英文:
Why I cant find istio gateway under namespace of istio-system or any other namespace after creating?
问题
我已经为我的K8s集群设置了Istio,看起来它成功地运行了。istioctl也可以运行,并返回与我的K8s集群兼容的版本1.17.2。
部署输出如下。
k8s@k8master-virtual-machine:~$ kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
istio-egressgateway-85649899f8-ccgs4 1/1 Running 0 2m58s
istio-ingressgateway-f56888458-bzkfk 1/1 Running 0 2m58s
istiod-64848b6c78-74s48 1/1 Running 0 3m2s
k8s@k8master-virtual-machine:~/istio-yamls$ kubectl get rolebindings -n istio-system
NAME ROLE AGE
istio-egressgateway-sds Role/istio-egressgateway-sds 27m
istio-ingressgateway-sds Role/istio-ingressgateway-sds 27m
istiod Role/istiod 27m
istiod-istio-system Role/istiod-istio-system 27m
k8s@k8master-virtual-machine:~/istio-yamls$ kubectl get roles -n istio-system
NAME CREATED AT
istio-egressgateway-sds 2023-05-25T06:48:22Z
istio-ingressgateway-sds 2023-05-25T06:48:22Z
istiod 2023-05-25T06:48:18Z
istiod-istio-system 2023-05-25T06:48:16Z
问题:
我遇到的非常奇怪的问题如下。当我使用kubectl apply -f gateway.yaml命令应用我的网关文件时,它显示已创建。
k8s@k8master-virtual-machine:~/istio-yamls$ kubectl apply -f gateway.yaml
gateway.networking.istio.io/testmy-gateway created
但是当我使用get命令查看状态时,我看到没有找到资源。
k8s@k8master-virtual-machine:~/istio-yamls$ kubectl get gateway -n istio-system
No resources found in istio-system namespace.
在我的YAML文件中,我使用了命名空间istio-system,因为这是我的YAML文件。
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: testmy-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: gw-http
protocol: HTTP
hosts:
- '*'
我已经尝试过的修复方法:
我查看了所有命名空间中的网关,但没有找到任何内容。我卸载了Istio并删除了其命名空间CRD和所有数据,以便重新开始,但仍然遇到相同的问题。我创建了一个具有相同资源的新K8s集群,并部署了这个Istio设置,它完美运行。
我发现了一个类似于我的问题的StackOverflow问题,但答案只有一个评论。我很难理解它背后的逻辑。
我想要什么?
由于相同的Istio设置和YAML文件在另一个集群上可以正常工作,这意味着这个集群存在问题。我尝试了一切来找出问题所在,但没有运气。我需要找出为什么我的网关文件在这里部署了但没有显示出来,**或者请解释一下其他问题的信息是如何关键的?**我甚至检查了网关名称并深入研究了它,但发现了相同的问题。任何帮助、建议和支持将不胜感激。提前感谢。
英文:
I have set up istio for my k8s cluster and it seems successfully working. The istioctl also works and return version 1.17.2 which is compatible with my k8s cluster.
Deployment output is as follows.
k8s@k8master-virtual-machine:~$ kubectl get pods -n istio-system
NAME READY STATUS RESTARTS AGE
istio-egressgateway-85649899f8-ccgs4 1/1 Running 0 2m58s
istio-ingressgateway-f56888458-bzkfk 1/1 Running 0 2m58s
istiod-64848b6c78-74s48 1/1 Running 0 3m2s
k8s@k8master-virtual-machine:~/istio-yamls$ kubectl get rolebindings -n istio-system
NAME ROLE AGE
istio-egressgateway-sds Role/istio-egressgateway-sds 27m
istio-ingressgateway-sds Role/istio-ingressgateway-sds 27m
istiod Role/istiod 27m
istiod-istio-system Role/istiod-istio-system 27m
k8s@k8master-virtual-machine:~/istio-yamls$ kubectl get roles -n istio-system
NAME CREATED AT
istio-egressgateway-sds 2023-05-25T06:48:22Z
istio-ingressgateway-sds 2023-05-25T06:48:22Z
istiod 2023-05-25T06:48:18Z
istiod-istio-system 2023-05-25T06:48:16Z
Problem:
The very strange problem I faced is as follows. When I apply my gateway file with kubectl apply -f gateway.yaml it shows created.
k8s@k8master-virtual-machine:~/istio-yamls$ kubectl apply -f gateway.yaml
gateway.networking.istio.io/testmy-gateway created
But when I use the get command to see the status I see no resources found.
k8s@k8master-virtual-machine:~/istio-yamls$ kubectl get gateway -n istio-system
No resources found in istio-system namespace.
In my YAML file, I used the namespace istio-system as this is my yaml file.
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: testmy-gateway
namespace: istio-system
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: gw-http
protocol: HTTP
hosts:
- '*'
What I have done to fix it?
