Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ApiPlaneException: 401 Unauthorized #13

Open
liyongxian opened this issue Sep 10, 2021 · 10 comments
Open

ApiPlaneException: 401 Unauthorized #13

liyongxian opened this issue Sep 10, 2021 · 10 comments
Assignees

Comments

@liyongxian
Copy link

liyongxian commented Sep 10, 2021

Describe the bug
A clear and concise description of what the bug is.
发布服务时,报错:401 Unauthorized,无法从“K8s注册中心”获取服务列表
组件 hango-api-plane 日志详细信息:
2021-09-10 16:03:41.703 [http-nio-10880-exec-2] INFO o.h.c.w.i.RequestLogInterceptor ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e - ----- Request Id: 27c61646-f040-440c-a1e2-1033b2a2846e, Request Method: GET, Uri: /api?Action=GetServiceAndPortList&Type=Kubernetes&Version=2019-07-25 -----
2021-09-10 16:03:41.706 [http-nio-10880-exec-2] INFO o.h.c.c.k.http.DefaultK8sHttpClient ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e - Request{method=GET, url=https://10.43.0.1/api/v1/namespaces/hango-system/pods?labelSelector=app%3Distiod&fieldSelector=status.phase%3DRunning, tags={}}
2021-09-10 16:03:41.814 [http-nio-10880-exec-2] INFO o.h.c.c.k.http.DefaultK8sHttpClient ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e - Request{method=GET, url=https://10.43.0.1/api/v1/namespaces/hango-system/pods?labelSelector=app%3Distiod&fieldSelector=status.phase%3DRunning, tags={}}
2021-09-10 16:03:41.881 [http-nio-10880-exec-2] INFO o.h.c.u.i.RestTemplateLogInterceptor ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e - Request --> URI: http://10.42.97.240:8080/debug/endpointz?brief=true, Request Body:
2021-09-10 16:03:41.881 [http-nio-10880-exec-2] INFO o.h.c.u.i.RestTemplateLogInterceptor ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e - Request --> URI: http://10.42.97.240:8080/debug/endpointz?brief=true, Request Body:
2021-09-10 16:03:41.883 [http-nio-10880-exec-2] INFO o.h.c.u.i.RestTemplateLogInterceptor ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e - Response <-- Status code: 401
2021-09-10 16:03:41.883 [http-nio-10880-exec-2] INFO o.h.c.u.i.RestTemplateLogInterceptor ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e - Response <-- Status code: 401
2021-09-10 16:03:41.884 [http-nio-10880-exec-2] WARN o.h.cloud.core.istio.PilotHttpClient ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e -
org.springframework.web.client.HttpClientErrorException: 401 Unauthorized
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:78)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613)
at org.springframework.web.client.RestTemplate.getForEntity(RestTemplate.java:312)
at org.hango.cloud.core.istio.PilotHttpClient.getForEntity(PilotHttpClient.java:295)
at org.hango.cloud.core.istio.PilotHttpClient.access$100(PilotHttpClient.java:41)
at org.hango.cloud.core.istio.PilotHttpClient$1.load(PilotHttpClient.java:92)
at org.hango.cloud.core.istio.PilotHttpClient$1.load(PilotHttpClient.java:89)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3708)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2416)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2299)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2212)
at com.google.common.cache.LocalCache.get(LocalCache.java:4147)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:4151)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:5140)
at org.hango.cloud.core.istio.PilotHttpClient.getEndpoints(PilotHttpClient.java:199)
at org.hango.cloud.core.istio.PilotHttpClient.getEndpointList(PilotHttpClient.java:210)
at org.hango.cloud.core.istio.PilotHttpClient.getEndpointList(PilotHttpClient.java:248)
at org.hango.cloud.core.gateway.service.impl.DefaultResourceManager.getEndpointList(DefaultResourceManager.java:53)
at org.hango.cloud.core.gateway.service.impl.DefaultResourceManager.getServiceAndPortList(DefaultResourceManager.java:80)
at org.hango.cloud.service.impl.GatewayServiceImpl.getServiceAndPortList(GatewayServiceImpl.java:222)
at org.hango.cloud.web.controller.GatewayCommonController.getServiceAndPortList(GatewayCommonController.java:46)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.hango.cloud.web.filter.CacheHttpRequestFilter.doFilter(CacheHttpRequestFilter.java:20)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.hango.cloud.web.filter.LogUUIDFilter.doFilter(LogUUIDFilter.java:33)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.hango.cloud.web.filter.RequestContextHolderFilter.doFilter(RequestContextHolderFilter.java:20)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115)
at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59)
at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2021-09-10 16:03:41.888 [http-nio-10880-exec-2] ERROR o.h.c.u.a.CommonExceptionHandler ==== uuid:27c61646-f040-440c-a1e2-1033b2a2846e - Request Id: 27c61646-f040-440c-a1e2-1033b2a2846e, Common exception handler catch :
com.google.common.util.concurrent.UncheckedExecutionException: org.hango.cloud.util.exception.ApiPlaneException: 401 Unauthorized
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2218)
at com.google.common.cache.LocalCache.get(LocalCache.java:4147)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:4151)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:5140)
at org.hango.cloud.core.istio.PilotHttpClient.getEndpoints(PilotHttpClient.java:199)
at org.hango.cloud.core.istio.PilotHttpClient.getEndpointList(PilotHttpClient.java:210)
at org.hango.cloud.core.istio.PilotHttpClient.getEndpointList(PilotHttpClient.java:248)
at org.hango.cloud.core.gateway.service.impl.DefaultResourceManager.getEndpointList(DefaultResourceManager.java:53)
at org.hango.cloud.core.gateway.service.impl.DefaultResourceManager.getServiceAndPortList(DefaultResourceManager.java:80)
at org.hango.cloud.service.impl.GatewayServiceImpl.getServiceAndPortList(GatewayServiceImpl.java:222)
at org.hango.cloud.web.controller.GatewayCommonController.getServiceAndPortList(GatewayCommonController.java:46)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.hango.cloud.web.filter.CacheHttpRequestFilter.doFilter(CacheHttpRequestFilter.java:20)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.hango.cloud.web.filter.LogUUIDFilter.doFilter(LogUUIDFilter.java:33)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.hango.cloud.web.filter.RequestContextHolderFilter.doFilter(RequestContextHolderFilter.java:20)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115)
at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59)
at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.hango.cloud.util.exception.ApiPlaneException: 401 Unauthorized
at org.hango.cloud.core.istio.PilotHttpClient.getForEntity(PilotHttpClient.java:298)
at org.hango.cloud.core.istio.PilotHttpClient.access$100(PilotHttpClient.java:41)
at org.hango.cloud.core.istio.PilotHttpClient$1.load(PilotHttpClient.java:92)
at org.hango.cloud.core.istio.PilotHttpClient$1.load(PilotHttpClient.java:89)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3708)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2416)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2299)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2212)
... 81 common frames omitted

To Reproduce
Steps to reproduce the behavior:
部署参考:
https://github.com/hango-io/hango-gateway/blob/master/install/README.zh_CN.md

Expected behavior
A clear and concise description of what you expected to happen.

Additional context
Add any other context about the problem here, e.g.

  • Kubernetes version

image

  • OS
    image
@liyongxian
Copy link
Author

hango-api-plane的Pod的serviceaccount是 hango-apiplane,其 clusterrolebinding 是 cluster-admin,不应该 是 访问k8s api 权限的问题。

@ethanhanjiahao
Copy link
Member

这个链路是istiod调用k8s api,可以看下环境中istiod的clusterrolebinding。

@liyongxian
Copy link
Author

您好:还是不行啊。
istiod 用的role 是 istiod,权限如下:
image
涉及到的资源对象操作:
image

@liyongxian
Copy link
Author

维护的 网关信息和服务信息 没有做 持久化啊,重建 hango-api-plane 的pod后,维护的信息就没了。

@ethanhanjiahao
Copy link
Member

维护的 网关信息和服务信息 没有做 持久化啊,重建 hango-api-plane 的pod后,维护的信息就没了。

是的,如果需要持久化,可以对接到mysql。开源的是H2的,剥离了持久化数据库。

@ethanhanjiahao
Copy link
Member

您好:还是不行啊。
istiod 用的role 是 istiod,权限如下:
image
涉及到的资源对象操作:
image

先建议你可以istiod的clusterrolebinding改成cluster-admin 看看。k8s的apiserver是否做了限制?

@ethanhanjiahao ethanhanjiahao self-assigned this Sep 13, 2021
@liyongxian
Copy link
Author

liyongxian commented Sep 14, 2021

维护的 网关信息和服务信息 没有做 持久化啊,重建 hango-api-plane 的pod后,维护的信息就没了。

是的,如果需要持久化,可以对接到mysql。开源的是H2的,剥离了持久化数据库。

hango-gateway不是全部开源啊,在生产上不敢用,只能玩玩了。哎。

@ethanhanjiahao
Copy link
Member

ethanhanjiahao commented Sep 14, 2021

维护的 网关信息和服务信息 没有做 持久化啊,重建 hango-api-plane 的pod后,维护的信息就没了。

是的,如果需要持久化,可以对接到mysql。开源的是H2的,剥离了持久化数据库。

hango-gateway不是全部开源啊,在生产上不敢用,只能玩玩了。哎。

开源上,我们的方向更多是轻量,易用。如果有易用性方向问题,通过issue报告。
根据我们前期评估,H2向MySql持久化迁移改造成本比较低,我们可以在开源上提供指导方案,协助有需要的用户进行持久化改造。
可以通过修改hango-portal configmap中datasource配置完成切换,无需修改代码,例如:
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.type=org.apache.commons.dbcp2.BasicDataSource
spring.datasource.url=jdbc:mysql://xxxx

@liyongxian
Copy link
Author

维护的 网关信息和服务信息 没有做 持久化啊,重建 hango-api-plane 的pod后,维护的信息就没了。

是的,如果需要持久化,可以对接到mysql。开源的是H2的,剥离了持久化数据库。

hango-gateway不是全部开源啊,在生产上不敢用,只能玩玩了。哎。

开源上,我们的方向更多是轻量,易用。如果有易用性方向问题,通过issue报告。
根据我们前期评估,H2向MySql持久化迁移改造成本比较低,我们可以在开源上提供指导方案,协助有需要的用户进行持久化改造。
可以通过修改hango-portal configmap中datasource配置完成切换,无需修改代码,例如:
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.type=org.apache.commons.dbcp2.BasicDataSource
spring.datasource.url=jdbc:mysql://xxxx

非常感谢。怎么对接 自定义的Istiod服务,比如istio-system下的istio,而不是文档中通过Operator方式部署的Istio。

@liyongxian
Copy link
Author

liyongxian commented Sep 18, 2021

权限 问题 还是 没有解决,不知道是不是 和 高版本的Istio 不兼容。希望 项目组能 验证一下。
Istio版本:control plane version: 1.11.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants