0

I'm running multiple Spring Boot applications in two different Kubernetes namespaces. Here’s my configuration for all services:

SPRING_CLOUD_KUBERNETES_DISCOVERY_NAMESPACES_0: welcoming
SPRING_CLOUD_KUBERNETES_DISCOVERY_NAMESPACES_1: default
SPRING_CLOUD_KUBERNETES_ENABLED: true
SPRING_CLOUD_KUBERNETES_LOADBALANCER_MODE: SERVICE
SPRING_CLOUD_KUBERNETES_RELOAD_ENABLED: true
SPRING_CLOUD_LOADBALANCER_CACHE_ENABLED: true

When a request is made to retail-onboarding in the welcoming namespace, it uses RestTemplate to call audit-service in the default namespace. However, it returns an error stating that the service ID cannot be found, even though the Kubernetes discovery client lists the service:

2024-07-08T08:51:59.290Z DEBUG [retail-onboarding,,] 1 --- [nio-8080-exec-3] .c.k.f.d.Fabric8DiscoveryServicesAdapter : searching in namespaces : [welcoming, default] with filter : null 

2024-07-08T08:51:59.336Z DEBUG [retail-onboarding,,] 1 --- [io-8080-exec-10] o.s.c.k.f.d.KubernetesDiscoveryClient    : will return services : [retail-onboarding, audit-service, ingress-nginx-controller, ingress-nginx-controller-admission, kubernetes,]

2024-07-08T08:52:22.099Z ERROR [retail-onboarding,,] 1 --- [nio-8080-exec-9] c.b.f.i.a.RunWithoutAuthorizationAspect  : Exception thrown when invoking join point

com.backbase.audit.client.exceptions.InternalServerErrorException: java.lang.IllegalArgumentException: Service Instance cannot be null, serviceId: audit-service                                                                                                                         Caused by: java.lang.IllegalArgumentException: Service Instance cannot be null, serviceId: audit-service

This setup works correctly when I switch to using SPRING_CLOUD_KUBERNETES_DISCOVERY_ALL_NAMESPACES: true

I have also configured the following ClusterRole and ClusterRoleBindings for cross-namespace service discovery:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cross-namespace-service-discovery
rules:
- apiGroups: [""]
  resources: ["pods", "services", "endpoints"]
  verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cross-namespace-service-discovery-binding
subjects:
- kind: ServiceAccount
  name: default
  namespace: welcoming
roleRef:
  kind: ClusterRole
  name: cross-namespace-service-discovery
  apiGroup: rbac.authorization.k8s.io

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cross-namespace-service-discovery-binding
subjects:
- kind: ServiceAccount
  name: default
  namespace: default
roleRef:
  kind: ClusterRole
  name: cross-namespace-service-discovery
  apiGroup: rbac.authorization.k8s.io

What could be causing the service discovery to fail with the specific namespaces setup? How can I ensure that services in welcoming can reliably discover and call services in default namespace?

Any insights or suggestions would be greatly appreciated!

Improve this question
2
  • spring-cloud-kubernetes contributor here. I've also commented on the github issue you opened, without a sample where I can reproduce your issue locally, its going to be impossible to properly answer your question. Do you think you can have one?
    – Eugene
    Commented Jul 9 at 7:41
  • @Eugene I work working on client env, I will create one and share with you shortly
    – Tarun Bharti
    Commented Jul 10 at 8:16
Related questions
3407
What's the problem with "using namespace std;"?
302
How to switch namespace in kubernetes
3
Airflow - KubernetesPodOperator - Role binding a service account
Load 6 more related questions Show fewer related questions

0

Reset to default