when I deploy istio example bookinfo, some pods were not run well.
grafana-6575997f54-5kqcq 1/1 Running 0 32m
istio-citadel-755f5c8f94-jpnzm 0/1 CrashLoopBackOff 10 32m
istio-cleanup-secrets-1.2.0-298mg 0/1 Completed 0 32m
istio-egressgateway-845598d5c7-q7647 0/1 Running 0 32m
istio-galley-6c466bf5b6-99hnr 0/1 ContainerCreating 0 32m
istio-ingressgateway-d5bd74669-6bwl9 0/1 Running 0 32m
istio-pilot-7d67565bd-vrtzl 0/2 CrashLoopBackOff 6 32m
istio-policy-b89d54dfb-5vb8j 1/2 CrashLoopBackOff 15 32m
istio-sidecar-injector-679f5fb7c9-xmrn8 0/1 ContainerCreating 0 32m
istio-telemetry-6f9cc9dd7-jfhnv 1/2 CrashLoopBackOff 15 32m
istio-tracing-555cf644d-x94jh 1/1 Running 0 32m
kiali-6cd6f9dfb5-8njk5 1/1 Running 0 32m
prometheus-7d7b9f7844-t6nb7 0/1 ContainerCreating 0 32m
when I use describe
to see one pod, it said: MountVolume.SetUp failed for volume "istio-citadel-service-account-token-j6j9s" : couldn't propagate object cache: timed out waiting for the condition
.
see the pod log:
kubectl logs istio-citadel-755f5c8f94-c74bs -n istio-system
2019-07-04T03:35:24.868294Z info The custom-defined DNS name list is [istio-pilot-service-account.istio-system:istio-pilot.istio-system]
2019-07-04T03:35:24.868363Z info ControlZ available at 127.0.0.1:9876
2019-07-04T03:35:24.869928Z info Use self-signed certificate as the CA certificate
2019-07-04T03:35:24.870383Z info Failed to get secret (error: Get https://10.96.0.1:443/api/v1/namespaces/istio-system/secrets/istio-ca-secret: dial tcp 10.96.0.1:443: connect: connection refused), will create one
2019-07-04T03:35:25.309487Z error Failed to write secret to CA (error: Post https://10.96.0.1:443/api/v1/namespaces/istio-system/secrets: dial tcp 10.96.0.1:443: connect: connection refused). Abort.
2019-07-04T03:35:25.309534Z error Failed to create a self-signed Citadel (error: failed to create CA due to secret write error)
did any one know how to resolve it?