istio: Fail to install istio in VM

Bug Description

I try to install istio within VM by doc: https://istio.io/latest/docs/setup/install/virtual-machine, but after start the istio, the /var/log/istio/istio.log show below error:

2021-10-30T02:31:25.165299Z	info	FLAG: --concurrency="0"
2021-10-30T02:31:25.165336Z	info	FLAG: --domain=""
2021-10-30T02:31:25.165342Z	info	FLAG: --help="false"
2021-10-30T02:31:25.165345Z	info	FLAG: --log_as_json="false"
2021-10-30T02:31:25.165349Z	info	FLAG: --log_caller=""
2021-10-30T02:31:25.165352Z	info	FLAG: --log_output_level="default:info"
2021-10-30T02:31:25.165356Z	info	FLAG: --log_rotate=""
2021-10-30T02:31:25.165359Z	info	FLAG: --log_rotate_max_age="30"
2021-10-30T02:31:25.165363Z	info	FLAG: --log_rotate_max_backups="1000"
2021-10-30T02:31:25.165366Z	info	FLAG: --log_rotate_max_size="104857600"
2021-10-30T02:31:25.165370Z	info	FLAG: --log_stacktrace_level="default:none"
2021-10-30T02:31:25.165377Z	info	FLAG: --log_target="[stdout]"
2021-10-30T02:31:25.165381Z	info	FLAG: --meshConfig="./etc/istio/config/mesh"
2021-10-30T02:31:25.165384Z	info	FLAG: --outlierLogPath=""
2021-10-30T02:31:25.165387Z	info	FLAG: --proxyComponentLogLevel=""
2021-10-30T02:31:25.165390Z	info	FLAG: --proxyLogLevel="warning,misc:error"
2021-10-30T02:31:25.165394Z	info	FLAG: --serviceCluster="istio-proxy"
2021-10-30T02:31:25.165397Z	info	FLAG: --stsPort="0"
2021-10-30T02:31:25.165401Z	info	FLAG: --templateFile=""
2021-10-30T02:31:25.165404Z	info	FLAG: --tokenManagerPlugin="GoogleTokenExchange"
2021-10-30T02:31:25.165408Z	info	Version 1.11.4-9f6f03276054bb62a1b745630322314ef14969e8-Clean
2021-10-30T02:31:25.165563Z	info	Proxy role	ips=[172.16.100.66 fe80::f816:3eff:fe44:894c 172.17.0.1] type=sidecar id=ecs-123b-0903814.example domain=example.svc.cluster.local
2021-10-30T02:31:25.165601Z	info	Apply mesh config from file defaultConfig:
  discoveryAddress: istiod.istio-system.svc:31533
  meshId: mesh1
  proxyMetadata:
    CANONICAL_REVISION: latest
    CANONICAL_SERVICE: helloworld
    ISTIO_META_AUTO_REGISTER_GROUP: helloworld
    ISTIO_META_CLUSTER_ID: cluster1
    ISTIO_META_DNS_AUTO_ALLOCATE: "true"
    ISTIO_META_DNS_CAPTURE: "true"
    ISTIO_META_MESH_ID: mesh1
    ISTIO_META_NETWORK: vm-network
    ISTIO_META_WORKLOAD_NAME: helloworld
    ISTIO_METAJSON_LABELS: '{"app":"helloworld","service.istio.io/canonical-name":"helloworld","service.istio.io/canonical-version":"latest"}'
    POD_NAMESPACE: example
    SERVICE_ACCOUNT: helloworld
    TRUST_DOMAIN: cluster.local
  tracing:
    zipkin:
      address: zipkin.istio-system:9411

2021-10-30T02:31:25.166778Z	info	Apply proxy config from env
serviceCluster: helloworld.example
controlPlaneAuthPolicy: MUTUAL_TLS

