我的书签
添加书签
移除书签- 配置分析消息
- IST0001: InternalError
- IST0002: Deprecated
- IST0101: ReferencedResourceNotFound
- IST0102: NamespaceNotInjected
- IST0103: PodMissingProxy
- IST0104: GatewayPortNotOnWorkload
- IST0105: IstioProxyImageMismatch
- IST0106: SchemaValidationError
- IST0107: MisplacedAnnotation
- IST0108: UnknownAnnotation
- IST0109: ConflictingMeshGatewayVirtualServiceHosts
- IST0110: ConflictingSidecarWorkloadSelectors
- IST0111: MultipleSidecarsWithoutWorkloadSelectors
- IST0112: VirtualServiceDestinationPortSelectorRequired
- IST0113: MTLSPolicyConflict
- IST0116: DeploymentAssociatedToMultipleServices
- IST0117: DeploymentRequiresServiceAssociated
- IST0118: PortNameIsNotUnderNamingConvention
- IST0119: JwtFailureDueToInvalidServicePortPrefix
- IST0122: InvalidRegexp
- IST0123: NamespaceMultipleInjectionLabels
- IST0125: InvalidAnnotation
- IST0126: UnknownMeshNetworksServiceRegistry
- IST0127: NoMatchingWorkloadsFound
- IST0128: NoServerCertificateVerificationDestinationLevel
- IST0129: NoServerCertificateVerificationPortLevel
- IST0130: VirtualServiceUnreachableRule
- IST0131: VirtualServiceIneffectiveMatch
- IST0132: VirtualServiceHostNotFoundInGateway
- IST0133: SchemaWarning
- IST0134: ServiceEntryAddressesRequired
- IST0135: DeprecatedAnnotation
- IST0136: AlphaAnnotation
- IST0137: DeploymentConflictingPorts
- IST0138: GatewayDuplicateCertificate
- IST0139: InvalidWebhook
- IST0140: IngressRouteRulesNotAffected
- IST0141: InsufficientPermissions
- IST0142: UnsupportedKubernetesVersion
- IST0143: LocalhostListener
- IST0144: InvalidApplicationUID
- IST0145: ConflictingGateways
- IST0146: ImageAutoWithoutInjectionWarning
- IST0147: ImageAutoWithoutInjectionError
- IST0148: NamespaceInjectionEnabledByDefault
- IST0149: JwtClaimBasedRoutingWithoutRequestAuthN
配置分析消息
istioctl 提供了对 Istio 配置状态的丰富分析,以便标识无效或次优的配置。这是此分析可能产生的错误或警告消息的列表。
IST0001: InternalError
There was an internal error in the toolchain. This is almost always a bug in the implementation.
IST0002: Deprecated
A feature that the configuration is depending on is now deprecated.
IST0101: ReferencedResourceNotFound
A resource being referenced does not exist.
IST0102: NamespaceNotInjected
A namespace is not enabled for Istio injection.
IST0103: PodMissingProxy
A pod is missing the Istio proxy.
IST0104: GatewayPortNotOnWorkload
Unhandled gateway port
IST0105: IstioProxyImageMismatch
The image of the Istio proxy running on the pod does not match the image defined in the injection configuration.
IST0106: SchemaValidationError
The resource has a schema validation error.
IST0107: MisplacedAnnotation
An Istio annotation is applied to the wrong kind of resource.
IST0108: UnknownAnnotation
An Istio annotation is not recognized for any kind of resource
IST0109: ConflictingMeshGatewayVirtualServiceHosts
Conflicting hosts on VirtualServices associated with mesh gateway
IST0110: ConflictingSidecarWorkloadSelectors
A Sidecar resource selects the same workloads as another Sidecar resource
IST0111: MultipleSidecarsWithoutWorkloadSelectors
More than one sidecar resource in a namespace has no workload selector
IST0112: VirtualServiceDestinationPortSelectorRequired
A VirtualService routes to a service with more than one port exposed, but does not specify which to use.
IST0113: MTLSPolicyConflict
A DestinationRule and Policy are in conflict with regards to mTLS.
IST0116: DeploymentAssociatedToMultipleServices
The resulting pods of a service mesh deployment can’t be associated with multiple services using the same port but different protocols.
IST0117: DeploymentRequiresServiceAssociated
The resulting pods of a service mesh deployment must be associated with at least one service.
IST0118: PortNameIsNotUnderNamingConvention
Port name is not under naming convention. Protocol detection is applied to the port.
IST0119: JwtFailureDueToInvalidServicePortPrefix
Authentication policy with JWT targets Service with invalid port specification.
IST0122: InvalidRegexp
Invalid Regex
IST0123: NamespaceMultipleInjectionLabels
A namespace has both new and legacy injection labels
IST0125: InvalidAnnotation
An Istio annotation that is not valid
IST0126: UnknownMeshNetworksServiceRegistry
A service registry in Mesh Networks is unknown
IST0127: NoMatchingWorkloadsFound
There aren’t workloads matching the resource labels
IST0128: NoServerCertificateVerificationDestinationLevel
No caCertificates are set in DestinationRule, this results in no verification of presented server certificate.
IST0129: NoServerCertificateVerificationPortLevel
No caCertificates are set in DestinationRule, this results in no verification of presented server certificate for traffic to a given port.
IST0130: VirtualServiceUnreachableRule
A VirtualService rule will never be used because a previous rule uses the same match.
IST0131: VirtualServiceIneffectiveMatch
A VirtualService rule match duplicates a match in a previous rule.
IST0132: VirtualServiceHostNotFoundInGateway
Host defined in VirtualService not found in Gateway.
IST0133: SchemaWarning
The resource has a schema validation warning.
IST0134: ServiceEntryAddressesRequired
Virtual IP addresses are required for ports serving TCP (or unset) protocol
IST0135: DeprecatedAnnotation
A resource is using a deprecated Istio annotation.
IST0136: AlphaAnnotation
An Istio annotation may not be suitable for production.
IST0137: DeploymentConflictingPorts
Two services selecting the same workload with the same targetPort MUST refer to the same port.
IST0138: GatewayDuplicateCertificate
Duplicate certificate in multiple gateways may cause 404s if clients re-use HTTP2 connections.
IST0139: InvalidWebhook
Webhook is invalid or references a control plane service that does not exist.
IST0140: IngressRouteRulesNotAffected
Route rules have no effect on ingress gateway requests
IST0141: InsufficientPermissions
Required permissions to install Istio are missing.
IST0142: UnsupportedKubernetesVersion
The Kubernetes version is not supported
IST0143: LocalhostListener
A port exposed in a Service is bound to a localhost address
IST0144: InvalidApplicationUID
Application pods should not run as user ID (UID) 1337
IST0145: ConflictingGateways
Gateway should not have the same selector, port and matched hosts of server
IST0146: ImageAutoWithoutInjectionWarning
Deployments with `image: auto` should be targeted for injection.
IST0147: ImageAutoWithoutInjectionError
Pods with `image: auto` should be targeted for injection.
IST0148: NamespaceInjectionEnabledByDefault
user namespace should be injectable if Istio is installed with enableNamespacesByDefault enabled and neither injection label is set.
IST0149: JwtClaimBasedRoutingWithoutRequestAuthN
Virtual service using JWT claim based routing without request authentication.
