zh-translation-/docs/reference/config/analysis/ist0144/index.md (#10627)

* Create index.md * fix: modify some sentences Co-authored-by: Xunzhuo <mixdeers@gmail.com>
2022-01-02 21:18:11 +08:00 · 2022-01-02 21:18:11 +08:00 · b7d791aa77
parent d1a62d5157
commit b7d791aa77
1 changed files with 90 additions and 0 deletions
--- a/content/zh/docs/reference/config/analysis/ist0144/index.md
+++ b/content/zh/docs/reference/config/analysis/ist0144/index.md
@ -0,0 +1,90 @@
+---
+title: InvalidApplicationUID
+layout: analysis-message
+owner: istio/wg-user-experience-maintainers
+test: n/a
+---
+
+当工作负载以 User ID (UID) `1337` 运行时，会出现此消息。应用程序的 Pods 不应该以 User ID (UID) `1337` 运行，因为 istio-proxy 容器默认以 UID `1337` 运行。当使用相同的 UID 运行您的容器应用时，将导致它的 `iptables` 配置冲突。
+
+{{< warning >}}
+User ID (UID) `1337` 为 Sidecar Proxy 保留。
+{{< /warning >}}
+
+## 例如{#an-example}
+
+探讨 `Deployment` 和 `securityContext.runAsUser` 使用 UID `1337` 在 Pod 级别或容器级别运行：
+
+{{< text yaml >}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deploy-con-sec-uid
+  labels:
+    app: helloworld
+    version: v1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: helloworld
+        version: v1
+    spec:
+      securityContext:
+        runAsUser: 1337
+      containers:
+      - name: helloworld
+        image: docker.io/istio/examples-helloworld-v1
+        securityContext:
+          runAsUser: 1337
+        resources:
+          requests:
+            cpu: "100m"
+        imagePullPolicy: IfNotPresent #Always
+        ports:
+        - containerPort: 5000
+{{< /text >}}
+
+## 解决办法{#how-to-resolve}
+
+由于 User ID (UID) `1337` 是为 Sidecar 代理保留的，所以您可以为您的工作负载使用除了 `1337` 以外的 User ID (UID)，例如 `1338` 。
+
+{{< text yaml >}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deploy-con-sec-uid
+  labels:
+    app: helloworld
+    version: v1
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helloworld
+      version: v1
+  template:
+    metadata:
+      labels:
+        app: helloworld
+        version: v1
+    spec:
+      securityContext:
+        runAsUser: 1338
+      containers:
+      - name: helloworld
+        image: docker.io/istio/examples-helloworld-v1
+        securityContext:
+          runAsUser: 1338
+        resources:
+          requests:
+            cpu: "100m"
+        imagePullPolicy: IfNotPresent #Always
+        ports:
+        - containerPort: 5000
+{{< /text >}}