2021-10-30T02:31:25.167356Z	info	Effective config: binaryPath: /usr/local/bin/envoy
concurrency: 2
configPath: ./etc/istio/proxy
controlPlaneAuthPolicy: MUTUAL_TLS
discoveryAddress: istiod.istio-system.svc:31533
drainDuration: 45s
meshId: mesh1
parentShutdownDuration: 60s
proxyAdminPort: 15000
proxyMetadata:
  CANONICAL_REVISION: latest
  CANONICAL_SERVICE: helloworld
  ISTIO_META_AUTO_REGISTER_GROUP: helloworld
  ISTIO_META_CLUSTER_ID: cluster1
  ISTIO_META_DNS_AUTO_ALLOCATE: "true"
  ISTIO_META_DNS_CAPTURE: "true"
  ISTIO_META_MESH_ID: mesh1
  ISTIO_META_NETWORK: vm-network
  ISTIO_META_WORKLOAD_NAME: helloworld
  ISTIO_METAJSON_LABELS: '{"app":"helloworld","service.istio.io/canonical-name":"helloworld","service.istio.io/canonical-version":"latest"}'
  POD_NAMESPACE: example
  SERVICE_ACCOUNT: helloworld
  TRUST_DOMAIN: cluster.local
serviceCluster: istio-proxy
statNameLength: 189
statusPort: 15020
terminationDrainDuration: 5s
tracing:
  zipkin:
    address: zipkin.istio-system:9411

2021-10-30T02:31:25.167371Z	info	JWT policy is third-party-jwt
2021-10-30T02:31:25.171243Z	info	Opening status port 15020
2021-10-30T02:31:25.171447Z	info	CA Endpoint istiod.istio-system.svc:15012, provider Citadel
2021-10-30T02:31:25.171465Z	info	dns	Starting local udp DNS server at localhost:15053
2021-10-30T02:31:25.171488Z	info	Using CA istiod.istio-system.svc:15012 cert with certs: /etc/certs/root-cert.pem
2021-10-30T02:31:25.171499Z	info	dns	Starting local tcp DNS server at localhost:15053
2021-10-30T02:31:25.171622Z	info	citadelclient	Citadel client using custom root cert: istiod.istio-system.svc:15012
2021-10-30T02:31:25.194883Z	info	ads	All caches have been synced up in 32.684117ms, marking server ready
2021-10-30T02:31:25.195167Z	info	sds	SDS server for workload certificates started, listening on "etc/istio/proxy/SDS"
2021-10-30T02:31:25.195191Z	info	xdsproxy	Initializing with upstream address "istiod.istio-system.svc:31533" and cluster "cluster1"
2021-10-30T02:31:25.195257Z	info	sds	Starting SDS grpc server
2021-10-30T02:31:25.195521Z	info	Pilot SAN: [istiod.istio-system.svc]
2021-10-30T02:31:25.195545Z	info	starting Http service at 127.0.0.1:15004
2021-10-30T02:31:25.195869Z	info	Status server has successfully terminated
2021-10-30T02:31:25.195904Z	error	accept tcp [::]:15020: use of closed network connection
2021-10-30T02:31:25.195874Z	error	failed to start envoy agent: failed to generate bootstrap config: open ./var/lib/istio/envoy/envoy_bootstrap_tmpl.json: no such file or directory

Version

$ istioctl version
client version: 1.11.4
control plane version: 1.11.4
data plane version: 1.11.4 (2 proxies)

$ kubectl version --short
Client Version: v1.20.11
Server Version: v1.20.11

Additional Information

No response

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 20 (9 by maintainers)

Most upvoted comments

@tanjunchen I can request from vm to cluster by edit meshNetworks in istio configmap.

  meshNetworks: |-
    networks:
      network1:
        endpoints:
          - fromRegistry: cluster1
        gateways:
          - address: 172.16.100.64
            port: 30888

172.16.100.64:30888 is e/w gateway ip and nodeport

+3
xuchengli on Nov 12, 2021
Read more comments on GitHub
← istio: External Services example not working
istio: failed calling webhook "sidecar-injector.istio.io →