[GitHub] [apisix] Maple521 commented on pull request #7232: docs: update kubernetes document

Thu, 09 Mar 2023 22:44:10 -0800 


Maple521 commented on PR #7232:
URL: https://github.com/apache/apisix/pull/7232#issuecomment-1463347829

   I have met the same problem, but I still can't solve it according to the 
above plan.
   
   
![image](https://user-images.githubusercontent.com/30151992/224241629-b8f050c3-bae5-4ca8-bad6-25b1db7fa978.png)
   `
   discovery:
     kubernetes:
       service:
         schema: https
         host: "192.168.65.4"
         port: "6443"
       client:
         token: |-  
           eyJhbGciOixxxxxxxx
         #token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
       namespace_selector:
         equal: service-k8s-demo`
   
   my upstream service config is:
   `{
     "timeout": {
       "connect": 6,
       "send": 6,
       "read": 6
     },
     "type": "roundrobin",
     "scheme": "http",
     "discovery_type": "kubernetes",
     "pass_host": "pass",
     "name": "get service-provider service from K8s",
     "service_name": "service-k8s-demo/service-provider:tcp30000",
     "keepalive_pool": {
       "idle_timeout": 60,
       "requests": 1000,
       "size": 320
     }
   }`
   
   Then when I ask the Apisix gateway, it will report an error:
   `172.19.0.1 - - [10/Mar/2023:06:38:37 +0000] hongchenkezhan.com "GET 
/provider/provider-hello HTTP/1.1" 503 269 0.000 "-" 
"PostmanRuntime-ApipostRuntime/1.1.0" - - - "http://hongchenkezhan.com";
   2023/03/10 06:38:47 [error] 50#50: *53318 [lua] init.lua:486: 
handle_upstream(): failed to set upstream: no valid upstream node: nil, client: 
172.19.0.1, server: _, request: "GET /provider/provider-hello HTTP/1.1", host: 
"hongchenkezhan.com"`
   
   
![image](https://user-images.githubusercontent.com/30151992/224242319-08d6af08-802e-4f20-a06c-fa48811201bc.png)
   
   I obtained the token through this command:
   `kubectl -n service-k8s-demo  exec -it service-provider-6d47bdd64-4zqhd -- 
cat /var/run/secrets/kubernetes.io/serviceaccount/token`
   
   This is the configuration of my serviceaccount. It has permissions:
   `apiVersion: v1
   kind: Namespace
   metadata:
     name: service-k8s-demo
     labels:
       name: service-k8s-demo
   
   ---
   
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: service-k8s-demo
     namespace: service-k8s-demo
   
   ---
   
   kind: ClusterRole
   apiVersion: rbac.authorization.k8s.io/v1
   metadata:
     namespace: service-k8s-demo
     name: service-k8s-demo
   rules:
     - apiGroups:
       - ""
       resources:
       - services
       - configmaps
       - endpoints
       - nodes
       - pods
       - secrets
       - namespaces
       verbs:
       - get
       - list
       - watch
   
   ---
   
   apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: service-k8s-demo
     namespace: service-k8s-demo
   subjects:
   - kind: ServiceAccount
     name: service-k8s-demo
     namespace: service-k8s-demo
   roleRef:
     kind: ClusterRole
     name: service-k8s-demo
     apiGroup: rbac.authorization.k8s.io`
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to