故障排除 #
1. 访问注入过sidecar的服务时策略不生效 #
注意:sidecar策略不生效的情况有
- 直接通过NodePort方式访问
- 通过未注入sidecar的服务直接访问的方式访问
若想要为进入集群的第一个服务设置策略,则需要通过istio的ingressgateway配置访问才可以
2. kube config证书不正确的问题 #
现象 #
使用minikube安装
接入集群后除services页面都查询不到集群信息
查看solar-controller日志显示
x509: certificate signed by unknown authority
查看kube config文件发现证书都是路径
apiVersion: v1
clusters:
- cluster:
certificate-authority: /root/.minikube/ca.crt
server: https://0.0.0.0:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /root/.minikube/profiles/minikube/client.crt
client-key: /root/.minikube/profiles/minikube/client.key
解决过程 #
cat 路径内的证书,将内容转成base64加密,替换调原来的证书,更改它们的名称 如 certificate-authority
-> certificate-authority-data
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: xxxxxx
server: https://0.0.0.0:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate-data: xxxxxx
client-key-data: xxxxxx
3. centos7.5上安装虚拟机需要glibc-2.18的问题 #
安装编译用的工具 #
yum install -y gcc && yum group install "Development Tools" -y
下载glibc-2.18 #
下载glibc-2.18.tar.gz
wget http://mirrors.ustc.edu.cn/gnu/libc/glibc-2.18.tar.gz
解压缩
tar xvfz glibc-2.18.tar.gz
编译glibc-2.18 #
从源码开始编译
cd glibc-2.18
mkdir build
cd build/
../configure --prefix=/usr
make -j4
make install