I successfully installed k8s cluster based on centos8 with kubedm on my PC, and then I installed istio1.9.3 on this cluster, I followed all the steps and setup mentioned in the Virtual Machine Installation,I set the service istio-eastwestgateway as nodeport,then I added a configuration(ISTIO_PILOT_PORT=30529(Nodeport corresponding to 15012 on the service istio-eastwestgateway)) to the file cluster.env;
After the virtual machine started the istio service for the first time, everything looked normal,but after deployed the
HelloWorld Service(kubectl apply -n sample -f samples/helloworld/helloworld.yaml
),when I executed the curl command(curl helloworld.sample.svc:5000/hello) on the virtual machine, it returned an error:upstream connect error or disconnect/rest before headers. reset reason: local reset, transport failure reason: TLS error: 268435612:SSL routines:OPENSSL_internal:HTTP_REQ;
Try curl again,it return:upstream connect error or disconnect/rest before headers. reset reason: local reset, transport failure reason: TLS error: 268435612:SSL routines:OPENSSL_internal:HTTP_REQUEST.
There’s another scene,if I restart the virtual machine without executing the commands,If the virtual machine is restarted without executing the commands(sudo systemctl stop istio;sudo rpm -e istio-sidecar), after the virtual machine is started again and the token is set correctly, starting istio service will report CA authentication error like this:2021-04-16T06:27:30.115925Z warn sds failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unavailable desc = connection closed.
What problems might have caused this? Is my network not set up correctly or some additional configuration is needed?