SDS secret not available

istio-proxy.log

[2019-06-11 04:01:16.200][196][debug][filter] [src/envoy/http/mixer/filter.cc:162] Called Mixer::Filter : check complete OK
[2019-06-11 04:01:16.200][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:833] [C2165][S12105457795138984540] decode headers called: filter=0x5145770 status=0
[2019-06-11 04:01:16.200][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:833] [C2165][S12105457795138984540] decode headers called: filter=0x538d270 status=0
[2019-06-11 04:01:16.200][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:833] [C2165][S12105457795138984540] decode headers called: filter=0x5266c30 status=0
[2019-06-11 04:01:16.200][196][debug][router] [external/envoy/source/common/router/router.cc:332] [C2165][S12105457795138984540] cluster 'outbound|8080||fortioclient.twopods.svc.cluster.local' match for URL '/lgraph2'
[2019-06-11 04:01:16.200][196][debug][router] [external/envoy/source/common/router/router.cc:393] [C2165][S12105457795138984540] router decoding headers:
':authority', 'fortioclient.v12p.perf.qualistio.org'
':path', '/lgraph2'
':method', 'GET'
':scheme', 'https'
'user-agent', 'curl/7.54.0'
'accept', '*/*'
'x-forwarded-for', '10.0.84.5'
'x-forwarded-proto', 'http'
'x-envoy-internal', 'true'
'x-request-id', '72a00785-c363-4f27-addf-25a726417309'
'x-envoy-decorator-operation', 'fortioclient.twopods.svc.cluster.local:8080/*'
'x-istio-attributes', 'CioKHWRlc3RpbmF0aW9uLnNlcnZpY2UubmFtZXNwYWNlEgkSB3R3b3BvZHMKKgoYZGVzdGluYXRpb24uc2VydmljZS5uYW1lEg4SDGZvcnRpb2NsaWVudApPCgpzb3VyY2UudWlkEkESP2t1YmVybmV0ZXM6Ly9pc3Rpby1pbmdyZXNzZ2F0ZXdheS02YjhiYmQ1OGM4LWRsNmQyLmlzdGlvLXN5c3RlbQpCChdkZXN0aW5hdGlvbi5zZXJ2aWNlLnVpZBInEiVpc3RpbzovL3R3b3BvZHMvc2VydmljZXMvZm9ydGlvY2xpZW50CkQKGGRlc3RpbmF0aW9uLnNlcnZpY2UuaG9zdBIoEiZmb3J0aW9jbGllbnQudHdvcG9kcy5zdmMuY2x1c3Rlci5sb2NhbA=='
'x-b3-traceid', '538ea49f99b92415b965dd859caacc2f'
'x-b3-spanid', 'b965dd859caacc2f'
'x-b3-sampled', '0'

