故障排除 #

1. 访问注入过sidecar的服务时策略不生效 #

注意：sidecar策略不生效的情况有

直接通过NodePort方式访问
通过未注入sidecar的服务直接访问的方式访问

若想要为进入集群的第一个服务设置策略，则需要通过istio的ingressgateway配置访问才可以

2. kube config证书不正确的问题 #

现象 #

使用minikube安装

接入集群后除services页面都查询不到集群信息

查看solar-controller日志显示

 x509: certificate signed by unknown authority

查看kube config文件发现证书都是路径

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /root/.minikube/ca.crt
    server: https://0.0.0.0:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /root/.minikube/profiles/minikube/client.crt
    client-key: /root/.minikube/profiles/minikube/client.key

解决过程 #

cat 路径内的证书，将内容转成base64加密，替换调原来的证书，更改它们的名称如 certificate-authority -> certificate-authority-data

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: xxxxxx
    server: https://0.0.0.0:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate-data: xxxxxx
    client-key-data: xxxxxx

3. centos7.5上安装虚拟机需要glibc-2.18的问题 #

安装编译用的工具 #

yum install -y gcc && yum group install "Development Tools" -y

下载glibc-2.18 #

下载glibc-2.18.tar.gz

wget http://mirrors.ustc.edu.cn/gnu/libc/glibc-2.18.tar.gz

解压缩

tar xvfz glibc-2.18.tar.gz

编译glibc-2.18 #

从源码开始编译

cd glibc-2.18
mkdir build
cd build/
../configure --prefix=/usr
make -j4
make install