如果istiod在clusterA中,但istio-proxy在clusterB中,如何让istio-proxy访问istiod.
下面的一些日志,可能是认证失败了?
istiod 日志:
2023-04-22T02:03:00.122537Z error ads Failed to authenticate client from 11.151.238.183:38768: Authenticator ClientCertAuthenticator: no verified chain is found; Authenticator KubeJWTAuthenticator: failed to validate the JWT from cluster "Kubernetes": the service account authentication returns an error: [invalid bearer token, square/go-jose: error in cryptographic primitive]
isito-proxy 日志
2023-04-22 10:06:04 2023-04-22T02:06:04.405258Z info Pilot SAN: [istiod.istio-system.svc]
2023-04-22 10:06:04 2023-04-22T02:06:04.407744Z info Starting proxy agent
2023-04-22 10:06:04 2023-04-22T02:06:04.407777Z info Epoch 0 starting
2023-04-22 10:06:04 2023-04-22T02:06:04.407812Z info Envoy command: [-c etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --drain-strategy immediate --parent-shutdown-time-s 60 --local-address-ip-version v4 --file-flush-interval-msec 1000 --disable-hot-restart --log-format %Y-%m-%dT%T.%fZ %l envoy %n %v -l warning --component-log-level misc:error --concurrency 2]
2023-04-22 10:06:04 2023-04-22T02:06:04.412738Z info sds Starting SDS grpc server
2023-04-22 10:06:04 2023-04-22T02:06:04.412827Z info starting Http service at 127.0.0.1:15004
2023-04-22 10:06:04 2023-04-22T02:06:04.671808Z warn sds failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unauthenticated desc = request authenticate failure
2023-04-22 10:06:05 2023-04-22T02:06:05.300387Z info xdsproxy connected to upstream XDS server: istiod.istio-system.svc:15012
2023-04-22 10:06:05 2023-04-22T02:06:05.309782Z warn xdsproxy upstream [1] terminated with unexpected error rpc error: code = Unauthenticated desc = authentication failure