堆栈内存溢出
  简体   繁体   English

Can't Curl 服务在 kubernetes 集群中从 istio 网格中的 vm 运行

[英]Can't Curl Services running in the kubernetes cluster from the vm in istio mesh

 原文  2022-09-02 14:28:55       kubernetes/ virtual-machine/ istio/ istio-gateway/ istio-sidecar

问题描述

I am trying to deploy Istio on Virtual Machines.我正在尝试在虚拟机上部署 Istio。 I am current architecture I have Kubernetes cluster which run the istio control plane (istiod) and a vm which is running the famous bookinfo istio application rating application.我是当前架构,我有 Kubernetes 集群,它运行 istio 控制平面 (istiod) 和一个运行著名的 bookinfo istio 应用程序评级应用程序的 vm。 I am following the multi-network implementation as describe here ( https://istio.io/latest/docs/setup/install/virtual-machine/ ).我正在遵循此处描述的多网络实现( https://istio.io/latest/docs/setup/install/virtual-machine/ )。 I have followed each step of the documentation and have successfully completed all the setup.我已按照文档的每个步骤操作并成功完成了所有设置。

Error: When I am trying to call the service running in kubernetes I get an error upstream connect error or disconnect/reset before headers. reset reason: connection failure错误:当我尝试调用在 kubernetes 中运行的服务时,我收到错误upstream connect error or disconnect/reset before headers. reset reason: connection failure upstream connect error or disconnect/reset before headers. reset reason: connection failure

I can successfully call the service running on the vm from kubernetes.我可以从 kubernetes 成功调用运行在 vm 上的服务。

Log of istio services running on the vm在 vm 上运行的 istio 服务的日志

2022-09-02T14:24:08.165388Z info    FLAG: --domain=""
2022-09-02T14:24:08.165394Z info    FLAG: --help="false"
2022-09-02T14:24:08.165396Z info    FLAG: --log_as_json="false"
2022-09-02T14:24:08.165399Z info    FLAG: --log_caller=""
2022-09-02T14:24:08.165401Z info    FLAG: --log_output_level="dns:debug"
2022-09-02T14:24:08.165404Z info    FLAG: --log_rotate=""
2022-09-02T14:24:08.165407Z info    FLAG: --log_rotate_max_age="30"
2022-09-02T14:24:08.165409Z info    FLAG: --log_rotate_max_backups="1000"
2022-09-02T14:24:08.165412Z info    FLAG: --log_rotate_max_size="104857600"
2022-09-02T14:24:08.165414Z info    FLAG: --log_stacktrace_level="default:none"
2022-09-02T14:24:08.165420Z info    FLAG: --log_target="[stdout]"
2022-09-02T14:24:08.165423Z info    FLAG: --meshConfig="./etc/istio/config/mesh"
2022-09-02T14:24:08.165426Z info    FLAG: --outlierLogPath=""
2022-09-02T14:24:08.165428Z info    FLAG: --proxyComponentLogLevel=""
2022-09-02T14:24:08.165431Z info    FLAG: --proxyLogLevel="debug"
2022-09-02T14:24:08.165433Z info    FLAG: --serviceCluster="istio-proxy"
2022-09-02T14:24:08.165436Z info    FLAG: --stsPort="0"
2022-09-02T14:24:08.165438Z info    FLAG: --templateFile=""
2022-09-02T14:24:08.165441Z info    FLAG: --tokenManagerPlugin="GoogleTokenExchange"
2022-09-02T14:24:08.165450Z info    FLAG: --vklog="0"
2022-09-02T14:24:08.165457Z info    Version 1.13.2-91533d04e894ff86b80acd6d7a4517b144f9e19a-Clean
2022-09-02T14:24:08.165587Z info    Proxy role  ips=[10.243.0.35 fe80::3cff:fe38:afc8] type=sidecar id=istio-on-vm-three.ratings domain=ratings.svc.cluster.local
2022-09-02T14:24:08.165626Z info    Apply mesh config from file defaultConfig:
  discoveryAddress: istiod.istio-system.svc:15012
  meshId: mesh1
  proxyMetadata:
    CANONICAL_REVISION: latest
    CANONICAL_SERVICE: ratings
    ISTIO_META_AUTO_REGISTER_GROUP: ratings
    ISTIO_META_CLUSTER_ID: cc90a48f0mfd7shso5g0
    ISTIO_META_DNS_CAPTURE: "true"
    ISTIO_META_MESH_ID: mesh1
    ISTIO_META_NETWORK: ""
    ISTIO_META_WORKLOAD_NAME: ratings
    ISTIO_METAJSON_LABELS: '{"app":"ratings","service.istio.io/canonical-name":"ratings","service.istio.io/canonical-revision":"latest"}'
    POD_NAMESPACE: ratings
    SERVICE_ACCOUNT: bookinfo-ratings
    TRUST_DOMAIN: cluster.local
  tracing:
    zipkin:
      address: zipkin.istio-system:9411