[2019-06-11 04:01:16.200][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:88] creating a new connection
[2019-06-11 04:01:16.200][196][debug][config] [external/envoy/source/extensions/transport_sockets/tls/ssl_socket.cc:483] Create NotReadySslSocket
[2019-06-11 04:01:16.200][196][debug][client] [external/envoy/source/common/http/codec_client.cc:26] [C2166] connecting
[2019-06-11 04:01:16.200][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:702] [C2166] connecting to 10.56.1.12:8080
[2019-06-11 04:01:16.201][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:711] [C2166] connection in progress
[2019-06-11 04:01:16.201][196][debug][pool] [external/envoy/source/common/http/conn_pool_base.cc:20] queueing request due to no available connections
[2019-06-11 04:01:16.201][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:833] [C2165][S12105457795138984540] decode headers called: filter=0x53b50e0 status=1
[2019-06-11 04:01:16.201][196][trace][http] [external/envoy/source/common/http/http1/codec_impl.cc:387] [C2165] parsed 107 bytes
[2019-06-11 04:01:16.201][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:288] [C2165] readDisable: enabled=true disable=true
[2019-06-11 04:01:16.201][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:456] [C2165] socket event: 2
[2019-06-11 04:01:16.201][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:541] [C2165] write ready
[2019-06-11 04:01:16.203][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:456] [C2166] socket event: 2
[2019-06-11 04:01:16.203][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:541] [C2166] write ready
[2019-06-11 04:01:16.203][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:550] [C2166] connected
[2019-06-11 04:01:16.203][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:188] [C2166] closing socket: 0
[2019-06-11 04:01:16.203][196][debug][client] [external/envoy/source/common/http/codec_client.cc:82] [C2166] disconnect. resetting 0 pending requests
[2019-06-11 04:01:16.203][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:129] [C2166] client disconnected, failure reason: TLS error: Secret is not supplied by SDS
[2019-06-11 04:01:16.203][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:164] [C2166] purge pending, failure reason: TLS error: Secret is not supplied by SDS
[2019-06-11 04:01:16.203][196][debug][router] [external/envoy/source/common/router/router.cc:671] [C2165][S12105457795138984540] upstream reset: reset reason connection failure
[2019-06-11 04:01:16.203][196][debug][router] [external/envoy/source/common/router/router.cc:932] [C2165][S12105457795138984540] performing retry
[2019-06-11 04:01:16.203][196][trace][main] [external/envoy/source/common/event/dispatcher_impl.cc:144] item added to deferred deletion list (size=1)
[2019-06-11 04:01:16.203][196][trace][main] [external/envoy/source/common/event/dispatcher_impl.cc:64] clearing deferred deletion list (size=1)
[2019-06-11 04:01:16.226][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:88] creating a new connection
[2019-06-11 04:01:16.226][196][debug][config] [external/envoy/source/extensions/transport_sockets/tls/ssl_socket.cc:483] Create NotReadySslSocket
[2019-06-11 04:01:16.226][196][debug][client] [external/envoy/source/common/http/codec_client.cc:26] [C2167] connecting
[2019-06-11 04:01:16.226][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:702] [C2167] connecting to 10.56.1.12:8080
[2019-06-11 04:01:16.226][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:711] [C2167] connection in progress
[2019-06-11 04:01:16.226][196][debug][pool] [external/envoy/source/common/http/conn_pool_base.cc:20] queueing request due to no available connections
[2019-06-11 04:01:16.227][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:456] [C2167] socket event: 2
[2019-06-11 04:01:16.227][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:541] [C2167] write ready
[2019-06-11 04:01:16.227][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:550] [C2167] connected
[2019-06-11 04:01:16.227][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:188] [C2167] closing socket: 0
[2019-06-11 04:01:16.227][196][debug][client] [external/envoy/source/common/http/codec_client.cc:82] [C2167] disconnect. resetting 0 pending requests
[2019-06-11 04:01:16.227][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:129] [C2167] client disconnected, failure reason: TLS error: Secret is not supplied by SDS
[2019-06-11 04:01:16.227][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:164] [C2167] purge pending, failure reason: TLS error: Secret is not supplied by SDS
[2019-06-11 04:01:16.227][196][debug][router] [external/envoy/source/common/router/router.cc:671] [C2165][S12105457795138984540] upstream reset: reset reason connection failure
[2019-06-11 04:01:16.227][196][debug][router] [external/envoy/source/common/router/router.cc:932] [C2165][S12105457795138984540] performing retry
[2019-06-11 04:01:16.227][196][trace][main] [external/envoy/source/common/event/dispatcher_impl.cc:144] item added to deferred deletion list (size=1)
[2019-06-11 04:01:16.227][196][trace][main] [external/envoy/source/common/event/dispatcher_impl.cc:64] clearing deferred deletion list (size=1)
[2019-06-11 04:01:16.239][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:88] creating a new connection
[2019-06-11 04:01:16.239][196][debug][config] [external/envoy/source/extensions/transport_sockets/tls/ssl_socket.cc:483] Create NotReadySslSocket
[2019-06-11 04:01:16.239][196][debug][client] [external/envoy/source/common/http/codec_client.cc:26] [C2168] connecting
[2019-06-11 04:01:16.239][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:702] [C2168] connecting to 10.56.1.12:8080
[2019-06-11 04:01:16.239][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:711] [C2168] connection in progress

