OWNER
      value: kubernetes://apis/apps/v1/namespaces/kong/deployments/kong-kong
    - name: ISTIO_META_MESH_ID
      value: cluster.local
    - name: TRUST_DOMAIN
      value: cluster.local
    - name: ISTIO_KUBE_APP_PROBERS
      value: '{"/app-health/ingress-controller/livez":{"httpGet":{"path":"/healthz","port":10254,"scheme":"HTTP"},"timeoutSeconds":5},"/app-health/ingress-controller/readyz":{"httpGet":{"path":"/healthz","port":10254,"scheme":"HTTP"},"timeoutSeconds":5},"/app-health/proxy/livez":{"httpGet":{"path":"/status","port":8100,"scheme":"HTTP"},"timeoutSeconds":5},"/app-health/proxy/readyz":{"httpGet":{"path":"/status","port":8100,"scheme":"HTTP"},"timeoutSeconds":5}}'
    image: docker.io/istio/proxyv2:1.10.3
    imagePullPolicy: IfNotPresent
    name: istio-proxy
    ports:
    - containerPort: 15090
      name: http-envoy-prom
      protocol: TCP
    readinessProbe:
      failureThreshold: 30
      httpGet:
        path: /healthz/ready
        port: 15021
        scheme: HTTP
      initialDelaySeconds: 1
      periodSeconds: 2
      successThreshold: 1
      timeoutSeconds: 3
    resources:
      limits:
        cpu: "2"
        memory: 1Gi
      requests:
        cpu: 100m
        memory: 128Mi
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: true
      runAsGroup: 1337
      runAsNonRoot: true
      runAsUser: 1337
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/istio
      name: istiod-ca-cert
    - mountPath: /var/lib/istio/data
      name: istio-data
    - mountPath: /etc/istio/proxy
      name: istio-envoy
    - mountPath: /var/run/secrets/tokens
      name: istio-token
    - mountPath: /etc/istio/pod
      name: istio-podinfo
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kong-kong-token-jw58l
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  initContainers:
  - command:
    - /bin/sh
    - -c
    - until kong start; do echo 'waiting for db'; sleep 1; done; kong stop; rm -fv
      '/kong_prefix//stream_rpc.sock'
    env:
    - name: KONG_ADMIN_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_ADMIN_ERROR_LOG
      value: /dev/stderr
    - name: KONG_ADMIN_GUI_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_ADMIN_GUI_ERROR_LOG
      value: /dev/stderr
    - name: KONG_ADMIN_LISTEN
      value: 0.0.0.0:8001
    - name: KONG_CLUSTER_LISTEN
      value: "off"
    - name: KONG_DATABASE
      value: postgres
    - name: KONG_KIC
      value: "on"
    - name: KONG_LUA_PACKAGE_PATH
      value: /opt/?.lua;/opt/?/init.lua;;
    - name: KONG_NGINX_WORKER_PROCESSES
      value: "2"
    - name: KONG_PG_HOST
      value: kong-postgresql
    - name: KONG_PG_PASSWORD
      valueFrom:
        secretKeyRef:
          key: postgresql-password
          name: kong-postgresql
    - name: KONG_PG_PORT
      value: "5432"
    - name: KONG_PLUGINS
      value: bundled
    - name: KONG_PORTAL_API_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_PORTAL_API_ERROR_LOG
      value: /dev/stderr
    - name: KONG_PORT_MAPS
      value: 80:8000
    - name: KONG_PREFIX
      value: /kong_prefix/
    - name: KONG_PROXY_ACCESS_LOG
      value: /dev/stdout
    - name: KONG_PROXY_ERROR_LOG
      value: /dev/stderr
    - name: KONG_PROXY_LISTEN
      value: 0.0.0.0:8000
    - name: KONG_STATUS_LISTEN
      value: 0.0.0.0:8100
    - name: KONG_STREAM_LISTEN
      value: "off"
    image: kong:2.4
    imagePullPolicy: IfNotPresent
    name: wait-for-db
    resources:
      limits:
        cpu: 500m
        memory: 700Mi
      requests:
        cpu: 200m
        memory: 300Mi
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /kong_prefix/
      name: kong-kong-prefix-dir
    - mountPath: /tmp
      name: kong-kong-tmp
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kong-kong-token-jw58l
      readOnly: true
  - args:
    - istio-iptables
    - -p
    - "15001"
    - -z
    - "15006"
    - -u
    - "1337"
    - -m
    - REDIRECT
    - -i
    - '*'
    - -x
    - ""
    - -b
    - '*'
    - -d
    - 15090,15021,15020
    image: docker.io/istio/proxyv2:1.10.3
    imagePullPolicy: IfNotPresent
    name: istio-init
    resources:
      limits:
        cpu: "2"
        memory: 1Gi
      requests:
        cpu: 100m
        memory: 128Mi
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        add:
        - NET_ADMIN
        - NET_RAW
        drop:
        - ALL
      privileged: false
      readOnlyRootFilesystem: false
      runAsGroup: 0
      runAsNonRoot: false
      runAsUser: 0
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kong-kong-token-jw58l
      readOnly: true
  nodeName: 41510885-3654-4067-876f-c1764f887cb2
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 1337
  serviceAccount: kong-kong
  serviceAccountName: kong-kong
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - emptyDir:
      medium: Memory
    name: istio-envoy
  - emptyDir: {}
    name: istio-data
  - downwardAPI:
      defaultMode: 420
      items:
      - fieldRef:
          apiVersion: v1
          fieldPath: metadata.labels
        path: labels