2022-09-02T14:24:08.166897Z info    Apply proxy config from env 
serviceCluster: ratings.ratings
controlPlaneAuthPolicy: MUTUAL_TLS

2022-09-02T14:24:08.167480Z info    Effective config: binaryPath: /usr/local/bin/envoy
concurrency: 2
configPath: ./etc/istio/proxy
controlPlaneAuthPolicy: MUTUAL_TLS
discoveryAddress: istiod.istio-system.svc:15012
drainDuration: 45s
meshId: mesh1
parentShutdownDuration: 60s
proxyAdminPort: 15000
proxyMetadata:
  CANONICAL_REVISION: latest
  CANONICAL_SERVICE: ratings
  ISTIO_META_AUTO_REGISTER_GROUP: ratings
  ISTIO_META_CLUSTER_ID: cc90a48f0mfd7shso5g0
  ISTIO_META_DNS_CAPTURE: "true"
  ISTIO_META_MESH_ID: mesh1
  ISTIO_META_NETWORK: ""
  ISTIO_META_WORKLOAD_NAME: ratings
  ISTIO_METAJSON_LABELS: '{"app":"ratings","service.istio.io/canonical-name":"ratings","service.istio.io/canonical-revision":"latest"}'
  POD_NAMESPACE: ratings
  SERVICE_ACCOUNT: bookinfo-ratings
  TRUST_DOMAIN: cluster.local
serviceCluster: ratings.ratings
statNameLength: 189
statusPort: 15020
terminationDrainDuration: 5s
tracing:
  zipkin:
    address: zipkin.istio-system:9411

