if istiod in clusterA, but istio-proxy in clusterB, how to make istio-proxy access istiod.
some logs below, maybe authentication failed?
istiod logs:
2023-04-22T02:03:00.122537Z error ads Failed to authenticate client from 11.151.238.183:38768: Authenticator ClientCertAuthenticator: no verified chain is found; Authenticator KubeJWTAuthenticator: failed to validate the JWT from cluster "Kubernetes": the service account authentication returns an error: [invalid bearer token, square/go-jose: error in cryptographic primitive]
isito-proxy logs
2023-04-22 10:06:04 2023-04-22T02:06:04.405258Z info Pilot SAN: [istiod.istio-system.svc]
2023-04-22 10:06:04 2023-04-22T02:06:04.407744Z info Starting proxy agent
2023-04-22 10:06:04 2023-04-22T02:06:04.407777Z info Epoch 0 starting
2023-04-22 10:06:04 2023-04-22T02:06:04.407812Z info Envoy command: [-c etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --drain-strategy immediate --parent-shutdown-time-s 60 --local-address-ip-version v4 --file-flush-interval-msec 1000 --disable-hot-restart --log-format %Y-%m-%dT%T.%fZ %l envoy %n %v -l warning --component-log-level misc:error --concurrency 2]
2023-04-22 10:06:04 2023-04-22T02:06:04.412738Z info sds Starting SDS grpc server
2023-04-22 10:06:04 2023-04-22T02:06:04.412827Z info starting Http service at 127.0.0.1:15004
2023-04-22 10:06:04 2023-04-22T02:06:04.671808Z warn sds failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unauthenticated desc = request authenticate failure
2023-04-22 10:06:05 2023-04-22T02:06:05.300387Z info xdsproxy connected to upstream XDS server: istiod.istio-system.svc:15012
2023-04-22 10:06:05 2023-04-22T02:06:05.309782Z warn xdsproxy upstream [1] terminated with unexpected error rpc error: code = Unauthenticated desc = authentication failure
