Comments (11)
casbin-bot
commented on June 18, 2024
@ashish493 @ComradeProgrammer @sagilio
from k8s-authz.
hsluoyz
commented on June 18, 2024
from k8s-authz.
Jhoooope
commented on June 18, 2024
You can check whether your deployed casbin can work normally.
from k8s-authz.
hsluoyz
commented on June 18, 2024
from k8s-authz.
ashish493
commented on June 18, 2024
Hi @RunnSC , In the gen-cert.sh prompt, you can fill your organization details where you will be deploying the middleware. The prompt for those details is a process for creating SSL certficates which would then generate a certificate for your organization with the above details.
Error from server (Invalid): error when creating "deployment.yaml": Deployment.apps "casbin" is invalid: [spec.selector: Required value, spec.template.metadata.labels: This error occurs because of missing selector label in spec. I just created a PR - #26 for this fix.
Error from server (BadRequest): error when creating "deployment.yaml" This error occurs because of insufficient data at kind: ValidatingWebhookConfiguration. This is most likely beacuse of not generating certificates prior to applying this deployment. You can try completing the gen-cert.sh process and then try applying the deployment.yaml again.
from k8s-authz.
Shivansh-yadav13
commented on June 18, 2024
hello @ashish493, I'm new with this and running minikube so can you tell me how can I test this? what would I be filling in Common Name (FQDN) field?
I just want to use this for testing only rn.
from k8s-authz.
ashish493
commented on June 18, 2024
@Shivansh-yadav13 If your minikube is up and running you can try to create multiple pods, nodes etc. Then you can start defining roles for accessing of those resources in the casbin policy.csv file.
You can put "localhost" in Common name. You can also check this link to create SSL certificates for localhost.
from k8s-authz.
Shivansh-yadav13
commented on June 18, 2024
@ashish493 thanks for the reply
after doing that I'm facing this issue
error: error validating "deployment.yaml": error validating data: [ValidationError(ValidatingWebhookConfiguration.webhooks[0]): missing required field "sideEffects" in io.k8s.api.admissionregistration.v1.ValidatingWebhook, ValidationError(ValidatingWebhookConfiguration.webhooks[0]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.ValidatingWebhook]; if you choose to ignore these errors, turn validation off with --validate=false
from k8s-authz.
ashish493
commented on June 18, 2024
@Shivansh-yadav13 There might be some changes done by k8s in the newer versions. I think this issue arrised while migrating k8s api from v1beta1 to v1. Could you try the steps with the below yaml file? You can replace it with the deployment.yaml file under mainfests. I will try to create a PR later for this issue if I get some time.
apiVersion: apps/v1
kind: Deployment
metadata:
name: casbin
namespace: default
labels:
name: casbin
spec:
replicas: 1
selector:
matchLabels:
name: casbin
template:
metadata:
name: casbin
labels:
name: casbin
spec:
containers:
- name: webhook
image: k8s_authz:latest
imagePullPolicy: Always
volumeMounts:
- name: webhook-certs
mountPath: certs
readOnly: true
- name: logs
mountPath: /tmp
securityContext:
readOnlyRootFilesystem: true
volumes:
- name: webhook-certs
secret:
secretName: authz
- name: logs
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: casbin
namespace: default
labels:
name: casbin
spec:
ports:
- name: webhook
port: 443
targetPort: 8080
selector:
name: casbin
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: casbin
webhooks:
- name: casbin.org
clientConfig:
service:
name: server
namespace: default
path: "/validate"
caBundle: "${CA_BUNDLE}"
rules:
- operations: ["*"]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["*/*"]
admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None
failurePolicy: Fail
timeoutSeconds: 5
from k8s-authz.
Shivansh-yadav13
commented on June 18, 2024
Error from server (BadRequest): error when creating "deployment.yaml": ValidatingWebhookConfiguration in version "v1" cannot be handled as a ValidatingWebhookConfiguration: illegal base64 data at input byte 0
from k8s-authz.
hsluoyz
commented on June 18, 2024
Closed as stale.
from k8s-authz.
Related Issues (15)
- The automated release is failing 🚨 HOT 1
- Fix the coverage badge HOT 2
- Make an authorization plugin/middleware for kubernetes (k8s) HOT 4
- Add unit tests to improve test coverage
- Add this k8s-authz middleware to the official list HOT 4
- Fail to run docker build HOT 4
- link 404 error HOT 2
- error: error validating "deployment.yaml": error validating data: [ValidationError(ValidatingWebhookConfiguration.webhooks[0]): missing required field "sideEffects" in io.k8s.api.admissionregistration.v1.ValidatingWebhook, ValidationError(ValidatingWebhookConfiguration.webhooks[0]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.ValidatingWebhook]; if you choose to ignore these errors, turn validation off with --validate=false HOT 1
- 1 dispatcher.go:129] Failed calling webhook, failing open casbin.default.svc: failed calling webhook "casbin.default.svc": Post "https://casbin.default.svc:443/validate?timeout=5s": x509: certificate is not valid for any names, but wanted to match casbin.default.svc HOT 5
- http: TLS handshake error from 192.168.1.41:24206: remote error: tls: bad certificate HOT 2
- export CA_BUNDLE=$(cat certs/ca.crt | base64 | tr -d '\n') cat deployment.yaml | envsubst > deployment.yaml HOT 1
- Integrate Casbin into KubeSphere HOT 6
- Add GitHub Actions CI to run the tests HOT 2
- GitHub Actions Run failed: Go - master (3560551) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s-authz.