https://authzed.com logo
Join Discord
Powered by
I am trying this in my local Kubernetes Cluster ht...
# spicedb
p
I am trying this in my local Kubernetes Cluster https://authzed.com/docs/spicedb/operator NB: Don't have any prior experience in Kubernetes.
Copy code
kubectl port-forward deployment/dev-spicedb 50051:50051
Error from server (NotFound): deployments.apps "dev-spicedb" not found
Am I doing anything wrong ? something missing in the document ?
v
👋🏻 maybe try setting the namespace? alternatively, to make sure its not something with the command, you could use Lens which has functionality integrate to easily port forward in a couple of clicks: https://k8slens.dev/
p
Don't have subscription for lens 🙂
Doesn't it look like , something has to be updated in the documentation ?
v
Copy code
kubectl port-forward deployment/dev-spicedb 50051:50051
Forwarding from 127.0.0.1:50051 -> 50051
Forwarding from [::1]:50051 -> 50051
followed the instructions in a brand new 
kind
cluster and seems to work fine here
p
@vroldanbet haven't used kind cluster 🙂 . how do you tell kubectl to point to kind cluster ?
v
@Prchowdh kind is a tool to create kubernetes clusters, is not something you need to use in this particular example
p
Yes I got that , but it is not working for me . So thought of giving kind a try
v
I see! Sorry 😅
Copy code
kind create cluster --name test 
kubectx kind-test
kubectl apply --server-side -k github.com/authzed/spicedb-operator/config
kubectl -n spicedb-operator get pods 

kubectl apply --server-side -f - <<EOF                                   
apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
  name: dev
spec:
  config:
    datastoreEngine: memory
  secretName: dev-spicedb-config
---
apiVersion: v1
kind: Secret
metadata:
  name: dev-spicedb-config
stringData:
  preshared_key: "averysecretpresharedkey"
EOF

kubectl port-forward deployment/dev-spicedb 50051:50051
you'd need to install 
kind
and 
kubectx
(the later is a tool to switch kube contexts)
p
Okay thanks , let me give it a try
Worked with kind , something wrong with my cluster setup 😔
This finally worked 🙂
What is grpc endpoint for this cluster ? Like , for serverless this is the endpoint grpc.authzed.com:443 we have used. Is this localhost:50051 or something else ?
E1224 22:12:03.240060 11297 portforward.go:407] an error occurred forwarding 50051 -> 50051: error forwarding port 50051 to pod 82eda9455446158fa9f13d52e07c77d06b2a08e3efed1f30d0b6f9e5a02770a8, uid : failed to execute portforward in network namespace "/var/run/netns/cni-3e7e7071-d8bf-097e-8817-4f1a8de45fba": read tcp4 127.0.0.1:44630->127.0.0.1:50051: read: connection reset by peer E1224 22:12:03.240454 11297 portforward.go:233] lost connection to pod [22:25] I am getting this when tried with java client
v
can you post your 
SpiceDBCluster
YAML ?
p
I just followed this step - https://authzed.com/docs/spicedb/operator . Can you guide me how do I extract the yaml file ?
v
the fix has been merged in main (https://github.com/authzed/spicedb-operator/pull/112), but we haven't made a release of the spicedb-operator with it yet
p
Any work around for now ?
v
the only workaround is editing the 
Deployment
generated by 
spicedb-operator
manually. You'll need to remove the following environment variable:
Copy code
SPICEDB_DISPATCH_UPSTREAM_ADDR
in this case it would be the 
dev-spicedb
Deployment
alternatively you can build your own spicedb-operator from 
main
and use it
p
Just confirming , this is what my environment variable looks like
Copy code
Environment:
      SPICEDB_LOG_LEVEL:                 info
      SPICEDB_DISPATCH_UPSTREAM_ADDR:    kubernetes:///dev.default:dispatch
      SPICEDB_GRPC_PRESHARED_KEY:        <set to the key 'preshared_key' in secret 'dev-spicedb-config'>  Optional: false
      SPICEDB_DATASTORE_ENGINE:          memory
      SPICEDB_DISPATCH_CLUSTER_ENABLED:  false
v
correct. You'd have to remove the second env variable
p
Updated to this
Copy code
Environment:
      SPICEDB_LOG_LEVEL:                 info
      SPICEDB_GRPC_PRESHARED_KEY:        <set to the key 'preshared_key' in secret 'dev-spicedb-config'>  Optional: false
      SPICEDB_DATASTORE_ENGINE:          memory
      SPICEDB_DISPATCH_CLUSTER_ENABLED:  false
Getting this error ,
Copy code
E1226 22:27:37.526604 1372290 portforward.go:407] an error occurred forwarding 50051 -> 50051: error forwarding port 50051 to pod b67ffe63fd36ba79e05af7675b8950034161f7b9ce27dd3622bbc08d5c5f952a, uid : failed to execute portforward in network namespace "/var/run/netns/cni-6011b2f6-72a4-fbd6-7df7-135e24351365": read tcp4 127.0.0.1:56538->127.0.0.1:50051: read: connection reset by peer
E1226 22:27:37.527453 1372290 portforward.go:233] lost connection to pod
when I am trying this
Copy code
zed schema write <(cat << EOF
definition blog/user {}

definition blog/post {
relation reader: blog/user
relation writer: blog/user

permission read = reader + writer
permission write = writer
}
EOF
)
10:27PM FTL failed to write schema error="rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: tls: first record does not look like a TLS handshake\""
v
you should make sure to use 
--insecure
in your zed context
p
Okay , worked with zed . Trying to make it work from java client . How to pass insecure there ? I am getting this following error from java client , guessing this is for insecure ?
Copy code
E1226 22:37:38.546618 1375522 portforward.go:407] an error occurred forwarding 50051 -> 50051: error forwarding port 50051 to pod b67ffe63fd36ba79e05af7675b8950034161f7b9ce27dd3622bbc08d5c5f952a, uid : failed to execute portforward in network namespace "/var/run/netns/cni-6011b2f6-72a4-fbd6-7df7-135e24351365": read tcp4 127.0.0.1:54768->127.0.0.1:50051: read: connection reset by peer
v
p
Thank you 🙂
PreviousNext
Powered by