search

AliyunContainerService / kube-eventer

kube-eventer emit kubernetes events to sinks
Apache License 2.0
1k stars 275 forks source link

failed to put events to sls,because of Aliyun API Error: Status Code: 401 Code: Unauthorized Message: denied by sts or ram, action: log:PostLogStoreLogs, #193

Closed czhfe closed 3 years ago

czhfe commented 3 years ago

使用sls做为sink,部署好以后报如下错误: failed to put events to sls,because of Aliyun API Error: Status Code: 401 Code: Unauthorized Message: denied by sts or ram, action: log:PostLogStoreLogs

我使用的是阿里云主账号的AcessKey ID,这是不应该会出现权限问题的,请问一下这是哪块出问题了

NUCsimple commented 3 years ago

请问您的集群是托管集群还是专有集群呢? @czhfe

czhfe commented 3 years ago

托管版集群拿来测的

czhfe commented 3 years ago

image 另外我 本地虚机自建集群拿来测试报这个错,貌似使用阿里云私有网络访问了,我把internal参数设置了false也没用

NUCsimple commented 3 years ago

请问您用的是本地构建的测试镜像,是吧? @czhfe

czhfe commented 3 years ago

假设您用的是本地构建的测试镜像,是吧?@czhfe

不是的,使用的是这个示例里面的那个镜像,registry.aliyuncs.com/acs/kube-eventer-amd64:v1.2.0-484d9cd-aliyun

另外我在本地把代码拉下来,使用master分支最新代码编译,然后测试也存在问题

NUCsimple commented 3 years ago

集群版本是多少呢? @czhfe

czhfe commented 3 years ago

1.18和1.20都测试过

NUCsimple commented 3 years ago

可以贴下Yaml吗?

czhfe commented 3 years ago

apiVersion: v1 kind: ServiceAccount metadata: name: kube-eventer namespace: kube-system labels: helm.sh/chart: kube-eventer-0.1.0 app.kubernetes.io/name: kube-eventer app.kubernetes.io/instance: kube-eventer k8s-app: kube-eventer app.kubernetes.io/version: "1.2.0" app.kubernetes.io/managed-by: Helm

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kube-eventer rules:

NUCsimple commented 3 years ago

@czhfe 可以参考这个PR重新配置下eventer的yaml。 https://github.com/AliyunContainerService/kube-eventer/pull/194

czhfe commented 3 years ago

@czhfe 可以参考这个PR重新配置下eventer的yaml。

194

好的,这应该是换了个镜像吧,其它的应该没太大问题

NUCsimple commented 3 years ago

挂载了一个配置权限的token @czhfe

czhfe commented 3 years ago

挂载了一个配置权限的token @czhfe

我还是用的master分支的那个例子,然后换了镜像,换成你上面提到的registry-vpc.cn-shanghai.aliyuncs.com/acs/kube-eventer-amd64:v1.2.4-0f5aaee-aliyun 镜像,那这应该是之前代码遗留的问题

NUCsimple commented 3 years ago

OK

NUCsimple commented 3 years ago

@czhfe 没问题的话,这个issue就先close了。

czhfe commented 3 years ago

@czhfe 没问题的话,这个issue就先close了。

OK

NUCsimple commented 3 years ago

@ringtail FYI

czhfe commented 3 years ago

@NUCsimple 大佬,上面还有一个问题,就是使用本地虚机自建集群,会出现网络不通的情况,访问到阿里去私网去了,internal参数已经设置了false

NUCsimple commented 3 years ago

@czhfe 可以发我下完整的sink吗?

czhfe commented 3 years ago

@czhfe 可以发我下完整的sink吗?

sls:https://sls.aliyuncs.com?project=k8slogs-test&logStore=k8s-event-test&topic=huis-test&internal=false

另外AccessKeyId、AccessKeySecret和RegionId是通过Deployment部署模板的env进行配置

NUCsimple commented 3 years ago

@czhfe 看起来配置没有问题,虚机网络正常吗?

czhfe commented 3 years ago

@czhfe 看起来配置没有问题,虚机网络正常吗?

虚拟机网络是正常的,能访问到公网,但不知道为什么,kube-eventer走的阿里云内网地址访问sls了,我已经把internal设置了false,但不起作用

NUCsimple commented 3 years ago

是用的registry.aliyuncs.com/acs/kube-eventer-amd64:v1.2.0-484d9cd-aliyun这个镜像还是? @czhfe

czhfe commented 3 years ago

是用的registry.aliyuncs.com/acs/kube-eventer-amd64:v1.2.0-484d9cd-aliyun这个镜像还是? @czhfe

registry.aliyuncs.com/acs/kube-eventer-amd64:v1.2.0-484d9cd-aliyun和registry.aliyuncs.com/acs/kube-eventer-amd64:v1.2.4-0f5aaee-aliyun 都测试过,都存在这个问题

NUCsimple commented 3 years ago

@czhfe 已经找到问题所在,近期我们修复下

czhfe commented 3 years ago

@czhfe 已经找到问题所在,近期我们修复下

好的

NUCsimple commented 3 years ago

@czhfe 可以用1314520999/kube-eventer:v1.2.0-d169962-aliyun试下,我这边用这个测试是OK的