Hey guys I have a small issue SpiceDB #spicedb

Hey guys I have a small issue

Farhad Nowzari

10/09/2023, 1:06 PM

Hey guys, I have a small issue. I have spice db installed on kubernetes with the operator and deployed the cluster. The spicedb pods are healthy and the healthcheck is also fine. but when I portforward the spicedb service on 50051 and add the context to

zed

it throws the following error on reading schemas https://cdn.discordapp.com/attachments/844600078948630559/1160926169181470812/image.png?ex=65366fbf&is=6523fabf&hm=1be0f2180fbb511c6e3025ccd2901f24b2057718dcda07c51ac98f3d626d71ba&

Farhad Nowzari

10/09/2023, 1:06 PM

The preshared key is set to the context

yetitwo

10/09/2023, 1:18 PM

are you running with TLS, and did you add the

--insecure

flag to the zed context?

Farhad Nowzari

10/09/2023, 1:41 PM

with the --insecure flag it worked. but I have an ingress with nginx in front of it and the endpoint has letsencrypt certificate. does we need to let the ssl get to the pod? by default nginx blocks it

yetitwo

10/09/2023, 2:01 PM

depends on your intentions with your deployment more generally

yetitwo

10/09/2023, 2:01 PM

it's valid to terminate at nginx, it's also valid to terminate at spicedb

Farhad Nowzari

10/09/2023, 2:51 PM

but the --insecure should be fine right? since the connection from client to server is already encrypted and then from nginx to spicedb is inseecure then

Farhad Nowzari

10/09/2023, 2:52 PM

btw, I just noticed that the zed cli, warns about using version 1.24 which is an older version. But the operator doesn't update to version 1.25

Farhad Nowzari

10/09/2023, 2:53 PM

if I set the version to 1.25 on channel stable, the operator will not do anything

yetitwo

10/09/2023, 2:57 PM

yeah i treat those warnings as "good to know" rather than "something is wrong"

yetitwo

10/09/2023, 2:58 PM

yeah, i think the insecure flag in this context is fine

Farhad Nowzari

10/10/2023, 12:34 PM

Thank you 😉

14 Views

Previous Next