https://authzed.com logo
Join Discord
Powered by
I tried updating the SpiceDB cluster
# spicedb
t
I tried updating the SpiceDB cluster port using the 
grpc-addr
flag, but now the health check is failing. Is there anywhere else I have to update the port? (Error in 🧵)
Copy code
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
  name: spicedb-cluster
  namespace: spicedb
spec:
  config:
    image: authzed/spicedb:v1.37.1
    grpcAddr: ':9090'
Copy code
establishing connection
timeout: failed to connect service "localhost:50051" within 1s
12m (x2 over 14m)      Normal    Created             Pod/spicedb-cluster-spicedb-7b6bfd8f95-zvwvf    Created container spicedb
12m (x2 over 14m)      Normal    Pulled              Pod/spicedb-cluster-spicedb-7b6bfd8f95-zvwvf    Container image "authzed/spicedb:v1.37.1" already present on machine
4m31s (x77 over 14m)   Warning   Unhealthy           Pod/spicedb-cluster-spicedb-7b6bfd8f95-zvwvf    Readiness probe failed: parsed options:
> addr=localhost:50051 conn_timeout=1s rpc_timeout=1s
> tls=false
> alts=false
> spiffe=false
j
why are you changing the port internally?
t
A particular customer's security requirements restricts which ports we can use for gRPC
j
you should be able to just change the port mapping?
here, I believe you're changing the port being used in the container
t
Oh okay, that makes sense. Since the SpiceDBCluster manages the Service, would I do that through a patch? This wasn't working for me:
Copy code
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
  name: spicedb-cluster
  namespace: spicedb
spec:
  config:
    image: authzed/spicedb:v1.37.1
  patches:
    - kind: Service
      patch:
        spec:
          ports:
            - name: grpc
              port: 9090
              protocol: TCP
              targetPort: 50051
I got readiness probe errors from the operator itself: 
Readiness probe failed: Get "http://10.244.1.134:8080/healthz": dial tcp 10.244.1.134:8080: connect: connection refused
e
haven't seen that before - can I see the operator logs?
you're probably running into an issue because 9090 is already defined
Copy code
- name: grpc
    port: 50051
    protocol: TCP
    targetPort: 50051
  - name: gateway
    port: 8443
    protocol: TCP
    targetPort: 8443
  - name: metrics
    port: 9090
    protocol: TCP
    targetPort: 9090
  - name: dispatch
    port: 50053
    protocol: TCP
    targetPort: 50053
these are the ports on the service
also - the dispatch API is also grpc and needs to be on a different port
which may conflict with those port requirements
t
Good call, I looked at the events, not the logs. Here's the log error. I guess I duplicated the grpc port instead of replacing it?
Copy code
E0530 17:27:48.949494       1 handler.go:31] "requeueing after error" err="Service \"spicedb-cluster\" is invalid: spec.ports[1].name: Duplicate value: \"grpc\"" syncID="M/G5O" controller="spicedbclusters" obj={"name":"spicedb-cluster","namespace":"spicedb"}
And thanks for pointing that out. What is the 
dispatch
API for? nvm, I see the docs for it, definitely an important endpoint: https://authzed.com/docs/spicedb/concepts/dispatch
I'll add that I switched to 9091 just to test before sending that log ^^
29 Views
PreviousNext
Powered by