即扩展崩溃循环,请求失败错误在服务器代理管理员上未经授权的连接
viz extension crashloop with Request failed error unauthorized connection on server proxy-admin
我只是尝试按照官方文档安装 Linkerd viz 扩展,但所有 pods 都处于崩溃循环中。
linkerd viz install | kubectl apply -f -
r proxy-admin
[ 29.797889s] INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}: linkerd_app_inbound::policy::authorize::http: Request denied server=proxy-admin tls=None(NoClientHello) client=50.50.55.177:47068
[ 29.797910s] INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}:rescue{client.addr=50.50.55.177:47068}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server proxy-admin
[ 29.817790s] INFO ThreadId(01) linkerd_proxy::signal: received SIGTERM, starting shutdown
Kubernetes 集群出现错误Server Version: v1.21.5-eks-bc4871b
问题是默认安装的政策。
这会授权来自 clusterNetworks configuration 中 IP 的未经身份验证的请求。如果源 IP (<public-ip-address-of-hel-k1>) 不在该列表中,这些连接将被拒绝。要解决此问题,可以使用以下内容更新授权策略:
spec:
client:
unauthenticated: true
networks:
- cidr: 0.0.0.0/0
默认策略缺少客户端部分
networks:
- cidr: 0.0.0.0/0
要更新策略,获取服务器授权
k get ServerAuthorization -n linkerd-viz
NAME SERVER
admin admin
grafana grafana
metrics-api metrics-api
proxy-admin proxy-admin
现在编辑 admin、grafana、proxy-admin 和 grafana 并添加 networks 部分。
k edit ServerAuthorization metrics-api
在修复此问题后,我也遇到了 grafana 错误,这有助于我通过添加网络部分来修复。
[ 32.278014s] INFO ThreadId(01) inbound:server{port=3000}:rescue{client.addr=50.50.53.140:44718}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server grafana
[ 38.176927s] INFO ThreadId(01) inbound:server{port=3000}: linkerd_app_inbound::policy::authorize::http: Request denied server=grafana tls=None(NoClientHello) client=50.50.55.177:33170
我只是尝试按照官方文档安装 Linkerd viz 扩展,但所有 pods 都处于崩溃循环中。
linkerd viz install | kubectl apply -f -
r proxy-admin
[ 29.797889s] INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}: linkerd_app_inbound::policy::authorize::http: Request denied server=proxy-admin tls=None(NoClientHello) client=50.50.55.177:47068
[ 29.797910s] INFO ThreadId(02) daemon:admin{listen.addr=0.0.0.0:4191}:rescue{client.addr=50.50.55.177:47068}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server proxy-admin
[ 29.817790s] INFO ThreadId(01) linkerd_proxy::signal: received SIGTERM, starting shutdown
Kubernetes 集群出现错误Server Version: v1.21.5-eks-bc4871b
问题是默认安装的政策。
这会授权来自 clusterNetworks configuration 中 IP 的未经身份验证的请求。如果源 IP (<public-ip-address-of-hel-k1>) 不在该列表中,这些连接将被拒绝。要解决此问题,可以使用以下内容更新授权策略:
spec:
client:
unauthenticated: true
networks:
- cidr: 0.0.0.0/0
默认策略缺少客户端部分
networks:
- cidr: 0.0.0.0/0
要更新策略,获取服务器授权
k get ServerAuthorization -n linkerd-viz
NAME SERVER
admin admin
grafana grafana
metrics-api metrics-api
proxy-admin proxy-admin
现在编辑 admin、grafana、proxy-admin 和 grafana 并添加 networks 部分。
k edit ServerAuthorization metrics-api
在修复此问题后,我也遇到了 grafana 错误,这有助于我通过添加网络部分来修复。
[ 32.278014s] INFO ThreadId(01) inbound:server{port=3000}:rescue{client.addr=50.50.53.140:44718}: linkerd_app_core::errors::respond: Request failed error=unauthorized connection on server grafana
[ 38.176927s] INFO ThreadId(01) inbound:server{port=3000}: linkerd_app_inbound::policy::authorize::http: Request denied server=grafana tls=None(NoClientHello) client=50.50.55.177:33170