Comments (9)
Unfortunately, setting the LIVENESS to false did not seem to help:
nsc.log
nse.log
Did ping work for your scenario?
At the NSC, cannot get to a point to try anything because of the error.
Do you have a diagram/scheme/proposal what do you finally get?
This is the test scenario:
And this would be an example of building random topologies using these universal nodes:
from deployments-k8s.
In the provided test results, (unintentionally) both the nsc and the nse nodes provide the "icmp-responder" service (that was originating from the default Config). We corrected this after the logs were captured. Same result. Still get the error.
Also in the actual topology configuration there are no redundant service offers. Although each node provide and consume services, each service name is unique, based on the node id.
from deployments-k8s.
/cc @glazychev-art , @anastasia-malysheva May this be related to monitor OPA staff?
from deployments-k8s.
Thanks for the detailed information!
Most likely yes, it is related to OPA for monitoring. But it is not actually an error if you are not using init-container (cmd-nsc-init).
We probably need to rewrite the error message in order not to mislead anyone.
from deployments-k8s.
@glazychev-art Any idea what the root cause might be? I'm not entirely sure why we would be seeing this, do you have a more specific idea?
from deployments-k8s.
@edwarnicke
cmd-nsc does Monitor connections before the Request. This is necessary to take the connection if there was cmd-nsc-init container before.
But as you know, you've implemented an open-policy for monitoring, and it is based on the spiffieID from the Request. But if we did not have an init container, then there were no Requests either. And an authorization error is returned.
But here the problem is different - as I see from the logs, there are many healing errors:
Aug 15 22:00:44.223�[33m [WARN] [id:nsc-858c5dc57-2bf6l-0] [heal:eventLoop] [type:networkService] �[0m(7.1) Data plane is down
Aug 15 22:00:44.223�[37m [DEBU] [id:nsc-858c5dc57-2bf6l-0] [heal:eventLoop] [type:networkService] �[0m(7.2) Reconnect with reselect
need to figure out why this is happening
from deployments-k8s.
That's an interesting scenario where we're trying to run nsc/nse together in the same container.
- Do you have a diagram/scheme/proposal what do you finally get?
- Did ping work for your scenario?
- I think that the problem with authz is related to dp healing. Could you re-test the setup with disabled dp heal https://github.com/networkservicemesh/cmd-nsc/blob/main/internal/config/config.go#L49? (means set env
NSM_ LIVENESS_CHECK_ENABLED=false
)
from deployments-k8s.
@bilgehan-erman
Sorry to keep you waiting
I looked at your setup and logs, and I think I understand what's going on.
The main reason is that the NSC is trying to connect to itself (to its endpoint). By the way, I'm not sure that this is possible due to routing...
But you need a different scenario. I think selectors can help you with this.
I prepared an example according to your last picture:
- nsc1 ---> nsc2
- nsc1 ---> nsc3
- nsc2 ---> nsc3
When I say nsc
I mean nsc+nse on the same pod (like your "node").
I did not make new image, I just added the client and endpoint as different containers in one pod. Most likely yamls can be simplified, I just want to show the idea:
- We can separately declare a network service and specify selectors there (netsvc.yaml).
- We have 3 pods where we label NSEs (
NSM_LABELS: "dst_endpoint:node*"
) - And also specify labels on the NSC, saying who we want to connect to (for example
kernel://icmp-responder/nsm-1-2?dst_endpoint=node2
). Due to the selectors and labels, we will be able to select the desired endploint.
So, to try you need:
- Deploy spire
- Deploy basic NSM
kubectl create ns ns-topology
- Apply kustomize file from
nsc_nse_setup.zip
nsc_nse_setup.zip
(I used the main branch, but I think it will work on 1.5.0 too)
I really hope this helps!
from deployments-k8s.
@glazychev-art thank you very much for looking into this.
I'll try it out your suggestions and see how it goes.
from deployments-k8s.
Related Issues (20)
- about admission-webhook-k8s-5cd8c66698-pwxf7 cause some error
- Question about change-nse-dinamically example HOT 9
- alpine cant use curl with NSM dns HOT 1
- [R&D] Add examples with using VMWare Tanzu HOT 2
- TestK8sMonolithSuite/External_nsc/TestKernel2IP2Kernel is unstable HOT 2
- Multiple services request within ext_client scenario HOT 4
- After component restart there are more interfaces in NSE than expected HOT 3
- NSMgr v1.12.1-rc.1 causes latency spikes at certain traffic level HOT 4
- About nsm deployment
- Help with the policy-based-routing example HOT 5
- Fix CVEs
- CI/CD: Release based updates are not deleting after the merge HOT 1
- Help about nsm HOT 1
- `Update References` commits are not signed and trigger `integration-k8s-kind` CI during releasing HOT 1
- Traffic disturbance 2 minutes after node restart HOT 4
- Question about VPP-forwarder HOT 1
- about nsm install HOT 1
- Implement k8s controller for NSM connections
- Implement k8s controller for NSM endpoints/network services to be able to comfortable work with custom registries in k8s
- admission-webhook-k8s stays in a NonReady state HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deployments-k8s.