[2019-06-11 04:01:16.227][196][debug][router] [external/envoy/source/common/router/router.cc:671] [C2165][S12105457795138984540] upstream reset: reset reason connection failure
[2019-06-11 04:01:16.227][196][debug][router] [external/envoy/source/common/router/router.cc:932] [C2165][S12105457795138984540] performing retry
[2019-06-11 04:01:16.227][196][trace][main] [external/envoy/source/common/event/dispatcher_impl.cc:144] item added to deferred deletion list (size=1)
[2019-06-11 04:01:16.227][196][trace][main] [external/envoy/source/common/event/dispatcher_impl.cc:64] clearing deferred deletion list (size=1)
[2019-06-11 04:01:16.239][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:88] creating a new connection
[2019-06-11 04:01:16.239][196][debug][config] [external/envoy/source/extensions/transport_sockets/tls/ssl_socket.cc:483] Create NotReadySslSocket
[2019-06-11 04:01:16.239][196][debug][client] [external/envoy/source/common/http/codec_client.cc:26] [C2168] connecting
[2019-06-11 04:01:16.239][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:702] [C2168] connecting to 10.56.1.12:8080
[2019-06-11 04:01:16.239][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:711] [C2168] connection in progress
[2019-06-11 04:01:16.239][196][debug][pool] [external/envoy/source/common/http/conn_pool_base.cc:20] queueing request due to no available connections
[2019-06-11 04:01:16.240][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:456] [C2168] socket event: 2
[2019-06-11 04:01:16.240][196][trace][connection] [external/envoy/source/common/network/connection_impl.cc:541] [C2168] write ready
[2019-06-11 04:01:16.240][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:550] [C2168] connected
[2019-06-11 04:01:16.240][196][debug][connection] [external/envoy/source/common/network/connection_impl.cc:188] [C2168] closing socket: 0
[2019-06-11 04:01:16.240][196][debug][client] [external/envoy/source/common/http/codec_client.cc:82] [C2168] disconnect. resetting 0 pending requests
[2019-06-11 04:01:16.240][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:129] [C2168] client disconnected, failure reason: TLS error: Secret is not supplied by SDS
[2019-06-11 04:01:16.240][196][debug][pool] [external/envoy/source/common/http/http1/conn_pool.cc:164] [C2168] purge pending, failure reason: TLS error: Secret is not supplied by SDS
[2019-06-11 04:01:16.240][196][debug][router] [external/envoy/source/common/router/router.cc:671] [C2165][S12105457795138984540] upstream reset: reset reason connection failure
[2019-06-11 04:01:16.240][196][debug][http] [external/envoy/source/common/http/conn_manager_impl.cc:1137] [C2165][S12105457795138984540] Sending local reply with details upstream_reset_before_response_started{connection failure,TLS error: Secret is not supplied by SDS}
[2019-06-11 04:01:16.240][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:1224] [C2165][S12105457795138984540] encode headers called: filter=0x532ccd0 status=0
[2019-06-11 04:01:16.240][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:1224] [C2165][S12105457795138984540] encode headers called: filter=0x538c960 status=0
[2019-06-11 04:01:16.240][196][debug][filter] [src/envoy/http/mixer/filter.cc:141] Called Mixer::Filter : encodeHeaders 2
[2019-06-11 04:01:16.240][196][trace][http] [external/envoy/source/common/http/conn_manager_impl.cc:1224] [C2165][S12105457795138984540] encode headers called: filter=0x538da90 status=0
[2019-06-11 04:01:16.240][196][debug][http] [external/envoy/source/common/http/conn_manager_impl.cc:1329] [C2165][S12105457795138984540] encoding headers via codec (end_stream=false):
':status', '503'
'content-length', '91'
'content-type', 'text/plain'
'date', 'Tue, 11 Jun 2019 04:01:15 GMT'
'server', 'istio-envoy'
[2019-06-11 04:01:16.239][196][debug][pool] [external/envoy/source/common/http/conn_pool_base.cc:20] queueing request due to no available connections

- cluster:
      name: outbound|8080||fortioclient.twopods.svc.cluster.local
      circuit_breakers:
        thresholds:
        - max_retries: 1024
      connect_timeout: 10s
      eds_cluster_config:
        eds_config:
          ads: {}
          initial_fetch_timeout: 0s
        service_name: outbound|8080||fortioclient.twopods.svc.cluster.local
      metadata:
        filter_metadata:
          istio:
            config: /apis/networking/v1alpha3/namespaces/twopods/destination-rule/fortioclient
      tls_context:
        common_tls_context:
          alpn_protocols:
          - istio
          combined_validation_context:
            default_validation_context:
              verify_subject_alt_name:
              - spiffe://cluster.local/ns/twopods/sa/default
            validation_context_sds_secret_config:
              name: ROOTCA
              sds_config:
                api_config_source:
                  api_type: GRPC
                  grpc_services:
                  - google_grpc:
                      call_credentials:
                      - from_plugin:
                          name: envoy.grpc_credentials.file_based_metadata
                          typed_config:
                            '@type': type.googleapis.com/envoy.config.grpc_credential.v2alpha.FileBasedMetadataConfig
                            header_key: istio_sds_credentials_header-bin
                           secret_data:
                              filename: /var/run/secrets/kubernetes.io/serviceaccount/token
                      channel_credentials:
                        local_credentials: {}
                      credentials_factory_name: envoy.grpc_credentials.file_based_metadata
                      stat_prefix: sdsstat
                      target_uri: unix:/var/run/sds/uds_path
                initial_fetch_timeout: 0s
          tls_certificate_sds_secret_configs:
          - name: default
            sds_config:
              api_config_source:
                api_type: GRPC
                grpc_services:
                - google_grpc:
                    call_credentials:
                    - from_plugin:
                        name: envoy.grpc_credentials.file_based_metadata
                        typed_config:
                          '@type': type.googleapis.com/envoy.config.grpc_credential.v2alpha.FileBasedMetadataConfig
                          header_key: istio_sds_credentials_header-bin
                          secret_data:
                            filename: /var/run/secrets/kubernetes.io/serviceaccount/token
                    channel_credentials:
                      local_credentials: {}
                    credentials_factory_name: envoy.grpc_credentials.file_based_metadata
                    stat_prefix: sdsstat
                    target_uri: unix:/var/run/sds/uds_path
              initial_fetch_timeout: 0s
        sni: outbound_.8080_._.fortioclient.twopods.svc.cluster.local
      type: EDS
    last_updated: '2019-06-11T09:29:49.170Z'
    version_info: 2019-06-11T09:29:49Z/17