[英]viz extension crashloop with Request failed error unauthorized connection on server proxy-admin
I just tried to install Linkerd viz extension following official documentation but all the pods are in a crash loop.我只是尝试按照官方文档安装 Linkerd 即扩展,但所有 pod 都处于崩溃循环中。
linkerd viz install | kubectl apply -f -
Linkerd-getting-started Linkerd 入门
r proxy-admin
[ 29.797889s] INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}: linkerd_app_inbound::policy::authorize::http: Request denied server=proxy-admin tls=None(NoClientHello) client=50.50.55.177:47068
[ 29.797910s] INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}:rescue{client.addr=50.50.55.177:47068}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server proxy-admin
[ 29.817790s] INFO ThreadId(01) linkerd_proxy::signal: received SIGTERM, starting shutdown
The error appeared on Kubernetes cluster Server Version: v1.21.5-eks-bc4871b
错误出现在Kubernetes cluster Server Version: v1.21.5-eks-bc4871b
The issue was the policy that come by default installation.问题是默认安装的策略。
This authorizes unauthenticated requests from IPs in the clusterNetworks configuration
.这会授权来自clusterNetworks configuration
中 IP 的未经身份验证的请求。 If the source IP (<public-ip-address-of-hel-k1>)
is not in that list, these connections will be denied.如果源 IP (<public-ip-address-of-hel-k1>)
不在该列表中,则这些连接将被拒绝。 To fix this, the authorization policy could be updated with the following:要解决此问题,可以使用以下内容更新授权策略:
spec:
client:
unauthenticated: true
networks:
- cidr: 0.0.0.0/0
The default policy missing the client part默认策略缺少客户端部分
networks:
- cidr: 0.0.0.0/0
To update the policy, get the server authorization要更新策略,请获取服务器授权
k get ServerAuthorization -n linkerd-viz
NAME SERVER
admin admin
grafana grafana
metrics-api metrics-api
proxy-admin proxy-admin
Now edit admin,grafana, proxy-admin and grafana and add the networks
part.现在编辑 admin、grafana、proxy-admin 和 grafana 并添加networks
部分。
k edit ServerAuthorization metrics-api
as after fixing this I was also getting errors for grafana which help me to fix by adding network part.在修复此问题后,我也遇到了 grafana 的错误,这有助于我通过添加网络部分来修复。
[ 32.278014s] INFO ThreadId(01) inbound:server{port=3000}:rescue{client.addr=50.50.53.140:44718}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server grafana
[ 38.176927s] INFO ThreadId(01) inbound:server{port=3000}: linkerd_app_inbound::policy::authorize::http: Request denied server=grafana tls=None(NoClientHello) client=50.50.55.177:33170
All linkerd-viz pods in CrashLoopBackOff CrashLoopBackOff 中的所有 linkerd-viz pod
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.