[GitHub] [apisix] tokers commented on issue #8552: help request: Service discovery uses K8S to start an error report ,endpoints is forbidden 403

Sun, 25 Dec 2022 17:35:26 -0800 


tokers commented on issue #8552:
URL: https://github.com/apache/apisix/issues/8552#issuecomment-1364793021

   > So far, the faults in the use of kubernetes discovery that I have found 
mainly include four aspects:
   > 
   > 1. Using kubernetes discovery in version 2.13, if the configuration value 
refers to environment variables (the default configuration will be used 
automatically), it needs to be injected through nginx_config.envs
   > 
   > ```
   >    discovery:
   >       kubernetes: { }
   >     nginx_config:                     # config for render the template to 
genarate nginx.conf
   >       envs:
   >         - KUBERNETES_SERVICE_HOST
   >         - KUBERNETES_SERVICE_PORT
   > ```
   > 
   > 2. The server_name address configuration is incorrect
   > 
   > > service_name should match pattern: [namespace]/[name]:[portName]
   > > namespace: The namespace where the Kubernetes endpoints is located
   > > name: The name of the Kubernetes endpoints
   > > portName: The ports.name value in the Kubernetes endpoints, if there is 
no ports.name, use targetPort, port instead
   > 
   > 3. ServiceAccount permission is not enough
   > 
   > > Q: What permissions do 
[ServiceAccount]([https://kubernetes.io/docs/tasks/configure-pod-container/configure-service->](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-%3E)
 account/) require?
   > > A: ServiceAccount requires the permissions of cluster-level [ get, list, 
watch ] endpoints resources, the declarative
   > 
   > 4. The proxy network timeout does not match the timeout of the watch 
apiserver
   >    see issue [help request: As a user, I use kubernetes service discovery 
,same apisix instance ,It took a long time to get the changed ip 
#8313](https://github.com/apache/apisix/issues/8313)
   > 
   > you can check against the list
   
   @zhixiongdu027 That's quite valuable. Could you also submit a PR to add them 
to docs? Thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to