2022-09-02T14:24:08.167495Z info    JWT policy is third-party-jwt
2022-09-02T14:24:13.167597Z info    timed out waiting for platform detection, treating it as Unknown
2022-09-02T14:24:13.167892Z info    Opening status port 15020
2022-09-02T14:24:13.168029Z debug   dns initialized DNS search=[.] servers=[127.0.0.53:53]
2022-09-02T14:24:13.169553Z info    dns Starting local udp DNS server on 127.0.0.1:15053
2022-09-02T14:24:13.169584Z info    dns Starting local tcp DNS server on 127.0.0.1:15053
2022-09-02T14:24:13.169628Z info    CA Endpoint istiod.istio-system.svc:15012, provider Citadel
2022-09-02T14:24:13.169647Z info    Using CA istiod.istio-system.svc:15012 cert with certs: /etc/certs/root-cert.pem
2022-09-02T14:24:13.169782Z info    citadelclient   Citadel client using custom root cert: /etc/certs/root-cert.pem
2022-09-02T14:24:13.182361Z info    ads All caches have been synced up in 5.02146778s, marking server ready
2022-09-02T14:24:13.182736Z info    sds SDS server for workload certificates started, listening on "etc/istio/proxy/SDS"
2022-09-02T14:24:13.182795Z info    xdsproxy    Initializing with upstream address "istiod.istio-system.svc:15012" and cluster "cc90a48f0mfd7shso5g0"
2022-09-02T14:24:13.182770Z info    sds Starting SDS grpc server
2022-09-02T14:24:13.183203Z info    starting Http service at 127.0.0.1:15004
2022-09-02T14:24:13.184810Z info    Pilot SAN: [istiod.istio-system.svc]
2022-09-02T14:24:13.186415Z info    Starting proxy agent
2022-09-02T14:24:13.186444Z info    Epoch 0 starting
2022-09-02T14:24:13.186463Z info    Envoy command: [-c etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --drain-strategy immediate --parent-shutdown-time-s 60 --local-address-ip-version v4 --file-flush-interval-msec 1000 --disable-hot-restart --log-format %Y-%m-%dT%T.%fZ  %l  envoy %n    %v -l debug --concurrency 2]
2022-09-02T14:24:13.264923Z info    xdsproxy    connected to upstream XDS server: istiod.istio-system.svc:15012
2022-09-02T14:24:13.284519Z info    cache   generated new workload certificate  latency=101.82115ms ttl=23h59m59.715492792s
2022-09-02T14:24:13.284554Z info    cache   Root cert has changed, start rotating root cert
2022-09-02T14:24:13.284578Z info    ads XDS: Incremental Pushing:0 ConnectedEndpoints:0 Version:
2022-09-02T14:24:13.284993Z info    cache   returned workload trust anchor from cache   ttl=23h59m59.715012276s
2022-09-02T14:24:13.327799Z info    ads ADS: new connection for node:istio-on-vm-three.ratings-1
2022-09-02T14:24:13.327908Z info    cache   returned workload certificate from cache    ttl=23h59m59.672096732s
2022-09-02T14:24:13.328260Z info    ads SDS: PUSH request for node:istio-on-vm-three.ratings resources:1 size:4.0kB resource:default
2022-09-02T14:24:13.367689Z info    ads ADS: new connection for node:istio-on-vm-three.ratings-2
2022-09-02T14:24:13.367769Z info    cache   returned workload trust anchor from cache   ttl=23h59m59.63223465s
2022-09-02T14:24:13.367948Z info    ads SDS: PUSH request for node:istio-on-vm-three.ratings resources:1 size:1.1kB resource:ROOTCA
2022-09-02T14:24:13.387123Z debug   dns updated lookup table with 96 hosts
2022-09-02T14:24:22.280792Z info    Agent draining Proxy
2022-09-02T14:24:22.280825Z info    Status server has successfully terminated
2022-09-02T14:24:22.281118Z error   accept tcp [::]:15020: use of closed network connection
2022-09-02T14:24:22.282028Z info    Graceful termination period is 5s, starting...
2022-09-02T14:24:27.282551Z info    Graceful termination period complete, terminating remaining proxies.
2022-09-02T14:24:27.282610Z warn    Aborted all epochs
2022-09-02T14:24:27.282622Z warn    Aborting epoch 0
2022-09-02T14:24:27.282889Z info    Epoch 0 aborted normally
2022-09-02T14:24:27.282899Z info    Agent has successfully terminated
2022-09-02T14:24:57.386419Z info    FLAG: --concurrency="0"
2022-09-02T14:24:57.386463Z info    FLAG: --domain=""
2022-09-02T14:24:57.386471Z info    FLAG: --help="false"
2022-09-02T14:24:57.386474Z info    FLAG: --log_as_json="false"
2022-09-02T14:24:57.386477Z info    FLAG: --log_caller=""
2022-09-02T14:24:57.386480Z info    FLAG: --log_output_level="dns:debug"
2022-09-02T14:24:57.386482Z info    FLAG: --log_rotate=""
2022-09-02T14:24:57.386486Z info    FLAG: --log_rotate_max_age="30"
2022-09-02T14:24:57.386489Z info    FLAG: --log_rotate_max_backups="1000"
2022-09-02T14:24:57.386492Z info    FLAG: --log_rotate_max_size="104857600"
2022-09-02T14:24:57.386495Z info    FLAG: --log_stacktrace_level="default:none"
2022-09-02T14:24:57.386504Z info    FLAG: --log_target="[stdout]"
2022-09-02T14:24:57.386507Z info    FLAG: --meshConfig="./etc/istio/config/mesh"
2022-09-02T14:24:57.386510Z info    FLAG: --outlierLogPath=""
2022-09-02T14:24:57.386512Z info    FLAG: --proxyComponentLogLevel=""
2022-09-02T14:24:57.386515Z info    FLAG: --proxyLogLevel="debug"
2022-09-02T14:24:57.386518Z info    FLAG: --serviceCluster="istio-proxy"
2022-09-02T14:24:57.386521Z info    FLAG: --stsPort="0"
2022-09-02T14:24:57.386533Z info    FLAG: --templateFile=""
2022-09-02T14:24:57.386544Z info    FLAG: --tokenManagerPlugin="GoogleTokenExchange"
2022-09-02T14:24:57.386553Z info    FLAG: --vklog="0"
2022-09-02T14:24:57.386559Z info    Version 1.13.2-91533d04e894ff86b80acd6d7a4517b144f9e19a-Clean
2022-09-02T14:24:57.386705Z info    Proxy role  ips=[10.243.0.35 fe80::3cff:fe38:afc8] type=sidecar id=istio-on-vm-three.ratings domain=ratings.svc.cluster.local
2022-09-02T14:24:57.386749Z info    Apply mesh config from file defaultConfig:
  discoveryAddress: istiod.istio-system.svc:15012
  meshId: mesh1
  proxyMetadata:
    CANONICAL_REVISION: latest
    CANONICAL_SERVICE: ratings
    ISTIO_META_AUTO_REGISTER_GROUP: ratings
    ISTIO_META_CLUSTER_ID: cc90a48f0mfd7shso5g0
    ISTIO_META_DNS_CAPTURE: "true"
    ISTIO_META_MESH_ID: mesh1
    ISTIO_META_NETWORK: ""
    ISTIO_META_WORKLOAD_NAME: ratings
    ISTIO_METAJSON_LABELS: '{"app":"ratings","service.istio.io/canonical-name":"ratings","service.istio.io/canonical-revision":"latest"}'
    POD_NAMESPACE: ratings
    SERVICE_ACCOUNT: bookinfo-ratings
    TRUST_DOMAIN: cluster.local
  tracing:
    zipkin:
      address: zipkin.istio-system:9411

