David Nilsdotter
04/25/2023, 1:52 PMhelm install cerbos cerbos/cerbos --version=0.26.0
, the installation goes through and I'm able to access the API documentation on the endpoint in the browser.
To be able to test policy requests, I want to serve policies from a public S3 bucket, and added a config file as described here https://docs.cerbos.dev/cerbos/latest/installation/helm.html, but with the following configuration:
cerbos:
config:
server:
httpListenAddr: :3592
grpcListenAddr: :3593
adminAPI:
adminCredentials:
passwordHash: <password-hash>
username: cerbos
enabled: true
log:
level: info
storage:
driver: s3
blob:
bucket: s3://<bucket-name>?region=eu-west-1
updatePollInterval: 10s
downloadTimeout: 30s
I tried the following:
• helm upgrade cerbos cerbos/cerbos --version=0.26.0 --values=config.yaml
-> This does nothing. It states the upgrade is successful, but nothing changes and Cerbos does not seem to read the policy. The API documentation is still available.
• helm uninstall cerbos
helm install cerbos cerbos/cerbos --version=0.26.0 --values=config.yaml
-> This breaks the system, and the ingress returns 503 when trying to access the API documentation.
• Rerunning helm uninstall cerbos
helm install cerbos cerbos/cerbos --version=0.26.0
restores the API access.
A couple of things:
• How / can I upgrade an existing cerbos service using helm in the cluster, and if so, what is the process for this?
• How can I read / access the deployment logs, if something does not goes well?
• What could be the issue here? Am I missing some required configurations?Charith (Cerbos)
04/25/2023, 2:16 PMhelm upgrade
. You can find the logs using kubectl logs -f svc/cerbos -n YOUR_NAMESPACE
and inspect the deployment using kubectl describe deployment cerbos -n YOUR_NAMESPACE
helm history cerbos -n YOUR_NAMESPACE
David Nilsdotter
04/25/2023, 2:29 PMAWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
it probably will solve the issue.Charith (Cerbos)
04/25/2023, 2:34 PMDavid Nilsdotter
04/25/2023, 2:35 PM/admin/policy
returns
{
"code": 12,
"message": "Admin service is disabled by the configuration"
}
Charith (Cerbos)
04/25/2023, 2:42 PMkubectl get cm cerbos -o yaml -n YOUR_NAMESPACE
?David Nilsdotter
04/25/2023, 2:55 PMuninstall
and install
again, and checked the logs. Then I was able to identify the issues. There were a couple actually:
• log
is not a valid property for server.
• s3
is not a valid driver.
• missing authentication
(without AWS credentials)Charith (Cerbos)
04/25/2023, 2:56 PMblob
.David Nilsdotter
04/25/2023, 2:57 PMCharith (Cerbos)
04/25/2023, 2:58 PM