菲亚特服务未能在kubernetes上的大三角帆分布式部署中进行就绪调查

时间:2019-01-13 04:02:55

标签: redis kubernetes ldap spinnaker

我能够在Kubernetes上部署大三角帆并启用LDAP身份验证。但是,当我使用自定义fiat.yml文件启用authz时,法定服务会启动,但准备就绪探针会失败。

注意:在Ubuntu vm上部署时,相同的配置可以工作。

在启用授权之前,部署成功。启用authz时,将部署自旋连接容器,但未通过就绪探针。以下是我在旋转菲亚特豆荚的日志中看到的错误,看起来好像无法查询Redis。为了测试连接,我将Redis安装在法定容器中,并且能够使用spin-redis.spinnaker:6379地址访问Redis服务。似乎在Redis中找不到unrestricted_user密钥。

日志:

 ERROR 1 — [ main] c.n.s.f.p.RedisPermissionsRepository :  Storage
 exception reading unrestricted_user entry.  Caused by:
 java.net.ConnectException: Connection refused (Connection refused) at
 java.net.PlainSocketImpl.socketConnect(Native Method) at
 java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at
 java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at
 java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at
 java.net.Socket.connect(Socket.java:589) at
redis.clients.jedis.Connection.connect(Connection.java:184)…
redis.clients.jedis.exceptions.JedisConnectionException: Could not get a resource from the pool at
redis.clients.util.Pool.getResource(Pool.java:53) at
redis.clients.jedis.JedisPool.getResource(JedisPool.java:226) at
redis.clients.jedis.JedisPool.getResource(JedisPool.java:16) ERROR 1 —
[ main] c.n.s.f.p.RedisPermissionsRepository :  Storage exception
reading unrestricted_user entry.  Caused by:
java.net.ConnectException: Connection refused (Connection refused) at
java.net.PlainSocketImpl.socketConnect(Native Method) at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at
java.net.Socket.connect(Socket.java:589) at
redis.clients.jedis.Connection.connect(Connection.java:184)

自定义fiat.yml文件,当在Ubuntu上部署时可以运行

auth:<br>
groupMembership:<br>
service: ldap<br>
ldap:<br>
enabled: true<br>
url: ldap:///DC=<>,DC=<><br>
managerDn: CN=<>,OU=<>,DC=<>,DC=<><br>
managerPassword: <br>
userSearchBase:<br>
userSearchFilter: (sAMAccountName={0})<br>
groupSearchBase: OU=BaseGroups<br>
groupSearchFilter: (member={0})<br>
groupRoleAttribute: cn<br>

0 个答案:

没有答案
相关问题
最新问题