2022-09-02T14:24:57.387852Z info    Apply proxy config from env 
serviceCluster: ratings.ratings
controlPlaneAuthPolicy: MUTUAL_TLS

2022-09-02T14:24:57.388363Z info    Effective config: binaryPath: /usr/local/bin/envoy
concurrency: 2
configPath: ./etc/istio/proxy
controlPlaneAuthPolicy: MUTUAL_TLS
discoveryAddress: istiod.istio-system.svc:15012
drainDuration: 45s
meshId: mesh1
parentShutdownDuration: 60s
proxyAdminPort: 15000
proxyMetadata:
  CANONICAL_REVISION: latest
  CANONICAL_SERVICE: ratings
  ISTIO_META_AUTO_REGISTER_GROUP: ratings
  ISTIO_META_CLUSTER_ID: cc90a48f0mfd7shso5g0
  ISTIO_META_DNS_CAPTURE: "true"
  ISTIO_META_MESH_ID: mesh1
  ISTIO_META_NETWORK: ""
  ISTIO_META_WORKLOAD_NAME: ratings
  ISTIO_METAJSON_LABELS: '{"app":"ratings","service.istio.io/canonical-name":"ratings","service.istio.io/canonical-revision":"latest"}'
  POD_NAMESPACE: ratings
  SERVICE_ACCOUNT: bookinfo-ratings
  TRUST_DOMAIN: cluster.local
serviceCluster: ratings.ratings
statNameLength: 189
statusPort: 15020
terminationDrainDuration: 5s
tracing:
  zipkin:
    address: zipkin.istio-system:9411