      - fieldRef:
          apiVersion: v1
          fieldPath: metadata.annotations
        path: annotations
      - path: cpu-limit
        resourceFieldRef:
          containerName: istio-proxy
          divisor: 1m
          resource: limits.cpu
      - path: cpu-request
        resourceFieldRef:
          containerName: istio-proxy
          divisor: 1m
          resource: requests.cpu
    name: istio-podinfo
  - name: istio-token
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          audience: istio-ca
          expirationSeconds: 43200
          path: istio-token
  - configMap:
      defaultMode: 420
      name: istio-ca-root-cert
    name: istiod-ca-cert
  - emptyDir: {}
    name: kong-kong-prefix-dir
  - emptyDir: {}
    name: kong-kong-tmp
  - configMap:
      defaultMode: 493
      name: kong-kong-bash-wait-for-postgres
    name: kong-kong-bash-wait-for-postgres
  - name: kong-kong-token-jw58l
    secret:
      defaultMode: 420
      secretName: kong-kong-token-jw58l
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2021-09-02T08:57:09Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2021-09-02T10:14:41Z"
    message: 'containers with unready status: [ingress-controller proxy istio-proxy]'
    reason: ContainersNotReady
    status: "False"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2021-09-02T10:14:41Z"
    message: 'containers with unready status: [ingress-controller proxy istio-proxy]'
    reason: ContainersNotReady
    status: "False"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2021-09-02T08:57:03Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: docker://6573d822ab04f3cd79986f3dc07cf93408cdf27613b34fe4cb4e94ae3507c864
    image: kong/kubernetes-ingress-controller:1.3
    imageID: docker-pullable://kong/kubernetes-ingress-controller@sha256:b1131d6c533516df4c834e6dcbc7f1d6437e015cce06d932bbceca86f5cd79e2
    lastState:
      terminated:
        containerID: docker://438fcd9a4c1dfc0c1d9f9e5b680a058a7ae7fb8d01d657c37904fc43977492d2
        exitCode: 0
        finishedAt: "2021-09-02T10:15:21Z"
        reason: Completed
        startedAt: "2021-09-02T10:14:15Z"
    name: ingress-controller
    ready: false
    restartCount: 6
    started: true
    state:
      running:
        startedAt: "2021-09-02T10:15:21Z"
  - containerID: docker://ecf1012e70647c92e62adb60c2b463bcc702517f11014ffc8053676495e23b93
    image: istio/proxyv2:1.10.3
    imageID: docker-pullable://istio/proxyv2@sha256:a78b7a165744384d95f75d157c34e02d6b4355aaf8fe2a2c75914832bdf764e8
    lastState:
      terminated:
        containerID: docker://ecf1012e70647c92e62adb60c2b463bcc702517f11014ffc8053676495e23b93
        exitCode: 0
        finishedAt: "2021-09-02T10:14:40Z"
        reason: Completed
        startedAt: "2021-09-02T10:13:47Z"
    name: istio-proxy
    ready: false
    restartCount: 10
    started: false
    state:
      waiting:
        message: back-off 2m40s restarting failed container=istio-proxy pod=kong-kong-7946cfcd87-jzxvk_kong(a590eb84-851b-420d-8211-8bc759018679)
        reason: CrashLoopBackOff
  - containerID: docker://99932646b91b0eeeb49e834d8a0b5dc514d45bc111fcaacd496346aad1d3b8fc
    image: kong:2.4
    imageID: docker-pullable://kong@sha256:c9872460e6c9cb05d5ac1f125fff571c00541d4da7438f5eb821e07a56efe752
    lastState:
      terminated:
        containerID: docker://00e48d9cd7f609e5a277dc6e76abc6bd486f200ffa8f14342cc9375d687c26eb
        exitCode: 0
        finishedAt: "2021-09-02T10:15:19Z"
        reason: Completed
        startedAt: "2021-09-02T10:13:46Z"
    name: proxy
    ready: false
    restartCount: 6
    started: true
    state:
      running:
        startedAt: "2021-09-02T10:15:20Z"
  hostIP: 192.168.164.9
  initContainerStatuses:
  - containerID: docker://8f573d2ff49b7d8f0a0e080a5fb65fb9b095270a5c169243fbf87799acb0d151
    image: kong:2.4
    imageID: docker-pullable://kong@sha256:c9872460e6c9cb05d5ac1f125fff571c00541d4da7438f5eb821e07a56efe752
    lastState: {}
    name: wait-for-db
    ready: true
    restartCount: 0
    state:
      terminated:
        containerID: docker://8f573d2ff49b7d8f0a0e080a5fb65fb9b095270a5c169243fbf87799acb0d151
        exitCode: 0
        finishedAt: "2021-09-02T08:57:07Z"
        reason: Completed
        startedAt: "2021-09-02T08:57:05Z"
  - containerID: docker://8e090c5693d955b0581f4258572ca16b0b1942f9a1e5bf8fb22465ebce6a7477
    image: istio/proxyv2:1.10.3
    imageID: docker-pullable://istio/proxyv2@sha256:a78b7a165744384d95f75d157c34e02d6b4355aaf8fe2a2c75914832bdf764e8
    lastState: {}
    name: istio-init
    ready: true
    restartCount: 0
    state:
      terminated:
        containerID: docker://8e090c5693d955b0581f4258572ca16b0b1942f9a1e5bf8fb22465ebce6a7477
        exitCode: 0
        finishedAt: "2021-09-02T08:57:08Z"
        reason: Completed
        startedAt: "2021-09-02T08:57:08Z"
  phase: Running
  podIP: 10.200.43.94
  podIPs:
  - ip: 10.200.43.94
  qosClass: Burstable
  startTime: "2021-09-02T08:57:03Z"


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