GithubHelp home page GithubHelp logo

Comments (11)

casbin-bot avatar casbin-bot commented on June 18, 2024

@ashish493 @ComradeProgrammer @sagilio

from k8s-authz.

hsluoyz avatar hsluoyz commented on June 18, 2024

@Jhoooope

from k8s-authz.

Jhoooope avatar Jhoooope commented on June 18, 2024

You can check whether your deployed casbin can work normally.

from k8s-authz.

hsluoyz avatar hsluoyz commented on June 18, 2024

@ashish493

from k8s-authz.

ashish493 avatar ashish493 commented on June 18, 2024

Hi @RunnSC , In the gen-cert.sh prompt, you can fill your organization details where you will be deploying the middleware. The prompt for those details is a process for creating SSL certficates which would then generate a certificate for your organization with the above details.

Error from server (Invalid): error when creating "deployment.yaml": Deployment.apps "casbin" is invalid: [spec.selector: Required value, spec.template.metadata.labels: This error occurs because of missing selector label in spec. I just created a PR - #26 for this fix.

Error from server (BadRequest): error when creating "deployment.yaml" This error occurs because of insufficient data at kind: ValidatingWebhookConfiguration. This is most likely beacuse of not generating certificates prior to applying this deployment. You can try completing the gen-cert.sh process and then try applying the deployment.yaml again.

from k8s-authz.

Shivansh-yadav13 avatar Shivansh-yadav13 commented on June 18, 2024

hello @ashish493, I'm new with this and running minikube so can you tell me how can I test this? what would I be filling in Common Name (FQDN) field?
I just want to use this for testing only rn.

from k8s-authz.

ashish493 avatar ashish493 commented on June 18, 2024

@Shivansh-yadav13 If your minikube is up and running you can try to create multiple pods, nodes etc. Then you can start defining roles for accessing of those resources in the casbin policy.csv file.

You can put "localhost" in Common name. You can also check this link to create SSL certificates for localhost.

from k8s-authz.

Shivansh-yadav13 avatar Shivansh-yadav13 commented on June 18, 2024

@ashish493 thanks for the reply
after doing that I'm facing this issue

error: error validating "deployment.yaml": error validating data: [ValidationError(ValidatingWebhookConfiguration.webhooks[0]): missing required field "sideEffects" in io.k8s.api.admissionregistration.v1.ValidatingWebhook, ValidationError(ValidatingWebhookConfiguration.webhooks[0]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.ValidatingWebhook]; if you choose to ignore these errors, turn validation off with --validate=false

errrr

from k8s-authz.

ashish493 avatar ashish493 commented on June 18, 2024

@Shivansh-yadav13 There might be some changes done by k8s in the newer versions. I think this issue arrised while migrating k8s api from v1beta1 to v1. Could you try the steps with the below yaml file? You can replace it with the deployment.yaml file under mainfests. I will try to create a PR later for this issue if I get some time.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: casbin
  namespace: default
  labels:
    name: casbin
spec:
  replicas: 1
  selector:
    matchLabels:
      name: casbin
  template:
    metadata:
      name: casbin
      labels:
        name: casbin
    spec:
      containers:
        - name: webhook
          image: k8s_authz:latest
          imagePullPolicy: Always
          volumeMounts:
            - name: webhook-certs
              mountPath: certs
              readOnly: true
            - name: logs
              mountPath: /tmp
          securityContext:
            readOnlyRootFilesystem: true
      volumes:
        - name: webhook-certs
          secret:
            secretName: authz
        - name: logs
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: casbin
  namespace: default
  labels:
    name: casbin
spec:
  ports:
  - name: webhook
    port: 443
    targetPort: 8080
  selector:
    name: casbin 
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: casbin
webhooks:
  - name: casbin.org
    clientConfig:
      service:
        name: server
        namespace: default
        path: "/validate"
      caBundle: "${CA_BUNDLE}"
    rules:
      - operations: ["*"]
        apiGroups: [""]
        apiVersions: ["v1"]
        resources: ["*/*"]
    admissionReviewVersions: ["v1", "v1beta1"]
    sideEffects: None    
    failurePolicy: Fail
    timeoutSeconds: 5

from k8s-authz.

Shivansh-yadav13 avatar Shivansh-yadav13 commented on June 18, 2024
Error from server (BadRequest): error when creating "deployment.yaml": ValidatingWebhookConfiguration in version "v1" cannot be handled as a ValidatingWebhookConfiguration: illegal base64 data at input byte 0

from k8s-authz.

hsluoyz avatar hsluoyz commented on June 18, 2024

Closed as stale.

from k8s-authz.

Related Issues (15)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.