From 6a5ce802892d2e497a2724d75cb2933271ac1ca0 Mon Sep 17 00:00:00 2001 From: Xiaopeng Han Date: Mon, 8 Jan 2024 22:15:30 +0800 Subject: [PATCH] Add ist0167 message description (#14409) * add ist0167 message description * fix lint * Update content/en/docs/reference/config/analysis/ist0167/index.md Co-authored-by: Michael * Update content/en/docs/reference/config/analysis/ist0167/index.md Co-authored-by: Eric Van Norman * Update content/en/docs/reference/config/analysis/ist0167/index.md Co-authored-by: Eric Van Norman * Update content/en/docs/reference/config/analysis/ist0167/index.md Co-authored-by: Eric Van Norman * Update content/en/docs/reference/config/analysis/ist0167/index.md Co-authored-by: Eric Van Norman --------- Co-authored-by: Michael Co-authored-by: Eric Van Norman --- .../config/analysis/ist0167/index.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 content/en/docs/reference/config/analysis/ist0167/index.md diff --git a/content/en/docs/reference/config/analysis/ist0167/index.md b/content/en/docs/reference/config/analysis/ist0167/index.md new file mode 100644 index 0000000000..8f292ec5e1 --- /dev/null +++ b/content/en/docs/reference/config/analysis/ist0167/index.md @@ -0,0 +1,39 @@ +--- +title: IneffectivePolicy +layout: analysis-message +owner: istio/wg-user-experience-maintainers +test: n/a +--- + +This message occurs when a policy applied in your Istio service mesh has no impact. This might be due to the +policy's configuration incorrectly targeting any workloads or namespaces in your service mesh. + +## Example + +You will receive a message like this: + +{{< text plain >}} +Warning [IST0167] (Sidecar ns-ambient/namespace-scoped testdata/sidecar-default-selector.yaml:84) The policy has no +impact: namespace is in ambient mode, the policy has no impact. +{{< /text >}} + +or this: + +{{< text plain >}} +Warning [IST0167] (Sidecar ns-ambient/pod-scoped testdata/sidecar-default-selector.yaml:90) The policy has no impact: +selected workload is in ambient mode, the policy has no impact. +{{< /text >}} + +These messages indicate that the `Sidecar` resource is targeting a workload or namespace which is in +ambient mode, meaning that the policy specified in the `Sidecar` resource does not have any effect. + +## How to resolve + +To resolve this issue, you first need to check the reason. Currently, the policy is ineffective for the following +reasons: + +1. The `Sidecar` resource is targeting a workload or namespace which is in ambient mode. + +To resolve this, ensure that the policy is defined correctly or determine if it is necessary. If the namespace/pod was +recently added to the ambient mesh, you might have forgotten to remove the policy that is no longer needed, or you may +need to update the policy to target the correct workload or namespace.