2022-09-02T14:24:57.388378Z info    JWT policy is third-party-jwt
2022-09-02T14:25:02.388947Z info    timed out waiting for platform detection, treating it as Unknown
2022-09-02T14:25:02.389180Z debug   dns initialized DNS search=[.] servers=[127.0.0.53:53]
2022-09-02T14:25:02.389248Z info    dns Starting local udp DNS server on 127.0.0.1:15053
2022-09-02T14:25:02.389249Z info    Opening status port 15020
2022-09-02T14:25:02.389413Z info    dns Starting local tcp DNS server on 127.0.0.1:15053
2022-09-02T14:25:02.389432Z info    CA Endpoint istiod.istio-system.svc:15012, provider Citadel
2022-09-02T14:25:02.389445Z info    Using CA istiod.istio-system.svc:15012 cert with certs: /etc/certs/root-cert.pem
2022-09-02T14:25:02.389532Z info    citadelclient   Citadel client using custom root cert: /etc/certs/root-cert.pem
2022-09-02T14:25:02.402154Z info    ads All caches have been synced up in 5.019952409s, marking server ready
2022-09-02T14:25:02.402449Z info    sds SDS server for workload certificates started, listening on "etc/istio/proxy/SDS"
2022-09-02T14:25:02.402475Z info    xdsproxy    Initializing with upstream address "istiod.istio-system.svc:15012" and cluster "cc90a48f0mfd7shso5g0"
2022-09-02T14:25:02.402487Z info    sds Starting SDS grpc server
2022-09-02T14:25:02.402794Z info    starting Http service at 127.0.0.1:15004
2022-09-02T14:25:02.403926Z info    Pilot SAN: [istiod.istio-system.svc]
2022-09-02T14:25:02.405489Z info    Starting proxy agent
2022-09-02T14:25:02.405522Z info    Epoch 0 starting
2022-09-02T14:25:02.405560Z info    Envoy command: [-c etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --drain-strategy immediate --parent-shutdown-time-s 60 --local-address-ip-version v4 --file-flush-interval-msec 1000 --disable-hot-restart --log-format %Y-%m-%dT%T.%fZ  %l  envoy %n    %v -l debug --concurrency 2]
2022-09-02T14:25:02.480867Z info    xdsproxy    connected to upstream XDS server: istiod.istio-system.svc:15012
2022-09-02T14:25:02.552937Z info    ads ADS: new connection for node:istio-on-vm-three.ratings-1
2022-09-02T14:25:02.592884Z info    ads ADS: new connection for node:istio-on-vm-three.ratings-2
2022-09-02T14:25:02.602362Z info    cache   generated new workload certificate  latency=199.854356ms ttl=23h59m59.397649371s
2022-09-02T14:25:02.602401Z info    cache   Root cert has changed, start rotating root cert
2022-09-02T14:25:02.602421Z info    ads XDS: Incremental Pushing:0 ConnectedEndpoints:2 Version:
2022-09-02T14:25:02.602531Z info    cache   returned workload trust anchor from cache   ttl=23h59m59.397477611s
2022-09-02T14:25:02.602586Z info    cache   returned workload certificate from cache    ttl=23h59m59.397417006s
2022-09-02T14:25:02.602881Z info    cache   returned workload trust anchor from cache   ttl=23h59m59.397122534s
2022-09-02T14:25:02.604303Z info    ads SDS: PUSH request for node:istio-on-vm-three.ratings resources:1 size:1.1kB resource:ROOTCA
2022-09-02T14:25:02.604361Z info    cache   returned workload trust anchor from cache   ttl=23h59m59.395642519s
2022-09-02T14:25:02.604393Z info    ads SDS: PUSH for node:istio-on-vm-three.ratings resources:1 size:1.1kB resource:ROOTCA
2022-09-02T14:25:02.604384Z info    ads SDS: PUSH request for node:istio-on-vm-three.ratings resources:1 size:4.0kB resource:default
2022-09-02T14:25:02.622631Z debug   dns updated lookup table with 96 hosts
2022-09-02T14:25:04.329218Z debug   dns request ;; opcode: QUERY, status: NOERROR, id: 24280
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;details.default.svc.   IN   AAAA

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1200
    protocol=udp edns=true id=6240baac-c243-45be-9a10-dfe500a83cfa
2022-09-02T14:25:04.329282Z debug   dns response for hostname "details.default.svc." (found=true): ;; opcode: QUERY, status: NOERROR, id: 24280
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;details.default.svc.   IN   AAAA
    protocol=udp edns=true id=6240baac-c243-45be-9a10-dfe500a83cfa
2022-09-02T14:25:04.329305Z debug   dns request ;; opcode: QUERY, status: NOERROR, id: 17619
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;details.default.svc.   IN   A

;; ADDITIONAL SECTION:

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: ; udp: 1200
    protocol=udp edns=true id=30fd3d3c-efed-4a27-b8ba-113f56efb67d
2022-09-02T14:25:04.329371Z debug   dns response for hostname "details.default.svc." (found=true): ;; opcode: QUERY, status: NOERROR, id: 17619
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;details.default.svc.   IN   A

;; ANSWER SECTION:
details.default.svc.    30  IN  A   172.21.199.92
    protocol=udp edns=true id=30fd3d3c-efed-4a27-b8ba-113f56efb67d

Gateway configuration for istiod istiod 的网关配置

apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"networking.istio.io/v1alpha3","kind":"Gateway","metadata":{"annotations":{},"name":"istiod-gateway","namespace":"istio-system"},"spec":{"selector":{"istio":"eastwestgateway"},"servers":[{"hosts":["*"],"port":{"name":"tls-istiod","number":15012,"protocol":"tls"},"tls":{"mode":"PASSTHROUGH"}},{"hosts":["*"],"port":{"name":"tls-istiodwebhook","number":15017,"protocol":"tls"},"tls":{"mode":"PASSTHROUGH"}}]}}
  creationTimestamp: '2022-09-02T13:54:17Z'
  generation: 1
  managedFields:
    - apiVersion: networking.istio.io/v1alpha3
      fieldsType: FieldsV1
      fieldsV1:
        f:metadata:
          f:annotations:
            .: {}
            f:kubectl.kubernetes.io/last-applied-configuration: {}
        f:spec:
          .: {}
          f:selector:
            .: {}
            f:istio: {}
          f:servers: {}
      manager: kubectl-client-side-apply
      operation: Update
      time: '2022-09-02T13:54:17Z'
  name: istiod-gateway
  namespace: istio-system
  resourceVersion: '3685'
  uid: 23f776c9-a4d1-43a7-8992-72be4f933d9d
spec:
  selector:
    istio: eastwestgateway
  servers:
    - hosts:
        - '*'
      port:
        name: tls-istiod
        number: 15012
        protocol: tls
      tls:
        mode: PASSTHROUGH
    - hosts:
        - '*'
      port:
        name: tls-istiodwebhook
        number: 15017
        protocol: tls
      tls:
        mode: PASSTHROUGH

Virtual service for istiod istiod 的虚拟服务

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"networking.istio.io/v1alpha3","kind":"VirtualService","metadata":{"annotations":{},"name":"istiod-vs","namespace":"istio-system"},"spec":{"gateways":["istiod-gateway"],"hosts":["*"],"tls":[{"match":[{"port":15012,"sniHosts":["*"]}],"route":[{"destination":{"host":"istiod.istio-system.svc.cluster.local","port":{"number":15012}}}]},{"match":[{"port":15017,"sniHosts":["*"]}],"route":[{"destination":{"host":"istiod.istio-system.svc.cluster.local","port":{"number":443}}}]}]}}
  creationTimestamp: '2022-09-02T13:54:17Z'
  generation: 1
  managedFields:
    - apiVersion: networking.istio.io/v1alpha3
      fieldsType: FieldsV1
      fieldsV1:
        f:metadata:
          f:annotations:
            .: {}
            f:kubectl.kubernetes.io/last-applied-configuration: {}
        f:spec:
          .: {}
          f:gateways: {}
          f:hosts: {}
          f:tls: {}
      manager: kubectl-client-side-apply
      operation: Update
      time: '2022-09-02T13:54:17Z'
  name: istiod-vs
  namespace: istio-system
  resourceVersion: '3686'
  uid: d1b88fde-20a3-48dd-a549-dfe77407e206
spec:
  gateways:
    - istiod-gateway
  hosts:
    - '*'
  tls:
    - match:
        - port: 15012
          sniHosts:
            - '*'
      route:
        - destination:
            host: istiod.istio-system.svc.cluster.local
            port:
              number: 15012
    - match:
        - port: 15017
          sniHosts:
            - '*'
      route:
        - destination:
            host: istiod.istio-system.svc.cluster.local
            port:
              number: 443

