生成工作负载证书失败：创建证书 istio ingress

我在 istio-ingress pod 中遇到以下错误。

2023-09-10T05:18:55.390302Z     warn    sds     failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial tcp 10.100.19.43:15012: i/o timeout"

    kubectl get --raw /api/v1/namespaces/istio-system/services/https:istiod:https-webhook/proxy/inject -v4

I0909 22:59:29.079159   21513 helpers.go:246] server response object: [{
  "metadata": {},
  "status": "Failure",
  "message": "the server rejected our request for an unknown reason",
  "reason": "BadRequest",
  "details": {
    "causes": [
      {
        "reason": "UnexpectedServerResponse",
        "message": "no body found"
      }
    ]

最初我遇到以下错误，

Error from server (ServiceUnavailable): error trying to reach service: dial tcp 172.44.30.55:15017: connect: connection timed out

我通过在 eks 节点安全组中添加安全组入站规则（源为 eks 集群安全组）并允许所有流量和端口来解决此问题

但是现在我看到如下错误， 2023-09-10T05:18:55.390302Z 警告 sds 未能预热证书：无法生成工作负载证书：创建证书：rpc 错误：代码 = 不可用 desc = 连接错误：desc =“传输：拨号时出错：拨打 tcp 10.100。 19.43:15012：I/O 超时”

尽管我已允许从 eks 集群安全组到 eks 节点安全组的所有流量，以便 eks 集群可以到达 istiod。不知道为什么我会出错..