https://linen.dev logo
Join Slack
Powered by
This message was deleted.
# opal
s
This message was deleted.
o
Hi @Abdullah Al Rifat, can you send us the logs?
No, the client can be anywhere, seems like a networking issue, you can start by checking with curl / wget, that you have routing and access from the client to the server. Anyway with the logs we will be smarter
a
i can make curl request to opal-server and it runs well locally.
o
hey @Abdullah Al Rifat - can you also send us the logs from opal-server? thanks!
a
there is no change in the opal-server logs 2023-01-03T152032.062502+0700 | opal_common.sources.git_policy_source | INFO | No new commits: HEAD is at '80c6b485d77d040ab69ef660222bedf0136cc1a8' 2023-01-03T152102.064289+0700 | opal_common.sources.git_policy_source | INFO | Pulling changes from remote: 'origin' the requests are not passing to opal-server yet.
o
If you can't see the failing requests in the server logs, I would suspect some networking issue in between (firewalls, or the port not being properly exposed). Can you confirm that you can't see the 403s in opal-server?
a
@Ori Shavit can you help me with correct way of configuring on kubernetes? ingress
Copy code
apiVersion: <http://networking.k8s.io/v1|networking.k8s.io/v1>
kind: Ingress
metadata:
  name: ingress-opal-host
  namespace: opal
spec:
  rules:
  - host: "<http://opal.server.private.network.is|opal.server.private.network.is>"
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: opal-server
            port:
              number: 7002
deployment
Copy code
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: kompose convert
    kompose.version: 1.27.0 (HEAD)
  creationTimestamp: null
  labels:
    app: opal-server
  name: opal-server
  namespace: opal
spec:
  replicas: 1
  selector:
    matchLabels:
      app: opal-server
  strategy: {}
  template:
    metadata:
      annotations:
        kompose.cmd: kompose convert
        kompose.version: 1.27.0 (HEAD)
      creationTimestamp: null
      labels:
        app: opal-server
    spec:
      containers:
        - env:
            - name: OPAL_AUTH_MASTER_TOKEN
              value: '<OPAL_AUTH_MASTER_TOKEN>'
            - name: OPAL_AUTH_PRIVATE_KEY
              value: '<OPAL_AUTH_PRIVATE_KEY>'
            - name: OPAL_AUTH_PUBLIC_KEY
              value: '<OPAL_AUTH_PUBLIC_KEY>'
            - name: OPAL_DATA_CONFIG_SOURCES
              value: '<OPAL_DATA_CONFIG_SOURCES>'
            - name: OPAL_POLICY_REPO_MAIN_BRANCH
              value: '<OPAL_POLICY_REPO_MAIN_BRANCH>'
            - name: OPAL_POLICY_REPO_POLLING_INTERVAL
              value: '<OPAL_POLICY_REPO_POLLING_INTERVAL>'
            - name: OPAL_POLICY_REPO_SSH_KEY
              value: '<OPAL_POLICY_REPO_SSH_KEY>'
            - name: OPAL_POLICY_REPO_URL
              value: '<OPAL_POLICY_REPO_URL>'
            - name: PORT
              value: "7002"
            - name: TZ
              value: Asia/Bangkok
            - name: UVICORN_NUM_WORKERS
              value: "1"
          image: opal_image:<OPAL_SERVER_VERSION>
          name: opal-server
          ports:
            - name: "http"
              protocol: TCP
              containerPort: 7002
          resources:
            limits:
              cpu: "2"
              memory: 2Gi
            requests:
              cpu: "1"
              memory: 1Gi
      restartPolicy: Always
status: {}
service
Copy code
apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: kompose convert
    kompose.version: 1.27.0 (HEAD)
  creationTimestamp: null
  labels:
    app: opal-server
  name: opal-server
  namespace: opal
spec:
  ports:
    - name: "http"
      port: 7002
      targetPort: 7002
  selector:
    app: opal-server
status:
  loadBalancer: {}
o
Can I see the full logs from opal-server?
Open in Slack
PreviousNext
Powered by