Title
p
Prchowdh
12/22/2022, 10:26 AMI am trying this in my local Kubernetes Cluster https://authzed.com/docs/spicedb/operator
NB: Don't have any prior experience in Kubernetes.
kubectl port-forward deployment/dev-spicedb 50051:50051
Error from server (NotFound): deployments.apps "dev-spicedb" not foundv
vroldanbet
12/22/2022, 11:00 AM👋🏻 maybe try setting the namespace? alternatively, to make sure its not something with the command, you could use Lens which has functionality integrate to easily port forward in a couple of clicks:
https://k8slens.dev/
p
Prchowdh
12/23/2022, 3:11 PMDon't have subscription for lens 🙂
Doesn't it look like , something has to be updated in the documentation ?
v
vroldanbet
12/23/2022, 3:51 PMkubectl port-forward deployment/dev-spicedb 50051:50051
Forwarding from 127.0.0.1:50051 -> 50051
Forwarding from [::1]:50051 -> 50051kindp
Prchowdh
12/23/2022, 4:08 PM@vroldanbet haven't used kind cluster 🙂 . how do you tell kubectl to point to kind cluster ?
v
vroldanbet
12/23/2022, 4:09 PM@Prchowdh kind is a tool to create kubernetes clusters, is not something you need to use in this particular example
p
Prchowdh
12/23/2022, 4:12 PMYes I got that , but it is not working for me . So thought of giving kind a try
v
vroldanbet
12/23/2022, 4:15 PMI see! Sorry 😅
kind create cluster --name test
kubectx kind-test
kubectl apply --server-side -k github.com/authzed/spicedb-operator/config
kubectl -n spicedb-operator get pods
kubectl apply --server-side -f - <<EOF
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
name: dev
spec:
config:
datastoreEngine: memory
secretName: dev-spicedb-config
---
apiVersion: v1
kind: Secret
metadata:
name: dev-spicedb-config
stringData:
preshared_key: "averysecretpresharedkey"
EOF
kubectl port-forward deployment/dev-spicedb 50051:50051you'd need to install
kindkubectxp
Prchowdh
12/23/2022, 4:16 PMOkay thanks , let me give it a try
Worked with kind , something wrong with my cluster setup 😔
This finally worked 🙂
What is grpc endpoint for this cluster ? Like , for serverless this is the endpoint grpc.authzed.com:443 we have used. Is this localhost:50051 or something else ?
E1224 22:12:03.240060 11297 portforward.go:407] an error occurred forwarding 50051 -> 50051: error forwarding port 50051 to pod 82eda9455446158fa9f13d52e07c77d06b2a08e3efed1f30d0b6f9e5a02770a8, uid : failed to execute portforward in network namespace "/var/run/netns/cni-3e7e7071-d8bf-097e-8817-4f1a8de45fba": read tcp4 127.0.0.1:44630->127.0.0.1:50051: read: connection reset by peer
E1224 22:12:03.240454 11297 portforward.go:233] lost connection to pod
[22:25]
I am getting this when tried with java client
v
vroldanbet
12/26/2022, 12:07 PMcan you post your
SpiceDBClusterp
Prchowdh
12/26/2022, 3:02 PMI just followed this step - https://authzed.com/docs/spicedb/operator . Can you guide me how do I extract the yaml file ?
v
vroldanbet
12/26/2022, 4:13 PMI believe you've hit this bug: https://github.com/authzed/spicedb-operator/issues/111
the fix has been merged in main (https://github.com/authzed/spicedb-operator/pull/112), but we haven't made a release of the spicedb-operator with it yet
p
Prchowdh
12/26/2022, 4:31 PMAny work around for now ?
v
vroldanbet
12/26/2022, 4:32 PMthe only workaround is editing the
Deploymentspicedb-operatorSPICEDB_DISPATCH_UPSTREAM_ADDRin this case it would be the
dev-spicedbalternatively you can build your own spicedb-operator from
mainp
Prchowdh
12/26/2022, 4:47 PMJust confirming , this is what my environment variable looks like
Environment:
SPICEDB_LOG_LEVEL: info
SPICEDB_DISPATCH_UPSTREAM_ADDR: kubernetes:///dev.default:dispatch
SPICEDB_GRPC_PRESHARED_KEY: <set to the key 'preshared_key' in secret 'dev-spicedb-config'> Optional: false
SPICEDB_DATASTORE_ENGINE: memory
SPICEDB_DISPATCH_CLUSTER_ENABLED: falsev
vroldanbet
12/26/2022, 4:50 PMcorrect. You'd have to remove the second env variable
p
Prchowdh
12/26/2022, 4:58 PMUpdated to this
Environment:
SPICEDB_LOG_LEVEL: info
SPICEDB_GRPC_PRESHARED_KEY: <set to the key 'preshared_key' in secret 'dev-spicedb-config'> Optional: false
SPICEDB_DATASTORE_ENGINE: memory
SPICEDB_DISPATCH_CLUSTER_ENABLED: falseGetting this error ,
E1226 22:27:37.526604 1372290 portforward.go:407] an error occurred forwarding 50051 -> 50051: error forwarding port 50051 to pod b67ffe63fd36ba79e05af7675b8950034161f7b9ce27dd3622bbc08d5c5f952a, uid : failed to execute portforward in network namespace "/var/run/netns/cni-6011b2f6-72a4-fbd6-7df7-135e24351365": read tcp4 127.0.0.1:56538->127.0.0.1:50051: read: connection reset by peer
E1226 22:27:37.527453 1372290 portforward.go:233] lost connection to podzed schema write <(cat << EOF
definition blog/user {}
definition blog/post {
relation reader: blog/user
relation writer: blog/user
permission read = reader + writer
permission write = writer
}
EOF
)
10:27PM FTL failed to write schema error="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: tls: first record does not look like a TLS handshake\""v
vroldanbet
12/26/2022, 5:01 PMyou should make sure to use
--insecurep
Prchowdh
12/26/2022, 5:09 PMOkay , worked with zed . Trying to make it work from java client . How to pass insecure there ? I am getting this following error from java client , guessing this is for insecure ?
E1226 22:37:38.546618 1375522 portforward.go:407] an error occurred forwarding 50051 -> 50051: error forwarding port 50051 to pod b67ffe63fd36ba79e05af7675b8950034161f7b9ce27dd3622bbc08d5c5f952a, uid : failed to execute portforward in network namespace "/var/run/netns/cni-6011b2f6-72a4-fbd6-7df7-135e24351365": read tcp4 127.0.0.1:54768->127.0.0.1:50051: read: connection reset by peerv
vroldanbet
12/26/2022, 5:11 PMp
Prchowdh
12/26/2022, 5:31 PMThank you 🙂