Please let me know if you need more information to debug/如果您需要更多信息来调试/请告诉我

1 个解决方案

解决方案1
 0  2022-09-09 08:35:24

After a lot of debugging and trial and error I found the problem and solved.经过大量调试和反复试验,我发现了问题并解决了。 First the variables in definition to create workload group in the official istio documentation is not explained properly.首先,官方 istio 文档中创建工作负载组的定义中的变量没有正确解释。 As per the official documentation in the workload group we need to mention the network of the vm but doesn't which network as a vm can have interfaces mapping to a public and private network.根据工作负载组中的官方文档,我们需要提及 vm 的网络,但作为 vm 的哪个网络不能具有映射到公共和专用网络的接口。 The solution is that you need to mention the network ip which is mapping to default network interface ie in my case my eth0 interface mapped to the private ip of the vm, hence for me the workload definition was something like this解决方案是您需要提及网络 ip 映射到默认网络接口,即在我的情况下,我的 eth0 接口映射到虚拟机的私有 ip,因此对我来说工作负载定义是这样的

apiVersion: networking.istio.io/v1alpha3
kind: WorkloadGroup
metadata:
  name: "${VM_APP}"
  namespace: "${VM_NAMESPACE}"
spec:
  metadata:
    labels:
      app: "${VM_APP}"
  template:
    serviceAccount: "${SERVICE_ACCOUNT}"
    network: "${VM'S_PRIVATE_IP}"
  probe:
    periodSeconds: 5
    initialDelaySeconds: 1
    httpGet:
      port: 8080
      path: /ready

Second the command provided in the docs to create the workload entry is incomplete.其次,文档中提供的用于创建工作负载条目的命令不完整。 To get a mesh expansion to work in a multi-network mesh the command should be为了让网格扩展在多网络网格中工作,命令应该是

istioctl x workload entry configure -f workloadgroup.yaml -o "${WORK_DIR}" --clusterID "${CLUSTER}" --ingressIP ${EAST_WEST_GATEWAY_IP_ADDRESS} --externalIP ${PRIVATE_IP_OF_THE_VM or ETH0_IP_ADDRESS} --autoregister

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法使用 Istio 网关访问 kubernetes 集群 - Can't access kubernetes cluster with Istio gateway 如何使用 Istio 服务网格从 Kubernetes 集群内部访问外部 SMTP 服务器 - How to access external SMTP server from within Kubernetes cluster with Istio Service Mesh 数据中心内部 kubernetes 集群中的 Istio 服务网格 - Istio service mesh in on premise kubernetes cluster in data center 是否可以使用 Istio 搜索网格在 Kubernetes 中创建 Redis 集群? - Is it possible to create a Redis Cluster within Kubernetes using a Istio Search Mesh? kubernetes 集群上的 Kafka 与 Istio - Kafka on kubernetes cluster with Istio 无法使用Istio Sidecar卷曲pod上的elasticsearch - Can't curl elasticsearch from pod with Istio sidecar 如何在本地VM中公开kubernetes服务? - How can I expose kubernetes services from within a local VM? 限制网格内的 Istio 服务 - Restrict Istio services within the mesh 是否可以使用istio mesh扩展在vm pod中没有kubernetes环境的情况下使用kube-proxy - Is it possible to have kube-proxy without the kubernetes environment in vm pod using istio mesh expansion 无法从外部访问运行在 Kubernetes-Pi-Cluster 上的 SpringBoot-Application - Can't access SpringBoot-Application running on Kubernetes-Pi-Cluster from outside
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM