0

我只是尝试按照官方文档安装 Linkerd 即扩展,但所有 pod 都处于崩溃循环中。

linkerd viz install | kubectl apply -f -

Linkerd 入门

r proxy-admin
[    29.797889s]  INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}: linkerd_app_inbound::policy::authorize::http: Request denied server=proxy-admin tls=None(NoClientHello) client=50.50.55.177:47068
[    29.797910s]  INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}:rescue{client.addr=50.50.55.177:47068}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server proxy-admin
[    29.817790s]  INFO ThreadId(01) linkerd_proxy::signal: received SIGTERM, starting shutdown

错误出现在 Kubernetes 集群上Server Version: v1.21.5-eks-bc4871b

4

1 回答 1

2

问题是默认安装的策略。

这会授权来自clusterNetworks configuration. 如果源 IP(<public-ip-address-of-hel-k1>)不在该列表中,这些连接将被拒绝。要解决此问题,可以使用以下内容更新授权策略:

spec:
  client:
    unauthenticated: true
  networks:
  - cidr: 0.0.0.0/0

默认策略缺少客户端部分

    networks:
      - cidr: 0.0.0.0/0

要更新策略,请获取服务器授权

k get ServerAuthorization -n linkerd-viz
NAME           SERVER
admin          admin
grafana        grafana
metrics-api    metrics-api
proxy-admin    proxy-admin

现在编辑 admin、grafana、proxy-admin 和 grafana 并添加networks部件。

 k edit ServerAuthorization metrics-api

在修复此问题后,我也遇到了 grafana 的错误,这有助于我通过添加网络部分来修复。

[    32.278014s]  INFO ThreadId(01) inbound:server{port=3000}:rescue{client.addr=50.50.53.140:44718}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server grafana
[    38.176927s]  INFO ThreadId(01) inbound:server{port=3000}: linkerd_app_inbound::policy::authorize::http: Request denied server=grafana tls=None(NoClientHello) client=50.50.55.177:33170

CrashLoopBackOff 中的所有 linkerd-viz pod

于 2022-01-08T04:14:51.617 回答