I look to the gateway in all namespaces and I found nothing.
I uninstall istio and delete its namespace CRDs and all the data to start clean and still face the same issue.
I create a new k8s cluster with the same resources and deploy this Istio setup it works perfectly.
I found a StackOverflow question like my problem but the answer is just one comment. I am struggling to understand the logic behind it.
What Do I want?
As the same Istio setup and yaml files perfectly work on another cluster, it means something is wrong with this cluster. I have tried everything to find the problem but no luck. I need to find out why my gateway file is deployed here but not shown. OR Please Explain the other question how does that information matter? I even check the gateway name and deeply it and found the same issue.
Any help suggestions and support will be appreciated. Thanks in Advance.
答案1
得分: 1
以下是翻译好的部分:
-
有两种可能的解释,为什么即使成功应用了网关,您仍然看不到它。
-
您的集群中有一个与 istio 无关的具有相同名称(复数形式)
gateways但不同组的不同 CRD。
您可以通过运行kubectl get crd | grep gateways 来验证哪一个是真实情况。这将显示具有该复数形式的所有 CRD。检查那些名称为 gateways.<some-api-group> 的 CRD。
如果是旧的、未使用的 CRD,您可以删除它。否则,您需要在 kubectl 命令中指定您的 kubectl,比如 kubectl get gateways.networking.istio.io,因为 kubectl 不知道您指的是哪个组,会显示您没有任何资源的另一个组。
这可能是因为 Kubernetes Gateway API gateways.gateway.networking.k8s.io CRD。如果您的集群已经提供它,您可以考虑使用该 CRD 配置您的网关,参见 文档。
否则,您需要每次都指定整个名称,包括 istio 组。如果这太麻烦,您可以创建一个别名。
英文:
There are two possible explanations why you don't see the gateway, even if it has been applied successfully.
-
You installed an old version of istio before (which you confirmed in your comment) and the gateway CRD's group changed since then, but the old one hasn't been cleaned up/is still supported and thus it's still there.
-
You have a different CRD with the same name (plural)
gatewaysbut different group (unrelated to istio) in your cluster.
You can verify which one is true by kubectl get crd | grep gateways which will show you all CRDs with that plural. Check those that have a name of gateways.<some-api-group>.
If it's an old, unused CRD you can delete it. Otherwise you need to specify your kubectl command, like kubectl get gateways.networking.istio.io, because kubectl doesn't know which group you mean and shows you the other one for which you don't have any resources.
It's probably because of the Kubernetes Gateway API gateways.gateway.networking.k8s.io CRD. You could think about configuring your gateway using that CRD instead if your cluster already provides it, see docs.
Otherwise you need to specify the whole name, including the istio group, every time. You could create an alias if that is too annoying.
答案2
得分: 0
当我运行 kubectl get crd | grep gateways 时,我看到了四个网关:
- gateways.gateway.networking.k8s.io
- gateways.networking.istio.io
- gateways.networking.istio.local
- httpgateways.gateway.solo.io
我使用这个命令 kubectl delete crd gateways......... 删除了它们。
之后,我运行了 istioctl install --set profile=demo -y,它重新安装了CRD。
当我再次部署gateway.yaml文件时,出现了错误:
Error from server (NotFound): Unable to list "gateway.solo.io/v1, Resource=gateways": the server could not find the requested resource (get gateways.gateway.solo.io)
最后,我重启了istio-system命名空间中的3个部署:
- istio-egressgateway
- istio-ingressgateway
- istiod
现在,当我部署gateway.yaml文件时,它正常工作。
但是,我仍然想要一些关于这些CRD和网关的解释以及它们的作用是什么的说明。为什么在清理一切时它们没有被删除呢?
我希望这能帮助到某人。
英文:
When I run kubectl get crd | grep gateways I saw four gateways
gateways.gateway.networking.k8s.io
gateways.networking.istio.io
gateways.networking.istio.local
httpgateways.gateway.solo.io
I deleted all of them with this command kubectl delete crd gateways.........
After I run istioctl install --set profile=demo -y It install imp CRD again.
When I deploy again the gateway.yaml file it was showing an error
Error from server (NotFound): Unable to list "gateway.solo.io/v1, Resource=gateways": the server could not find the requested resource (get gateways.gateway.solo.io)
Finally, I restart all 3 deployments from istio-system namespace
NAME READY UP-TO-DATE AVAILABLE AGE
istio-egressgateway 1/1 1 1 138m
istio-ingressgateway 1/1 1 1 138m
istiod 1/1 1 1 138m
Now when I deploy the gateway.yaml file it works.
However, I am still looking for some explanation of why these crd and gateways matter and what are their roles? How come they are not deleted when I clean everything?
I hope this helps someone.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论