zhixiongdu027 commented on issue #8552:
URL: https://github.com/apache/apisix/issues/8552#issuecomment-1364414724
So far, the faults in the use of kubernetes discovery that I have found
mainly include four aspects:
1. Using kubernetes discovery in version 2.13, if the configuration value
refers to environment variables (the default configuration will be used
automatically), it needs to be injected through nginx_config.envs
```
discovery:
kubernetes: { }
nginx_config: # config for render the template to
genarate nginx.conf
envs:
- KUBERNETES_SERVICE_HOST
- KUBERNETES_SERVICE_PORT
```
2. The server_name address configuration is incorrect
>
> service_name should match pattern: [namespace]/[name]:[portName]
> namespace: The namespace where the Kubernetes endpoints is located
> name: The name of the Kubernetes endpoints
> portName: The ports.name value in the Kubernetes endpoints, if there is no
ports.name, use targetPort, port instead
>
3. ServiceAccount permission is not enough
>
> Q: What permissions do
[ServiceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service->
account/) require?
>
> A: ServiceAccount requires the permissions of cluster-level [ get, list,
watch ] endpoints resources, the declarative
>
4. The proxy network timeout does not match the timeout of the watch
apiserver
see issue #8313
you can check against the list
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
