关于【istio】的问题- 第1页

uday

Asked: 2021-07-15 10:52:55 +0800 CST

istioctl kiali 没有创建，如何解决？

0

从入门链接，我能够创建网关和示例中提供的 bookinfo 应用程序的路由。

它已部署并能够从 istio 的入口网关访问应用程序。

下一步，使用插件部署 kiali。

kubectl apply -f samples/addons

 kubectl get pods -n istio-system
NAME                                    READY   STATUS              RESTARTS   AGE
grafana-56d978ff77-8hnwq                0/1     ContainerCreating   0          56s
istio-egressgateway-7d4f75956-d5qj2     1/1     Running             0          18m
istio-ingressgateway-5d57955454-l8n98   1/1     Running             0          18m
istiod-6f6c6bbbbd-wvwpf                 1/1     Running             0          18m
jaeger-5c7c5c8d87-7vcrp                 1/1     Running             0          55s
kiali-5bb9c9cf49-r7pp5                  0/1     ContainerCreating   0          54s
prometheus-8958b965-p4gcd               0/2     ContainerCreating   0          54s

但是 kiali 创作卡住了。

kubectl rollout status deployment/kiali -n istio-system
Waiting for deployment "kiali" rollout to finish: 0 of 1 updated replicas are available...
error: deployment "kiali" exceeded its progress deadline

kubectl get pods -n istio-system
NAME                                    READY   STATUS    RESTARTS   AGE
grafana-56d978ff77-8hnwq                0/1     Running   2          10m
istio-egressgateway-7d4f75956-d5qj2     1/1     Running   0          27m
istio-ingressgateway-5d57955454-l8n98   1/1     Running   0          27m
istiod-6f6c6bbbbd-wvwpf                 0/1     Running   0          28m
jaeger-5c7c5c8d87-7vcrp                 1/1     Running   0          10m
kiali-5bb9c9cf49-r7pp5                  0/1     Running   4          10m
prometheus-8958b965-p4gcd               1/2     Running   0          10m

Kiali 正在展示零容器。

 kubectl describe pod kiali-5bb9c9cf49-r7pp5 -n istio-system
Name:         kiali-5bb9c9cf49-r7pp5
Namespace:    istio-system
Priority:     0
Node:         kworker2/172.16.16.102
Start Time:   Thu, 15 Jul 2021 00:05:31 +0530
Labels:       app=kiali
              app.kubernetes.io/instance=kiali-server
              app.kubernetes.io/managed-by=Helm
              app.kubernetes.io/name=kiali
              app.kubernetes.io/part-of=kiali
              app.kubernetes.io/version=v1.34.0
              helm.sh/chart=kiali-server-1.34.0
              pod-template-hash=5bb9c9cf49
              version=v1.34.0
Annotations:  cni.projectcalico.org/podIP: 192.168.77.138/32
              cni.projectcalico.org/podIPs: 192.168.77.138/32
              kiali.io/runtimes: go,kiali
              prometheus.io/port: 9090
              prometheus.io/scrape: true
              sidecar.istio.io/inject: false
Status:       Running
IP:           192.168.77.138
IPs:
  IP:           192.168.77.138
Controlled By:  ReplicaSet/kiali-5bb9c9cf49
Containers:
  kiali:
    Container ID:  containerd://427a3b836007d8411f5cde3be22a371fab8e4e576e005e27a5c169f22658e4e0
    Image:         quay.io/kiali/kiali:v1.34
    Image ID:      quay.io/kiali/kiali@sha256:31286129a1c6f25275517ae4c243c1cde8c39b022c2c7e0b328648c639bcfb03
    Ports:         20001/TCP, 9090/TCP
    Host Ports:    0/TCP, 0/TCP
    Command:
      /opt/kiali/kiali
      -config
      /kiali-configuration/config.yaml
    State:          Running
      Started:      Thu, 15 Jul 2021 00:13:05 +0530
    Last State:     Terminated
      Reason:       Error
      Exit Code:    2
      Started:      Thu, 15 Jul 2021 00:11:52 +0530
      Finished:     Thu, 15 Jul 2021 00:13:01 +0530
    Ready:          False
    Restart Count:  4
    Liveness:       http-get http://:api-port/kiali/healthz delay=5s timeout=1s period=30s #success=1 #failure=3
    Readiness:      http-get http://:api-port/kiali/healthz delay=5s timeout=1s period=30s #success=1 #failure=3
    Environment:
      ACTIVE_NAMESPACE:       istio-system (v1:metadata.namespace)
      LOG_LEVEL:              info
      LOG_FORMAT:             text
      LOG_TIME_FIELD_FORMAT:  2006-01-02T15:04:05Z07:00
      LOG_SAMPLER_RATE:       1
    Mounts:
      /kiali-cert from kiali-cert (rw)
      /kiali-configuration from kiali-configuration (rw)
      /kiali-secret from kiali-secret (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-jgd7w (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  kiali-configuration:
    Type:      ConfigMap (a volume populated by a ConfigMap)
    Name:      kiali
    Optional:  false
  kiali-cert:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  istio.kiali-service-account
    Optional:    true
  kiali-secret:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kiali
    Optional:    true
  kube-api-access-jgd7w:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason     Age                    From               Message
  ----     ------     ----                   ----               -------
  Normal   Scheduled  11m                    default-scheduler  Successfully assigned istio-system/kiali-5bb9c9cf49-r7pp5 to kworker2
  Normal   Pulled     9m56s                  kubelet            Successfully pulled image "quay.io/kiali/kiali:v1.34" in 1m30.127787668s
  Normal   Pulled     8m28s                  kubelet            Successfully pulled image "quay.io/kiali/kiali:v1.34" in 1.528856212s
  Normal   Created    8m27s (x2 over 9m55s)  kubelet            Created container kiali
  Normal   Started    8m22s (x2 over 9m54s)  kubelet            Started container kiali
  Normal   Killing    7m3s (x2 over 8m32s)   kubelet            Container kiali failed liveness probe, will be restarted
  Warning  Unhealthy  7m3s (x6 over 9m33s)   kubelet            Liveness probe failed: Get "http://192.168.77.138:20001/kiali/healthz": dial tcp 192.168.77.138:20001: connect: connection refused
  Normal   Pulling    7m1s (x3 over 11m)     kubelet            Pulling image "quay.io/kiali/kiali:v1.34"
  Normal   Pulled     6m59s                  kubelet            Successfully pulled image "quay.io/kiali/kiali:v1.34" in 2.166659225s
  Warning  Unhealthy  6m3s (x10 over 9m33s)  kubelet            Readiness probe failed: Get "http://192.168.77.138:20001/kiali/healthz": dial tcp 192.168.77.138:20001: connect: connection refused

coolisuz

Asked: 2021-06-03 04:02:06 +0800 CST

比方说，我有一个有 8 个 pod（服务）的项目。我了解 Istio Gateway 中使用 jwt 涵盖了身份验证和授权。这样每个请求都得到验证。但是具有不同角色的用户例如：[教师、学生、员工] 需要有一个端点来使用用户名和密码进行注册/登录/注销。有没有办法让 Istio Gateway 处理用户创建，将其保存到 db 并生成 jwt？或者我是否必须制作另一个专用于 Auth 的 Pod（服务）并从此 pod 生成 jwt？如果是这样，我怎样才能直接从网关设置 jwt 验证？

感谢您抽出时间阅读本文）

Susanta Gautam

Asked: 2020-05-21 10:35:32 +0800 CST

用于 kubernetes 集群中东西向流量管理的 istio 服务网格

0

我对我们环境中的一些用例感到困惑。第一个是我们将拥有自己的 api 网关，用于北/南流量，我们的 api 网关将监听来自外部世界的请求。因此，我们计划在服务之间使用 istio 进行东/西流量管理。现在我的主要困惑是，如果我们排除它的入口网关，istio 是否能够在分析标头时管理金丝雀版本、断路、跟踪以及其他很酷的功能？

谢谢你

istioctl kiali 没有创建，如何解决？

如何在 Istio/K8 中设置自定义身份验证和授权？

用于 kubernetes 集群中东西向流量管理的 istio 服务网格

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

问题[istio](server)