问题描述
- 在开启了istio-injection的basic命名空间下部署了一个redis服务
[root@iZbp1fxnyg4hmvid4rvt7fZ download]# kubectl -n basic get pods
NAME READY STATUS RESTARTS AGE
redis-6d94c9d49c-m7snq 2/2 Running 0 107m
- 通过
kubectl exec -it 进入redis容器内部连接16379服务正常,局域网中连接istio gateway暴露的服务出现以下错误
[root@iZbp1fxnyg4hmvid4rvt7fZ download]# redis-cli -h redis.basic.svc.cluster.local -p 80
redis.basic.svc.cluster.local:80> get Test
Error: Protocol error, got "H" as reply type byte
环境背景
- k8s版本: 1.15.0
- istio版本: 1.4.3
相关代码
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: docker.io/redis:5.0.5-alpine
imagePullPolicy: IfNotPresent
ports:
- containerPort: 16379
protocol: TCP
name: redis-port
volumeMounts:
- name: redis-data
mountPath: /data
- name: redis-conf
mountPath: /etc/redis
command:
- "redis-server"
args:
- "/etc/redis/redis.conf"
- "--protected-mode"
- "no"
volumes:
- name: redis-conf
configMap:
name: redis-conf
items:
- key: redis.conf
path: redis.conf
- name: redis-data
nfs:
path: /data/redis
server: 172.16.8.34
---
apiVersion: v1
kind: Service
metadata:
name: redis-svc
labels:
app: redis-svc
spec:
type: ClusterIP
ports:
- name: redis-port
port: 16379
protocol: TCP
selector:
app: redis
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: redis-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: tcp
protocol: TCP
hosts:
- "redis.basic.svc.cluster.local"
# ---
# apiVersion: networking.istio.io/v1alpha3
# kind: DestinationRule
# metadata:
# name: redis-svc
# spec:
# host: redis-svc
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: redis-vs
spec:
hosts:
- "redis.basic.svc.cluster.local"
gateways:
- redis-gateway
tcp:
- route:
- destination:
host: redis-svc.basic.svc.cluster.local
port:
number: 16379
极客观点
项目管理
HarmonyOS
去掉 Redis 的
--protected-mode、或指定其值为no再试下。另外再确认下 Redis 的配置文件里是否开启了 SSL 双向认证,如果有也一并关掉,因为 Istio 当前还不支持 Redis TLS。