第 7 章已知问题

SKUPPER-1802 - skupper 服务状态报告当前站点中不存在的服务

如果您在网络上禁用了 service-sync，并在一个站点上公开服务，则 skupper service status 命令将这些服务报告为在所有其他站点上现有的，即使该服务在这些站点上不存在。

临时解决方案

要解决这个问题，请使用 skupper service status -v 了解公开的服务和可用性。

例如，在 west 网站上：

skupper service status

Services exposed through Skupper:
╰─ backend:8080 (tcp)

$ skupper service status

Services exposed through Skupper:
╰─ backend:8080 (tcp)

Copy to Clipboard

Toggle word wrap

但是，该服务不会在 west 站点上存在。使用详细输出来显示服务仅存在于 east 站点上：

skupper service status -v

Services exposed through Skupper:
╰─ backend:8080 (tcp)
   ╰─ Sites:
      ╰─ 316fbe31-299b-490b-9391-7b46507d76f1(east)
         │ policy: disabled
         ╰─ Targets:
            ╰─ backend:8080 name=backend-9d84544df-rbzj

$ skupper service status -v

Services exposed through Skupper:
╰─ backend:8080 (tcp)
   ╰─ Sites:
      ╰─ 316fbe31-299b-490b-9391-7b46507d76f1(east)
         │ policy: disabled
         ╰─ Targets:
            ╰─ backend:8080 name=backend-9d84544df-rbzj

Copy to Clipboard

Toggle word wrap

SKUPPER-869 - 为 TCP 传输启用闲置连接超时
如果端点被终止，例如客户端被终止，其他端点会观察到半关闭的连接。如果其他端点没有关闭连接或试图向连接发送数据，Skupper 路由器不会释放分配给该连接的内存
临时解决方案
如果可能，请避免使用此行为的客户端服务器配置。例如，如果服务器自动关闭 dormant 连接，或者尝试与客户端通信，则 Skupper 路由器会在客户端终止时释放内存。

SKUPPER-805 - skupper init 在 OCP 3.11 上不适用于普通用户。

临时解决方案

有两个临时解决方案：

使用 YAML 配置站点。
使用以下权限创建服务帐户来运行 skupper CLI：

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: skupper-non-admin
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - pods/exec
  - services
  - secrets
  - serviceaccounts
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete
- apiGroups:
  - apps
  resources:
  - deployments
  - statefulsets
  - daemonsets
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete
- apiGroups:
  - route.openshift.io
  resources:
  - routes
  verbs:
  - get
  - list
  - watch
  - create
  - delete
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  - networkpolicies
  verbs:
  - get
  - list
  - watch
  - create
  - delete
- apiGroups:
  - projectcontour.io
  resources:
  - httpproxies
  verbs:
  - get
  - list
  - watch
  - create
  - delete
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - rolebindings
  - roles
  verbs:
  - get
  - list
  - watch
  - create
  - delete

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: skupper-non-admin
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - pods/exec
  - services
  - secrets
  - serviceaccounts
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete
- apiGroups:
  - apps
  resources:
  - deployments
  - statefulsets
  - daemonsets
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - delete
- apiGroups:
  - route.openshift.io
  resources:
  - routes
  verbs:
  - get
  - list
  - watch
  - create
  - delete
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  - networkpolicies
  verbs:
  - get
  - list
  - watch
  - create
  - delete
- apiGroups:
  - projectcontour.io
  resources:
  - httpproxies
  verbs:
  - get
  - list
  - watch
  - create
  - delete
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - rolebindings
  - roles
  verbs:
  - get
  - list
  - watch
  - create
  - delete

Copy to Clipboard

Toggle word wrap

您可以将上面的 YAML 保存到 role.yaml 中，应用它并将角色绑定到用户名：

oc apply -f role.yaml
 oc policy add-role-to-user skupper-non-admin <username> -n <namespace-name> --role-namespace=<namespace-name>

$ oc apply -f role.yaml
$  oc policy add-role-to-user skupper-non-admin <username> -n <namespace-name> --role-namespace=<namespace-name>

Copy to Clipboard

Toggle word wrap

第 7 章已知问题

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

第 7 章 已知问题

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

第 7 章已知问题