search

secretflow / kuscia

Kuscia(Kubernetes-based Secure Collaborative InfrA) is a K8s-based privacy-preserving computing task orchestration framework.
https://www.secretflow.org.cn/docs/kuscia/latest/zh-Hans
Apache License 2.0
70 stars 49 forks source link

通过其他容器与kuscia api交互,却返回unauthorized. #331

Open maclarencn opened 2 months ago

maclarencn commented 2 months ago

Issue Type

Running

Search for existing issues similar to yours

Yes

OS Platform and Distribution

BC linux 8.2

Kuscia Version

0.8.0b0

Deployment

docker

deployment Version

Docker version 24.0.2, build cb74dfc

App Running type

secretflow

App Running version

latest

Configuration file used to run kuscia.

kuscia.yaml在哪里配置?

What happend and What you expected to happen.

从其他容器调用kuscia api:
 export CTR_CERTS_ROOT=/etc
# curl -k -X POST 'https://172.32.173.1:11080/api/v1/job/query' \
 --header "Token: $(cat ${CTR_CERTS_ROOT}/token)" \
 --header 'Content-Type: application/json' \
 --cert ${CTR_CERTS_ROOT}/kusciaapi-server.crt \
 --key ${CTR_CERTS_ROOT}/kusciaapi-server.key \
 --cacert ${CTR_CERTS_ROOT}/ca.crt \
 -d '{
  "job_id": "job-alice-bob-001"
}'

unauthorized.

Kuscia log output.

2024-05-29 17:26:19.198 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[alice/bob-alice] (11.211µs)
2024-05-29 17:26:19.198 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[alice/alice-bob] (32.766µs)
2024-05-29 17:26:19.198 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[bob-alice] (164.626µs)
2024-05-29 17:26:19.202 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[alice-bob] (3.451555ms)
2024-05-29 17:26:20.887 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/alice-table] (44.934µs)
2024-05-29 17:26:20.887 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[bob/alice-table] (2.253µs)
2024-05-29 17:26:20.887 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/bob-table] (6.296µs)
2024-05-29 17:26:20.887 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/alice-dp-table] (40.095µs)
2024-05-29 17:26:20.892 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[bob/domaindatagrant-0bbb68f99f0454e63a29bfed0b9b496e] (22.187µs)
2024-05-29 17:26:20.892 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/domaindatagrant-ab1465f97692a74820fba0f41b2fb6a6] (21.403µs)
2024-05-29 17:26:20.896 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/domaindatagrant-0bbb68f99f0454e63a29bfed0b9b496e] (3.552323ms)
2024-05-29 17:27:20.887 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/alice-table] (66.607µs)
2024-05-29 17:27:20.887 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/alice-dp-table] (27.922µs)
2024-05-29 17:27:20.887 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[bob/alice-table] (3.163µs)
2024-05-29 17:27:20.887 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/bob-table] (10.21µs)
2024-05-29 17:27:20.892 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[bob/domaindatagrant-0bbb68f99f0454e63a29bfed0b9b496e] (20.637µs)
2024-05-29 17:27:20.892 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/domaindatagrant-ab1465f97692a74820fba0f41b2fb6a6] (14.499µs)
2024-05-29 17:27:20.896 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[alice/domaindatagrant-0bbb68f99f0454e63a29bfed0b9b496e] (3.925915ms)
wenkesong-li commented 2 months ago

你好,请描述一下具体遇到的问题~
通过其他容器与kuscia api交互是什么意思呢~

maclarencn commented 2 months ago

你好,请描述一下具体遇到的问题~ 通过其他容器与kuscia api交互是什么意思呢~

当前情况是,kuscia运行于本机的一个容器上: unauthorized.[root@cm-dssn-node1 secu]# docker ps |grep 11080 5faef755e847 secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia "tini -- bin/kuscia …" 4 days ago Up 4 days 0.0.0.0:13081->80/tcp, :::13081->80/tcp, 0.0.0.0:11080->1080/tcp, :::11080->1080/tcp, 0.0.0.0:11081->8082/tcp, :::11081->8082/tcp, 0.0.0.0:13083->8083/tcp, :::13083->8083/tcp root-kuscia-autonomy-alice

本机地址是172.32.173.1

在本机上通过调用kuscia api接口,返回unauthorized.: [root@cm-dssn-node1 secu]# export CTR_CERTS_ROOT=./ [root@cm-dssn-node1 secu]# curl -k -X POST 'https://172.32.173.1:11080/api/v1/job/query' \

--header "Token: $(cat ${CTR_CERTS_ROOT}/token)" \ --header 'Content-Type: application/json' \ --cert ${CTR_CERTS_ROOT}/kusciaapi-server.crt \ --key ${CTR_CERTS_ROOT}/kusciaapi-server.key \ --cacert ${CTR_CERTS_ROOT}/ca.crt \ -d '{ "job_id": "job-alice-bob-001" }' unauthorized.

wenkesong-li commented 2 months ago

你好,你的端口不正确。请使用 11081 端口。详细的kuscia端口介绍可参考下面文档 https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.8.0b0/deployment/kuscia_ports_cn