mirror of https://github.com/istio/istio.io.git
[zh] Sync ist0164 into Chinese with some improvement (#14048)
* Sync ist0164 into Chinese with some improvement * Update content/zh/docs/reference/config/analysis/ist0164/index.md Co-authored-by: Michael <haifeng.yao@daocloud.io> * Update content/zh/docs/reference/config/analysis/ist0164/index.md Co-authored-by: Michael <haifeng.yao@daocloud.io> --------- Co-authored-by: Michael <haifeng.yao@daocloud.io>
This commit is contained in:
Wilson Wu
GitHub
parent
e832faaa55
commit
8470f7ba4e
|
|
@ -5,7 +5,13 @@ owner: istio/wg-user-experience-maintainers
|
|||
test: n/a
|
||||
---
|
||||
|
||||
当 `EnvoyFilter` 没有设置优先级并没有使用相关补丁操作(`INSERT_BEFORE/AFTER`、`REPLACE`、`MERGE`、`DELETE`)和 `proxyVersion` 时会出现此消息,这可能会导致 `EnvoyFilter` 升级期间没有被应用。使用 `INSERT_FIRST` 或 `ADD` 选项或设置优先级可能有助于确保 `EnvoyFilter` 被正确应用。关注 `proxyVersion` 的原因是,在升级后,`proxyVersion` 可能会发生变化,升级后它的使用顺序可能不同于升级前的顺序。
|
||||
当 `EnvoyFilter` 没有设置优先级并没有使用相关补丁操作
|
||||
(`INSERT_BEFORE/AFTER`、`REPLACE`、`MERGE`、`DELETE`)
|
||||
和 `proxyVersion` 时会出现此消息,这可能会导致 `EnvoyFilter`
|
||||
升级期间没有被应用。使用 `INSERT_FIRST` 或 `ADD`
|
||||
选项或设置优先级可能有助于确保 `EnvoyFilter` 被正确应用。
|
||||
关注 `proxyVersion` 的原因是,在升级后,`proxyVersion` 可能会发生变化,
|
||||
升级后它的使用顺序可能不同于升级前的顺序。
|
||||
|
||||
## 示例 {#example}
|
||||
|
||||
|
|
@ -89,9 +95,10 @@ spec:
|
|||
end
|
||||
{{< /text >}}
|
||||
|
||||
## 如何解决
|
||||
## 如何解决 {#how-to-resolve}
|
||||
|
||||
因为 `REPLACE` 的相关操作是与 `proxyVersion` 一起使用,所以添加 `priority` 可以解决这个问题:
|
||||
因为 `REPLACE` 的相关操作是与 `proxyVersion` 一起使用,
|
||||
所以添加 `priority` 可以解决这个问题:
|
||||
|
||||
{{< text yaml >}}
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
|
|
|
|||
|
|
@ -5,7 +5,8 @@ owner: istio/wg-user-experience-maintainers
|
|||
test: n/a
|
||||
---
|
||||
|
||||
当 Gateway(通常是 `istio-ingressgateway`)提供的端口与网关实例关联的 Kubernetes 服务(Service)
|
||||
当 Gateway(通常是 `istio-ingressgateway`)
|
||||
提供的端口与网关实例关联的 Kubernetes 服务(Service)
|
||||
定义的端口不匹配时,`GatewayPortNotDefinedOnService` 消息将会出现。
|
||||
|
||||
例如,您的配置定义如下:
|
||||
|
|
@ -59,8 +60,9 @@ spec:
|
|||
targetPort: 8443
|
||||
{{< /text >}}
|
||||
|
||||
在此示例中,`GatewayPortNotDefinedOnService` 消息出现,因为此配置使用了端口 `8004`,
|
||||
但默认的 `IngressGateway`(名称为 `istio-ingressgateway`)只定义了目标端口 15021、8080 和 8443。
|
||||
在此示例中,`GatewayPortNotDefinedOnService` 消息出现,
|
||||
因为此配置使用了端口 `8004`,但默认的 `IngressGateway`
|
||||
(名称为 `istio-ingressgateway`)只定义了目标端口 15021、8080 和 8443。
|
||||
|
||||
要解决此问题,请更改网关配置以使用工作负载上的有效端口,然后重试。
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,93 @@
|
|||
---
|
||||
title: ExternalControlPlaneAddressIsNotAHostname
|
||||
layout: analysis-message
|
||||
owner: istio/wg-user-experience-maintainers
|
||||
test: n/a
|
||||
---
|
||||
|
||||
