我只是嘗試按照官方檔案安裝 Linkerd 即擴展,但所有 pod 都處于崩潰回圈中。
linkerd viz install | kubectl apply -f -
Linkerd 入門
r proxy-admin
[ 29.797889s] INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}: linkerd_app_inbound::policy::authorize::http: Request denied server=proxy-admin tls=None(NoClientHello) client=50.50.55.177:47068
[ 29.797910s] INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}:rescue{client.addr=50.50.55.177:47068}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server proxy-admin
[ 29.817790s] INFO ThreadId(01) linkerd_proxy::signal: received SIGTERM, starting shutdown
錯誤出現在 Kubernetes 集群上 Server Version: v1.21.5-eks-bc4871b
uj5u.com熱心網友回復:
問題是默認安裝的策略。
這會授權來自clusterNetworks configuration. 如果源 IP(<public-ip-address-of-hel-k1>)不在該串列中,這些連接將被拒絕。要解決此問題,可以使用以下內容更新授權策略:
spec:
client:
unauthenticated: true
networks:
- cidr: 0.0.0.0/0
默認策略缺少客戶端部分
networks:
- cidr: 0.0.0.0/0
要更新策略,請獲取服務器授權
k get ServerAuthorization -n linkerd-viz
NAME SERVER
admin admin
grafana grafana
metrics-api metrics-api
proxy-admin proxy-admin
現在編輯 admin、grafana、proxy-admin 和 grafana 并添加networks部件。
k edit ServerAuthorization metrics-api
在修復此問題后,我也遇到了 grafana 的錯誤,這有助于我通過添加網路部分來修復。
[ 32.278014s] INFO ThreadId(01) inbound:server{port=3000}:rescue{client.addr=50.50.53.140:44718}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server grafana
[ 38.176927s] INFO ThreadId(01) inbound:server{port=3000}: linkerd_app_inbound::policy::authorize::http: Request denied server=grafana tls=None(NoClientHello) client=50.50.55.177:33170
CrashLoopBackOff 中的所有 linkerd-viz pod
轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/407863.html
標籤: