Feat/app channel middlewares #1
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Marcos Candeia <[email protected]>
Signed-off-by: Marcos Candeia <[email protected]>
|
Hey @mcandeia Thanks for the PR Looks like im getting a health probe error trying to start your image: This is causing a crashloop in the pods |
|
That's awkward because I just tried it again and... it worked I had to reapply ./configure-dapr.yaml ./configure-app.yaml because nginx is not ready yet at that time And the daprd looks fine @ewassef
|
|
Hi, after manually run those "kubectl apply -f ..." commands, works as expected as below. root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# ls -l
total 76
-rw-r--r-- 1 root root 12399 Oct 11 21:37 config-crd.yaml
-rw-r--r-- 1 root root 1634 Oct 11 21:37 configure-app.yaml
-rw-r--r-- 1 root root 1097 Oct 11 21:37 configure-dapr.yaml
-rwx------ 1 root root 11156 Oct 11 21:43 get_helm.sh
-rw-r--r-- 1 root root 363 Oct 11 21:37 kind.yaml
-rw-r--r-- 1 root root 27113 Oct 11 21:37 nginx-values.yaml
-rwxr-xr-x 1 root root 976 Oct 11 22:15 setup-manually.sh
-rwxr-xr-x 1 root root 972 Oct 11 21:37 setup.sh
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# cat setup-manually.sh
#install kind on your local machine
#install kind, exposing 80 and 443 ports for ingress
kind create cluster --config ./kind.yaml
#install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.yaml
#install dapr
helm repo add dapr https://dapr.github.io/helm-charts/
helm repo update
helm upgrade --install dapr dapr/dapr \
--namespace dapr-system \
--create-namespace \
--set global.registry=ghcr.io/mcandeia \
--set global.tag=1.9.0-app-ch-middleware-linux-amd64 \
--wait
#install ingress-nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade --install nginx ingress-nginx/ingress-nginx -f nginx-values.yaml -n ingress-nginx --create-namespace --version 4.0.6
#kubectl apply -f ./config-crd.yaml
#kubectl apply -f ./configure-dapr.yaml
#kubectl apply -f ./configure-app.yaml
#This call should fail based on the policy.
#curl http://backend.dev-k8s.cloud/
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# ./setup-manually.sh
Creating cluster "kind" ...
✓ Ensuring node image (kindest/node:v1.25.2) 🖼
✓ Preparing nodes 📦
✓ Writing configuration 📜
✓ Starting control-plane 🕹️
✓ Installing CNI 🔌
✓ Installing StorageClass 💾
Set kubectl context to "kind-kind"
You can now use your cluster with:
kubectl cluster-info --context kind-kind
Have a nice day! 👋
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
namespace/cert-manager created
serviceaccount/cert-manager-cainjector created
serviceaccount/cert-manager created
serviceaccount/cert-manager-webhook created
configmap/cert-manager-webhook created
clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created
clusterrole.rbac.authorization.k8s.io/cert-manager-view created
clusterrole.rbac.authorization.k8s.io/cert-manager-edit created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created
clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests created
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews created
role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created
role.rbac.authorization.k8s.io/cert-manager:leaderelection created
role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created
rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection created
rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection created
rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving created
service/cert-manager created
service/cert-manager-webhook created
deployment.apps/cert-manager-cainjector created
deployment.apps/cert-manager created
deployment.apps/cert-manager-webhook created
mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created
validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook created
"dapr" already exists with the same configuration, skipping
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "dapr" chart repository
Update Complete. ⎈Happy Helming!⎈
Release "dapr" does not exist. Installing it now.
NAME: dapr
LAST DEPLOYED: Tue Oct 11 22:18:17 2022
NAMESPACE: dapr-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for installing Dapr: High-performance, lightweight serverless runtime for cloud and edge
Your release is named dapr.
To get started with Dapr, we recommend using our quickstarts:
https://github.com/dapr/quickstarts
For more information on running Dapr, visit:
https://dapr.io
"ingress-nginx" already exists with the same configuration, skipping
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "dapr" chart repository
...Successfully got an update from the "ingress-nginx" chart repository
Update Complete. ⎈Happy Helming!⎈
Release "nginx" does not exist. Installing it now.
NAME: nginx
LAST DEPLOYED: Tue Oct 11 22:20:22 2022
NAMESPACE: ingress-nginx
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
Get the application URL by running these commands:
export POD_NAME=$(kubectl --namespace ingress-nginx get pods -o jsonpath="{.items[0].metadata.name}" -l "app=ingress-nginx,component=controller,release=nginx")
kubectl --namespace ingress-nginx port-forward $POD_NAME 8080:80
echo "Visit http://127.0.0.1:8080 to access your application."
An example Ingress that makes use of the controller:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
name: example
namespace: foo
spec:
ingressClassName: example-class
rules:
- host: www.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: exampleService
port: 80
# This section is only required if TLS is to be enabled for the Ingress
tls:
- hosts:
- www.example.com
secretName: example-tls
If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:
apiVersion: v1
kind: Secret
metadata:
name: example-tls
namespace: foo
data:
tls.crt: <base64 encoded cert>
tls.key: <base64 encoded key>
type: kubernetes.io/tls
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
cert-manager cert-manager-66bd77df8f-99sbw 1/1 Running 0 3m8s
cert-manager cert-manager-cainjector-6495667ff4-gpcpr 1/1 Running 0 3m8s
cert-manager cert-manager-webhook-59d6cdfb6f-dnhkz 1/1 Running 0 3m8s
dapr-system dapr-dashboard-6548c7547b-zlrjz 1/1 Running 0 3m9s
dapr-system dapr-operator-7688f55d4-wrbnx 1/1 Running 1 (2m16s ago) 3m9s
dapr-system dapr-placement-server-0 1/1 Running 1 (2m13s ago) 3m9s
dapr-system dapr-sentry-57d98b56f-qrkh6 1/1 Running 0 3m8s
dapr-system dapr-sidecar-injector-7695ccdd86-gpj8w 1/1 Running 0 3m9s
ingress-nginx nginx-ingress-nginx-controller-6c5795595-lvsld 0/2 ContainerCreating 0 25s
kube-system coredns-565d847f94-pj9f5 1/1 Running 0 3m8s
kube-system coredns-565d847f94-tpz4s 1/1 Running 0 3m9s
kube-system etcd-kind-control-plane 1/1 Running 0 3m35s
kube-system kindnet-75dr5 1/1 Running 0 3m10s
kube-system kube-apiserver-kind-control-plane 1/1 Running 0 3m35s
kube-system kube-controller-manager-kind-control-plane 1/1 Running 0 3m37s
kube-system kube-proxy-kcr4s 1/1 Running 0 3m10s
kube-system kube-scheduler-kind-control-plane 1/1 Running 0 3m38s
local-path-storage local-path-provisioner-684f458cdd-lq92m 1/1 Running 0 3m9s
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
cert-manager cert-manager-66bd77df8f-99sbw 1/1 Running 0 5m3s
cert-manager cert-manager-cainjector-6495667ff4-gpcpr 1/1 Running 0 5m3s
cert-manager cert-manager-webhook-59d6cdfb6f-dnhkz 1/1 Running 0 5m3s
dapr-system dapr-dashboard-6548c7547b-zlrjz 1/1 Running 0 5m4s
dapr-system dapr-operator-7688f55d4-wrbnx 1/1 Running 1 (4m11s ago) 5m4s
dapr-system dapr-placement-server-0 1/1 Running 1 (4m8s ago) 5m4s
dapr-system dapr-sentry-57d98b56f-qrkh6 1/1 Running 0 5m3s
dapr-system dapr-sidecar-injector-7695ccdd86-gpj8w 1/1 Running 0 5m4s
ingress-nginx nginx-ingress-nginx-controller-6c5795595-lvsld 2/2 Running 0 2m20s
kube-system coredns-565d847f94-pj9f5 1/1 Running 0 5m3s
kube-system coredns-565d847f94-tpz4s 1/1 Running 0 5m4s
kube-system etcd-kind-control-plane 1/1 Running 0 5m30s
kube-system kindnet-75dr5 1/1 Running 0 5m5s
kube-system kube-apiserver-kind-control-plane 1/1 Running 0 5m30s
kube-system kube-controller-manager-kind-control-plane 1/1 Running 0 5m32s
kube-system kube-proxy-kcr4s 1/1 Running 0 5m5s
kube-system kube-scheduler-kind-control-plane 1/1 Running 0 5m33s
local-path-storage local-path-provisioner-684f458cdd-lq92m 1/1 Running 0 5m4s
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# kubectl apply -f ./config-crd.yaml
Warning: resource customresourcedefinitions/configurations.dapr.io is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
customresourcedefinition.apiextensions.k8s.io/configurations.dapr.io configured
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# kubectl apply -f ./configure-dapr.yaml
ingress.networking.k8s.io/dashboard created
ingress.networking.k8s.io/backend created
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# kubectl apply -f ./configure-app.yaml
configuration.dapr.io/opa-test created
component.dapr.io/opa-policy created
deployment.apps/sample created
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# kubectl get po
NAME READY STATUS RESTARTS AGE
sample-f774d99f6-m5p9d 2/2 Running 0 2m13s
root@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# curl http://backend.dev-k8s.cloud/
Forbiddenroot@iZt4nh8vug3nj8bsnkb8y0Z:~/dapr/dapr-fix-4475-opa-dapr# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.