我安装了 istioctl,然后使用 isitoctl 通过 isitioctl operator init 设置了一个运行良好的操作符。然后我创建了以下 istiooperator crd 实例,它工作得很好:
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: control-plane
spec:
profile: default
meshConfig:
outboundTrafficPolicy:
mode: ALLOW_ANY
accessLogFile: /dev/stdout
enableTracing: true
components:
pilot:
namespace: istio-system
enabled: true
我可以看到我的 sidecar pod 被注入到我告诉 istio 监视的命名空间中,所以它工作得很好。
如果我将一个 statefulset 部署到那些部署基于 ubuntu 的容器的命名空间之一,该容器除了睡眠之外什么都不做,我可以看到 sidecar 被注入并记录它正在工作。部署在默认配置文件中的 Istiod 和 ingressgateway 也可以正常登录。
这里是问题所在。我有一个 ip 摄像头,我可以使用 http 和 https 在 kubernetes 外卷曲并且返回正常:
matt@matt$ curl -kL -u '<user>:<pass>' https://<cam_ip>/rcp.xml?command=0x00b9&type=T_DWORD&direction=READ
[1] 23573
[2] 23574
matt@matt$
<rcp>
<command>
<hex>0x00b9</hex>
<dec> 185</dec>
</command>
<type>T_DWORD</type>
<direction>READ</direction>
<num>0</num>
<idstring></idstring>
<payload></payload>
<cltid>0x009d</cltid><sessionid>0x00000000</sessionid><auth>2</auth><protocol>TCP</protocol> <result>
<hex>0x00028aef</hex>
<dec> 166639</dec>
</result>
</rcp>
[1]- Done curl -kL -u '<user>:<pass>' https://<cam_ip>/rcp.xml?command=0x00b9
[2]+ Done type=T_DWORD
matt@matt$ curl -kL -u '<user>:<pass>' http://<cam_ip>/rcp.xml?command=0x00b9&type=T_DWORD&direction=READ
[1] 23653
[2] 23654
matt@matt$
<rcp>
<command>
<hex>0x00b9</hex>
<dec> 185</dec>
</command>
<type>T_DWORD</type>
<direction>READ</direction>
<num>0</num>
<idstring></idstring>
<payload></payload>
<cltid>0x009e</cltid><sessionid>0x00000000</sessionid><auth>2</auth><protocol>TCP</protocol> <result>
<hex>0x00028aff</hex>
<dec> 166655</dec>
</result>
</rcp>
[1]- Done curl -kL -u '<user>:<pass>' http://<cam_ip>/rcp.xml?command=0x00b9
[2]+ Done type=T_DWORD
如果我将 istio 和 exec 删除到 sleep 容器中,命令仍然可以正常工作,但是当我在部署 istio 并执行相同的 curl 请求时 exec 到 sleep 容器中时,https 返回正常,但 http 返回错误:
root@sleep:/app# curl -kL -u '<user>:<pass>' https://<cam_ip>/rcp.xml?command=0x00b9&type=T_DWORD&direction=READ
[1] 777
[2] 778
root@sleep:/app#
<rcp>
<command>
<hex>0x00b9</hex>
<dec> 185</dec>
</command>
<type>T_DWORD</type>
<direction>READ</direction>
<num>0</num>
<idstring></idstring>
<payload></payload>
<cltid>0x00a0</cltid><sessionid>0x00000000</sessionid><auth>2</auth><protocol>TCP</protocol> <result>
<hex>0x00028f2e</hex>
<dec> 167726</dec>
</result>
</rcp>
[1]- Done curl -kL -u '<user>:<pass>' https://<cam_ip>/rcp.xml?command=0x00b9
[2]+ Done type=T_DWORD
root@sleep:/app# curl -kL -u '<user>:<pass>' http://<cam_ip>/rcp.xml?command=0x00b9&type=T_DWORD&direction=READ
[1] 779
[2] 780
root@sleep:/app# <HTML><HEAD><TITLE>401 Authorization Required</TITLE></HEAD><BODY><H1>Authorization Required</H1>this server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesnt understand how to supply the credentials required.</BODY></HTML>
[1]- Done curl -kL -u '<user>:<pass>' http://<cam_ip>/rcp.xml?command=0x00b9
[2]+ Done type=T_DWORD
root@sleep:/app#
谁能帮我理解发生了什么?