当为外部控制平面上的入口网关提供的地址是 IP 地址而不是主机名时,会出现此消息。
|
||||
|
||||
## 示例 {#example}
|
||||
|
||||
您将收到此消息:
|
||||
|
||||
{{< text plain >}}
|
||||
Info [IST0164] (MutatingWebhookConfiguration istio-sidecar-injector-external-istiod testing.yml:28) The address (https://999.999.999.999:5100/inject/cluster/your-cluster-name/net/network1) that was provided for the webhook (rev.namespace.sidecar-injector.istio.io) to reach the ingress gateway on the external control plane cluster is an IP address. This is not recommended for a production environment.
|
||||
{{< /text >}}
|
||||
|
||||
当您的集群具有以下 `ValidatingWebhookConfiguration` 和
|
||||
`MutatingWebhookConfiguration`(为清楚起见而缩短)时:
|
||||
|
||||
{{< text yaml >}}
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: istio-validator-external-istiod
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1beta1
|
||||
- v1
|
||||
clientConfig:
|
||||
url: https://test.com:15017/validate
|
||||
name: rev.validation.istio.io
|
||||
|
||||
---
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: istiod-default-validator
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1beta1
|
||||
- v1
|
||||
clientConfig:
|
||||
url: https://test.com:15017/validate
|
||||
failurePolicy: Ignore
|
||||
name: validation.istio.io
|
||||
|
||||
---
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
name: istio-sidecar-injector-external-istiod
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1beta1
|
||||
- v1
|
||||
clientConfig:
|
||||
url: https://999.999.999.999:5100/inject/cluster/your-cluster-name/net/network1
|
||||
failurePolicy: Fail
|
||||
name: rev.namespace.sidecar-injector.istio.io
|
||||
- admissionReviewVersions:
|
||||
- v1beta1
|
||||
- v1
|
||||
clientConfig:
|
||||
url: https://test.com/inject/cluster/your-cluster-name/net/network1
|
||||
failurePolicy: Fail
|
||||
name: rev.object.sidecar-injector.istio.io
|
||||
- admissionReviewVersions:
|
||||
- v1beta1
|
||||
- v1
|
||||
clientConfig:
|
||||
url: https://test.com/inject/cluster/your-cluster-name/net/network1
|
||||
failurePolicy: Fail
|
||||
name: namespace.sidecar-injector.istio.io
|
||||
- admissionReviewVersions:
|
||||
- v1beta1
|
||||
- v1
|
||||
clientConfig:
|
||||
url: https://test.com/inject/cluster/your-cluster-name/net/network1
|
||||
failurePolicy: Fail
|
||||
name: object.sidecar-injector.istio.io
|
||||
{{< /text >}}
|
||||
|
||||
## 如何解决 {#how-to-resolve}
|
||||
|
||||
不建议在生产环境中为在外部控制平面中运行的入口网关使用
|
||||
IP 地址而不是主机名。
|
||||
|
||||
如果您使用的是生产环境,修复这条信息类消息的方式为:将此地址更改为一个有效的主机名,
|
||||
将其解析为入口网关的 IP 地址。
|
||||
|
||||
有关使用带有 TLS 的公共主机名公开入口网关服务的说明,
|
||||
请参阅[此处](/zh/docs/setup/install/external-controlplane/#set-up-a-gateway-in-the-external-cluster)。
|
||||
Loading…
Reference in New Issue