故障排除 #
访问注入过sidecar的服务时策略不生效 #
注意:sidecar策略不生效的情况有
- 直接通过NodePort方式访问
- 通过未注入sidecar的服务直接访问的方式访问
若想要为进入集群的第一个服务设置策略,则需要通过istio的ingressgateway配置访问才可以
kube config证书不正确的问题 #
现象 #
使用minikube安装
接入集群后除services页面都查询不到集群信息
查看solar-controller日志显示
x509: certificate signed by unknown authority
查看kube config文件发现证书都是路径
apiVersion: v1
clusters:
- cluster:
certificate-authority: /root/.minikube/ca.crt
server: https://0.0.0.0:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /root/.minikube/profiles/minikube/client.crt
client-key: /root/.minikube/profiles/minikube/client.key
解决过程 #
cat 路径内的证书,将内容转成base64加密,替换调原来的证书,更改它们的名称 如 certificate-authority
-> certificate-authority-data
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: xxxxxx
server: https://0.0.0.0:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate-data: xxxxxx
client-key-data: xxxxxx