Appendixes

Context

**Table 1** Common Terms
Acronym/Abbreviation	Term	Description	Component
CR	container runtime	A container runtime is a component that is responsible for managing the execution and lifecycle of containers within the environment.	Docker containerd
SC	StorageClass	A StorageClass provides a way for administrators to describe the classes of storage they offer.	NFS hostPath Disk
CNI	Container Network Interface	Container Network Interface (CNI) plugins comply with Advanced Program-to Program Communications (APPC) or CNI and are crucial for cluster networking.	Calico Cilium Macvlan
VPC	Virtual Private Cloud	A VPC isolates a private virtual network for cloud resources, such as cloud servers, containers, and databases.	N/A
Registry	image repository	A container image repository is a vault (or repository collection) used to store Kubernetes container images, container images developed using DevOps, and container images created from containerized applications.	Private repository Public repository

Troubleshooting

The multi-cloud collaboration platform cannot be accessed using an EIP (bound to the virtual IP address of istio-ingressgateway)
When you are accessing the multi-cloud collaboration platform using an EIP, the page is not displayed, and you are redirected to a private IP address of the VPC.

If this happens, you need to replace and modify the address information in the Ghippo module.
```
helm -n ghippo-system get values ghippo > /tmp/ghippo
helm -n ghippo-system upgrade ghippo ghippo/ghippo --values=/tmp/ghippo --set global.reverseProxy=https://119.x.x.x (This is the EIP bound to the virtual IP address of istio-ingressgateway.)
```
istio-ingressgateway cannot be started when the cluster (or any worker node) is restarted
Figure 1 Error message

Possible cause: The jwtsUri address of the RequestAuthentication ghippo CR cannot be accessed. As a result, Istiod cannot deliver configurations to the istio-ingressgateway.
Solution:
1. Back up RequestAuthentication ghippo CR.
```
kubectl get RequestAuthentication ghippo -n istio-system -o yaml > ghippo-ra.yaml
```
1. Delete RequestAuthentication ghippo CR.
```
kubectl delete RequestAuthentication ghippo -n istio-system
```
2. Restart Istio.
```
kubectl rollout restart deploy/istiod -n istio-system  
kubectl rollout restart deploy/istio-ingressgateway -n istio-system 
```
3. Apply RequestAuthentication ghippo CR again.
```
kubectl apply -f ghippo-ra.yaml
## Before applying RequestAuthentication ghippo CR, ensure that ghippo-apiserver and ghippo-keycloak have been started.
```
MySQL becomes faulty.
An error is reported when the CR fails to create a database.

The database is running normally. An error is reported when the CR is used to create the database. The cause is that the password of the MySQL root user contains special characters.

Figure 2 Error reported when the CR fails to create a database

Solution:
1. View the password.
```
[root@master-01 ~]$ kubectl get secret -n mcamel-system mcamel-common-mysql-cluster-secret -o=jsonpath='{.data.ROOT_PASSWORD}' | base64 -d
```
  If the password contains hyphens (-), the following error message is displayed when you enter the password in the MySQL shell:
```
bash-4.4# mysql -uroot -p  
Enter password:  
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
```
1. Perform the clean-up and rebuilding.
  - Method 1: Clear the data directory, delete the pod, and wait until the sidecar is running. Then delete the data directory and the pod again.
```
[root@master-01 ~]# kubectl exec -it mcamel-common-mysql-cluster-mysql-1 -n mcamel-system -c sidecar -- /bin/sh  
sh-4.4# cd /var/lib/mysql  
sh-4.4# ls | xargs rm -rf
```
  - Method 2: Delete the PVC and then delete the pod.
```
kubectl delete pvc data-mcamel-common-mysql-cluster-mysql-1 -n mcamel-system  
kubectl delete pod mcamel-common-mysql-cluster-mysql-1 -n mcamel-system
```