There was an internal error in the toolchain. This is almost always a bug in the implementation.
istioctl 提供了对 Istio 配置状态的丰富分析，以便标识无效或次优的配置。这是此分析可能产生的错误或警告消息的列表。
A feature that the configuration is depending on is now deprecated.
A resource being referenced does not exist.
A namespace is not enabled for Istio injection.
A pod is missing the Istio proxy.
Unhandled gateway port
The image of the Istio proxy running on the pod does not match the image defined in the injection configuration.
The resource has a schema validation error.
An Istio annotation is applied to the wrong kind of resource.
An Istio annotation is not recognized for any kind of resource
Conflicting hosts on VirtualServices associated with mesh gateway
A Sidecar resource selects the same workloads as another Sidecar resource
More than one sidecar resource in a namespace has no workload selector
A VirtualService routes to a service with more than one port exposed, but does not specify which to use.
A DestinationRule and Policy are in conflict with regards to mTLS.
A Policy targets a port name that cannot be found.
A DestinationRule uses mTLS for a workload that has no sidecar.
The resulting pods of a service mesh deployment can't be associated with multiple services using the same port but different protocols.
The resulting pods of a service mesh deployment must be associated with at least one service.
Port name is not under naming convention. Protocol detection is applied to the port.
Authentication policy with JWT targets Service with invalid port specification.
The Policy resource is deprecated and will be removed in a future Istio release. Migrate to the PeerAuthentication resource.
The MeshPolicy resource is deprecated and will be removed in a future Istio release. Migrate to the PeerAuthentication resource.
A namespace has both new and legacy injection labels
An Istio annotation that is not valid
A service registry in Mesh Networks is unknown
There aren't workloads matching the resource labels
No caCertificates are set in DestinationRule, this results in no verification of presented server certificate.
No caCertificates are set in DestinationRule, this results in no verification of presented server certificate for traffic to a given port.
A VirtualService rule will never be used because a previous rule uses the same match.
A VirtualService rule match duplicates a match in a previous rule.