MountVolume.SetUp failed for volume "istio-citadel-service-account-token-j6j9s" : couldn't propagate object cache: timed out waiting for the condition

7/2/2019

when I deploy istio example bookinfo, some pods were not run well.

grafana-6575997f54-5kqcq                  1/1     Running             0          32m
istio-citadel-755f5c8f94-jpnzm            0/1     CrashLoopBackOff    10         32m
istio-cleanup-secrets-1.2.0-298mg         0/1     Completed           0          32m
istio-egressgateway-845598d5c7-q7647      0/1     Running             0          32m
istio-galley-6c466bf5b6-99hnr             0/1     ContainerCreating   0          32m
istio-ingressgateway-d5bd74669-6bwl9      0/1     Running             0          32m
istio-pilot-7d67565bd-vrtzl               0/2     CrashLoopBackOff    6          32m
istio-policy-b89d54dfb-5vb8j              1/2     CrashLoopBackOff    15         32m
istio-sidecar-injector-679f5fb7c9-xmrn8   0/1     ContainerCreating   0          32m
istio-telemetry-6f9cc9dd7-jfhnv           1/2     CrashLoopBackOff    15         32m
istio-tracing-555cf644d-x94jh             1/1     Running             0          32m
kiali-6cd6f9dfb5-8njk5                    1/1     Running             0          32m
prometheus-7d7b9f7844-t6nb7               0/1     ContainerCreating   0          32m

when I use describe to see one pod, it said: MountVolume.SetUp failed for volume "istio-citadel-service-account-token-j6j9s" : couldn't propagate object cache: timed out waiting for the condition.
see the pod log:

kubectl logs istio-citadel-755f5c8f94-c74bs  -n istio-system
2019-07-04T03:35:24.868294Z     info    The custom-defined DNS name list is [istio-pilot-service-account.istio-system:istio-pilot.istio-system]
2019-07-04T03:35:24.868363Z     info    ControlZ available at 127.0.0.1:9876
2019-07-04T03:35:24.869928Z     info    Use self-signed certificate as the CA certificate
2019-07-04T03:35:24.870383Z     info    Failed to get secret (error: Get https://10.96.0.1:443/api/v1/namespaces/istio-system/secrets/istio-ca-secret: dial tcp 10.96.0.1:443: connect: connection refused), will create one
2019-07-04T03:35:25.309487Z     error   Failed to write secret to CA (error: Post https://10.96.0.1:443/api/v1/namespaces/istio-system/secrets: dial tcp 10.96.0.1:443: connect: connection refused). Abort.
2019-07-04T03:35:25.309534Z     error   Failed to create a self-signed Citadel (error: failed to create CA due to secret write error)

did any one know how to resolve it?

-- code4fun
istio
kubernetes

0 Answers