You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I was trying the Keto CLI for creating relationship tuple (the create relation-tuples command), but the command didn't seem to work. It just output "context deadline exceed". It looked like the CLI cannot connect with the serve. So, I did a further investigation by testing it with the status command. The output was "NOT_SERVING".
On which operating system are you observing this issue?
macOS
In which environment are you deploying?
Kubernetes with Helm
Additional Context
I am getting context deadline
~ $ keto relation-tuple get --insecure-disable-transport-security (base) 6.8s Thu Jun 29 14:37:50 2023
Error: context deadline exceeded
Usage:
keto relation-tuple get [flags]
Flags:
--authority string Set the authority header for the remote gRPC server.
--format string Set the output format. One of table, json, yaml, json-pretty, jsonpath and jsonpointer. (default "default")
-h, --help help for get
--insecure-disable-transport-security Disables transport security. Do not use this in production.
--insecure-skip-hostname-verification Disables hostname verification. Do not use this in production.
--namespace string Set the requested namespace
--object string Set the requested object
--page-size int32 maximum number of items to return (default 100)
--page-token string page token acquired from a previous response
-q, --quiet Be quiet with output printing.
--read-remote string Remote address of the read API endpoint. (default "127.0.0.1:4466")
--relation string Set the requested relation
--subject-id string Set the requested subject ID
--subject-set string Set the requested subject set; format: "namespace:object#relation"
--write-remote string Remote address of the write API endpoint. (default "127.0.0.1:4467")
Global Flags:
-c, --config strings Config files to load, overwriting in the order specified. (default [/Users/christian/keto.yml])
context deadline exceeded)
The text was updated successfully, but these errors were encountered:
Ory Network Project
No response
Describe the bug
Hi, I was trying the Keto CLI for creating relationship tuple (the create relation-tuples command), but the command didn't seem to work. It just output "context deadline exceed". It looked like the CLI cannot connect with the serve. So, I did a further investigation by testing it with the status command. The output was "NOT_SERVING".
Reproducing the bug
" kind: Deployment
apiVersion: apps/v1
metadata:
name: "keto-service"
namespace: dev
labels:
app: "keto-service"
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: "keto-service"
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: "keto-service"
version: v1
spec:
initcontainers:
- name: keto-service-migrate
image: oryd/keto:v0.11.0-alpha.0
imagePullPolicy: IfNotPresent
command: ["keto"]
args: [ "migrate", "up", "-y", "--config", "/etc/config/keto.yaml" ]
envFrom:
- configMapRef:
name: "keto-service-migrate"
volumeMounts:
- name: keto-config-volume
mountPath: /etc/config
readOnly: true
podSecurityContext:
fsGroupChangePolicy: "OnRootMismatch"
runAsNonRoot: true
runAsUser: 65534
fsGroup: 65534
runAsGroup: 65534
seccompProfile:
type: RuntimeDefault
sysctls: []
supplementalGroups: []
containers:
- name: keto-service
securityContext:
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
allowPrivilegeEscalation: false
privileged: false
seLinuxOptions:
level: "s0:c123,c456"
image: oryd/keto:v0.11.0-alpha.0
imagePullPolicy: IfNotPresent
command: ["keto"]
args: [ "serve", "--config", "/etc/config/keto.yaml" ]
envFrom:
- configMapRef:
name: "keto-service"
volumeMounts:
- name: keto-config-volume
mountPath: /etc/config
readOnly: true
ports:
- name: grpc-write
containerPort: 4467
protocol: TCP
- name: grpc-read
containerPort: 4466
protocol: TCP
- name: http-metrics
containerPort: 4468
protocol: TCP
resources:
requests:
cpu: "300m"
memory: "768Mi"
livenessProbe:
httpGet:
path: /health/alive
port: 4467
httpHeaders:
- name: Host
value: '127.0.0.1'
imagePullSecrets:
- name: "cloud.docker.deployuser"
volumes:
- name: keto-config-volume
configMap:
name: keto-service "
`---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: gateway
namespace: dev
spec:
selector:
istio: ingressgateway
servers:
- hosts:
{{- range .Values.ory_keto_gateway_hosts_list }}
- {{ . | quote }}
{{- end }}
port:
name: http
number: 80
protocol: HTTP2
tls:
httpsRedirect: true
- hosts:
{{- range .Values.ory_keto_gateway_hosts_list }}
- {{ . | quote }}
{{- end }}
port:
number: 443
name: https
protocol: HTTP
