You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "zzjin (via GitHub)" <gi...@apache.org> on 2023/04/26 10:16:53 UTC
[GitHub] [apisix-ingress-controller] zzjin opened a new issue, #1816: bug: apisix-ingress-controller gateway cannot listen tcproute
zzjin opened a new issue, #1816:
URL: https://github.com/apache/apisix-ingress-controller/issues/1816
### Current Behavior
Apply gateway+tcproute notwork
### Expected Behavior
tcproute works as except.
### Error Logs
```
1 reflector.go:424] pkg/mod/k8s.io/client-go@v0.25.4/tools/cache/reflector.go:169: failed to list *v1alpha2.TCPRoute: tcproutes.gateway.networking.k8s.io is forbidden: User "system:serviceaccount:apisix:apisix-ingress-controller" cannot list resource "tcproutes" in API group "gateway.networking.k8s.io" at the cluster scope
1 reflector.go:140] pkg/mod/k8s.io/client-go@v0.25.4/tools/cache/reflector.go:169: Failed to watch *v1alpha2.TCPRoute: failed to list *v1alpha2.TCPRoute: tcproutes.gateway.networking.k8s.io is forbidden: User "system:serviceaccount:apisix:apisix-ingress-controller" cannot list resource "tcproutes" in API group "gateway.networking.k8s.io" at the cluster scope
```
### Steps to Reproduce
1. Apply k8s gateway api exp version:
```
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v0.6.2/standard-install.yaml
```
2. Install apisix with ingress+gateway enabled:
```bash
helm upgrade -i apisix apisix/apisix -n apisix --create-namespace \
--set ingress-controller.enabled=true \
--set ingress-controller.config.apisix.serviceNamespace=apisix \
--set gateway.type=NodePort \
--set gateway.http.containerPort=80 \
--set apisix.kind=DaemonSet \
--set apisix.hostNetwork=true \
--set gateway.tls.enabled=true \
--set gateway.tls.containerPort=443 \
--set gateway.tls.servicePort=443 \
--set apisix.securityContext.runAsUser=0 \
--set ingress-controller.config.kubernetes.enableGatewayAPI=true
```
3. Apply gatewayclass&gateway&tcproute
```yaml
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: GatewayClass
metadata:
name: apisix-lb
spec:
controllerName: apisix.apache.org/gateway-controller
---
apiVersion: gateway.networking.k8s.io/v1beta1
kind: Gateway
metadata:
name: test-tcp-gateway
spec:
gatewayClassName: apisix-lb
listeners:
- name: test-1
protocol: TCP
port: 30001
allowedRoutes:
kinds:
- kind: TCPRoute
---
apiVersion: gateway.networking.k8s.io/v1alpha2
kind: TCPRoute
metadata:
name: tcp-test-1
spec:
parentRefs:
- name: test-tcp-gateway
sectionName: test-1
rules:
- backendRefs:
- name: pg-cluster-postgresql
port: 5432
### Environment
- APISIX Ingress controller version (run `apisix-ingress-controller version --long`)
```
Version: 1.6.0
Git SHA: no-git-module
Go Version: go1.19.4
Building OS/Arch: linux/amd64
Running OS/Arch: linux/amd64
```
- Kubernetes cluster version (run `kubectl version`)
```
clientVersion:
buildDate: "2023-01-18T19:22:09Z"
compiler: gc
gitCommit: ff2c119726cc1f8926fb0585c74b25921e866a28
gitTreeState: clean
gitVersion: v1.25.6
goVersion: go1.19.5
major: "1"
minor: "25"
platform: linux/amd64
kustomizeVersion: v4.5.7
serverVersion:
buildDate: "2023-01-18T19:15:26Z"
compiler: gc
gitCommit: ff2c119726cc1f8926fb0585c74b25921e866a28
gitTreeState: clean
gitVersion: v1.25.6
goVersion: go1.19.5
major: "1"
minor: "25"
platform: linux/amd64
```
- OS version if running APISIX Ingress controller in a bare-metal environment (run `uname -a`)
```
Linux master0 5.15.0-1032-gcp #40-Ubuntu SMP Fri Mar 31 01:34:12 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] bug: apisix-ingress-controller gateway cannot listen tcproute [apisix-ingress-controller]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] closed issue #1816: bug: apisix-ingress-controller gateway cannot listen tcproute
URL: https://github.com/apache/apisix-ingress-controller/issues/1816
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1816: bug: apisix-ingress-controller gateway cannot listen tcproute
Posted by "tao12345666333 (via GitHub)" <gi...@apache.org>.
tao12345666333 commented on issue #1816:
URL: https://github.com/apache/apisix-ingress-controller/issues/1816#issuecomment-1523215779
The error log shows that your RBAC configuration is wrong
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] zzjin commented on issue #1816: bug: apisix-ingress-controller gateway cannot listen tcproute
Posted by "zzjin (via GitHub)" <gi...@apache.org>.
zzjin commented on issue #1816:
URL: https://github.com/apache/apisix-ingress-controller/issues/1816#issuecomment-1524978053
As I'm using expermntal resources like tcproute,I must add rbac clusterrole tcproutes,udproutes manual.
After add clusterrole, apisix-ingress-controller do not log rbac error.
But problem still exists. no tcproute can be accessed,without error log.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #1816: bug: apisix-ingress-controller gateway cannot listen tcproute
Posted by "tao12345666333 (via GitHub)" <gi...@apache.org>.
tao12345666333 commented on issue #1816:
URL: https://github.com/apache/apisix-ingress-controller/issues/1816#issuecomment-1527144117
you can refer to this test case https://github.com/apache/apisix-ingress-controller/blob/2182a48cbca785373eca745a13d8cf2b7d9ab6c8/test/e2e/suite-gateway/gateway_tcproute.go#L30
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] zzjin commented on issue #1816: bug: apisix-ingress-controller gateway cannot listen tcproute
Posted by "zzjin (via GitHub)" <gi...@apache.org>.
zzjin commented on issue #1816:
URL: https://github.com/apache/apisix-ingress-controller/issues/1816#issuecomment-1524982060
As I'm using expermntal resources like tcproute,I must add rbac clusterrole tcproutes,udproutes manual.
After add clusterrole, apisix-ingress-controller do not log rbac error.
But problem still exists. no tcproute can be accessed,without error log.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] karl-chanel commented on issue #1816: bug: apisix-ingress-controller gateway cannot listen tcproute
Posted by "karl-chanel (via GitHub)" <gi...@apache.org>.
karl-chanel commented on issue #1816:
URL: https://github.com/apache/apisix-ingress-controller/issues/1816#issuecomment-1615842038
mark
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix-ingress-controller] github-actions[bot] commented on issue #1816: bug: apisix-ingress-controller gateway cannot listen tcproute
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #1816:
URL: https://github.com/apache/apisix-ingress-controller/issues/1816#issuecomment-1741616780
This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] bug: apisix-ingress-controller gateway cannot listen tcproute [apisix-ingress-controller]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #1816:
URL: https://github.com/apache/apisix-ingress-controller/issues/1816#issuecomment-1784333514
This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org