tls:
mode: "SIMPLE"
credentialName: "dev-k8s-us-west-2-certificate"
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: keto-metrics
namespace: dev
spec:
hosts:
ory-keto-metrics.dev.exam.com/metrics
gateways:
- ory_keto_service_gateway
http:
- route:
- destination:
host: "keto-service-metrics"
port:
number: 80
corsPolicy:
allowOrigin:
- "*"
allowMethods:
- POST
- GET
- OPTIONS
- PUT
- DELETE
allowHeaders:
- content-type
- authorization
maxAge: 100000000s
exposeHeaders:
- authorization
- content-type
allowCredentials: true
debug: false
enabled: true
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: keto-write
namespace: dev
spec:
hosts:
https://ory-keto-write.dev.exam.com/write
gateways:
- ory_keto_service_gateway
http:
- match:
- uri:
prefix: /write
route:
- destination:
host: "keto-service-write"
port:
number: 80
corsPolicy:
allowOrigin:
- "*"
allowMethods:
- POST
- GET
- OPTIONS
- PUT
- DELETE
allowHeaders:
- content-type
- authorization
maxAge: 100000000s
exposeHeaders:
- authorization
- content-type
allowCredentials: true
debug: false
enabled: true
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: keto-read
namespace: dev
spec:
hosts:
https://ory-keto-read.dev.exam.com/read
- ory_keto_service_gateway
http:
- match:
- uri:
prefix: /read
route:
- destination:
host: "keto-service-read"
port:
number: 80
corsPolicy:
allowOrigin:
- "*"
allowMethods:
- POST
- GET
- OPTIONS
- PUT
- DELETE
allowHeaders:
- content-type
- authorization
maxAge: 100000000s
exposeHeaders:
- content-type
- authorization
allowCredentials: true
debug: false
enabled: true`
`kind: Service
apiVersion: v1
metadata:
name: "keto-service-write"
namespace: dev
labels:
app: "keto-service"
spec:
ports:
- name: write
port: 80
targetPort: 4467
protocol: TCP
appProtocol: grpc
selector:
app: keto-service
`kind: Service
apiVersion: v1
metadata:
name: "keto-service-read"
namespace: dev
labels:
app: "keto-service"
spec:
ports:
- name: grpc-read
port: 80
targetPort: 4466
protocol: TCP
appProtocol: grpc
selector:
app: "keto-service"
`kind: Service
apiVersion: v1
metadata:
name: "keto-service-metrics"
namespace: dev
labels:
app: "keto-service"
spec:
ports:
- name: http-metrics
port: 80
targetPort: 4468
protocol: TCP
selector:
app: "keto-service"
Relevant log output
Relevant configuration
`kind: ConfigMap
apiVersion: v1
metadata:
name: "keto-service-migrate"
namespace: dev
annotations:
helm.sh/hook: pre-install, pre-upgrade
helm.sh/hook-delete-policy: before-hook-creation
helm.sh/hook-weight: '0'
data:
dsn: xyz/ory
"keto.yaml": |
namespaces:
- name: "sample"
id: 1
serve:
metrics:
port: 4468
host: 0.0.0.0
read:
port: 4466
host: 0.0.0.0
write:
port: 4467
host: 0.0.0.0
`kind: ConfigMap
apiVersion: v1
metadata:
name: "keto-service"
namespace: dev
data:
dsn: xyz/ory
"keto.yaml": |
namespaces:
- name: "sample"
id: 1
serve:
metrics:
port: 4468
read:
port: 4466
write:
port: 4467
Version
0.11.0
On which operating system are you observing this issue?
macOS
In which environment are you deploying?
Kubernetes with Helm
Additional Context
I am getting context deadline
~ $ keto relation-tuple get --insecure-disable-transport-security (base) 6.8s Thu Jun 29 14:37:50 2023
Error: context deadline exceeded
Usage:
keto relation-tuple get [flags]
Flags:
--authority string Set the authority header for the remote gRPC server.
--format string Set the output format. One of table, json, yaml, json-pretty, jsonpath and jsonpointer. (default "default")
-h, --help help for get
--insecure-disable-transport-security Disables transport security. Do not use this in production.
--insecure-skip-hostname-verification Disables hostname verification. Do not use this in production.
--namespace string Set the requested namespace
--object string Set the requested object
--page-size int32 maximum number of items to return (default 100)
--page-token string page token acquired from a previous response
-q, --quiet Be quiet with output printing.
--read-remote string Remote address of the read API endpoint. (default "127.0.0.1:4466")
--relation string Set the requested relation
--subject-id string Set the requested subject ID
--subject-set string Set the requested subject set; format: "namespace:object#relation"
--write-remote string Remote address of the write API endpoint. (default "127.0.0.1:4467")
Global Flags:
-c, --config strings Config files to load, overwriting in the order specified. (default [/Users/christian/keto.yml])
context deadline exceeded)
The text was updated successfully, but these errors were encountered: