secretpad icon indicating copy to clipboard operation
secretpad copied to clipboard
verified publisher icon secretflow

secretpad添加合作节点后通讯状态不可用

Open 92-yh opened this issue 1 month ago • 3 comments

Issue Type

Install/Deploy

Have you searched for existing documents and issues?

Yes

OS Platform and Distribution

centos linux/arm64

All_in_one Version

secretpad-0.12.0b0

Kuscia Version

0.13.0b0

What happend and What you expected to happen.

我在K8S中部署了2个namespace,采用runK与P2P模式在2个namespace分别部署了2套kuscia和secretpad的环境,kuscia的部署按照如下网页方案(https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.13.0b0/deployment/K8s_deployment_kuscia/K8s_p2p_cn)但是我没有创建创建 autonomy-alice、autonomy-bob 之间的授权(因为之前的环境配置了授权操作后,就没办法添加合作节点了),而secretpad我采用了如下configMap的配置加载环境变量:
export SPRING_PROFILES_ACTIVE=p2p
export NODE_ID=autonomy-alice
export DEPLOY_MODE=MPC
export KUSCIA_PROTOCOL=notls
export KUSCIA_API_ADDRESS=kuscia-autonomy-alice
export KUSCIA_API_PORT=8083
export INST_NAME=STARLINK_INST
export SECRETPAD_USER_NAME=admin
export SECRETPAD_PASSWORD=admin123


最后我通过前端访问secretpad网页在2个节点都创建了对应的合作节点后,通讯状态显示不可用

Log output.

如下所示2个namespace下的svc类似如下:
Image

而我在secretpad页面展示这样:

Image

在autonomy-alice/kuscia-autonomy-alice的pod里执行指令如下:

Image

在autonomy-bob/kuscia-autonomy-bob的pod里执行指令如下:

Image

92-yh avatar Nov 21 '25 10:11 92-yh

然后在autonomy-alice/kuscia-autonomy-alice的pod里执行指令如下:

bash-5.2# kubectl get cdr autonomy-alice-autonomy-bob -o yaml apiVersion: kuscia.secretflow/v1alpha1 kind: ClusterDomainRoute metadata: creationTimestamp: "2025-11-21T10:30:43Z" generation: 2 labels: kuscia.secertflow/domainroute-partner: autonomy-bob kuscia.secretflow/clusterdomainroute-destination: autonomy-bob kuscia.secretflow/clusterdomainroute-source: autonomy-alice name: autonomy-alice-autonomy-bob resourceVersion: "8060" uid: c297a00f-0f1a-49f8-8a8b-f7112d8afcb8 spec: authenticationType: Token destination: autonomy-bob endpoint: host: 192.168.130.243 ports: - name: http port: 31326 protocol: HTTP source: autonomy-alice tokenConfig: destinationPublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQXg2MXZ0YkIrUnBmWlJUaFpkdWFoNUIzdnFvYm82bmJ2SVN0anA0UjB5ZWNYRExjbE5lM1oKM2VrcGl2K2xWakxyUytOempFVi9vZFU2TUphNUpRTjlxcXZ2Zk0rMU5hNTg4VFZUYjM4NUV6dnJSMHFiWklRZgpNTGFGdVlUYndpTncxR0pnbC9FZUh5V0c4NEFnNkdvcUhSSkdMTFkyZVhqUGVpUUllWlpqMUt0MTJnRHNMeU1tCldrSkN2S2lKL25aTmUyVG5kb3cwd2liWXdsc0JESjZzV05OVEhhNmh6NmIzQ2xJcWJudjMwVUZNREhzWGZrZ2UKWHFCM1IwSnIxa20wOFNEWGwwM01uTEh2c1M0UEw4QzcrRkZoa3ZTL2Y3ZG53Rmt1NjNDK3gzTU9xRXdaUHdiSQp5dU1Meno1alNINWs5ZXFGYlh2L0tYSlNWYkJqWGxqZjRRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K rollingUpdatePeriod: 0 sourcePublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQWpSVzd5VzdvWWdCbDRtRmlMSDJGZlVrVlA2SkxPbzE2M2VRVko4ZUkwYWl3cVpNY2pSRDEKbWNZWktLamlNT0hCbG9mWG9lQmFUTi9FdFMraGIzNElYT3ZZbmFyanV0YmNZTVdyYTFQUmN5TjdBVlFXbkhQcwpzcjVjR25ZL1lkbUNzU1hrdFJ5ZDVGcFNaRTM1Um44N0pSWHlqc3YvMUd6Z2RjcjB5K1FoR0g3N1ZYRklIWFpuClJUaE5aUGJTNjkxeUQ1WVBuUldqdnFZZjBySFFVVnBSckVQTE95ZGlwaHpvb3NWK251Z1V3T3FST1JYdjdVVmUKdVcvUnFRT1VzVGZmbU1uVlNBSDdwRW1yQ3dpb1dxakRpWElZdTdMMnhSeTdJVXNweVB1RlFJaHloNjdpOGZyNQo4L1ZSdnpUZjdWMlo0cHhXeGFMWVhRRW9pazdWdWl2eTJRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K tokenGenMethod: RSA-GEN status: conditions:

  • lastTransitionTime: "2025-11-21T10:52:32Z" lastUpdateTime: "2025-11-21T10:52:32Z" message: TokenNotGenerate reason: DestinationIsNotAuthrized status: "False" type: Ready endpointStatuses: kuscia-autonomy-alice-5b79c9fb7d-cgq6r-http: endpointHealthy: true tokenStatus: {}

92-yh avatar Nov 21 '25 10:11 92-yh

采用https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.13.0b0/deployment/K8s_deployment_kuscia/K8s_p2p_cn中

Image 可以链接了,但是现在还有个问题: alice的节点所在的a机构创建了项目后,需要bob节点所在的b机构受邀了,但是在b机构的secretpad没有收到受邀消息

92-yh avatar Nov 23 '25 04:11 92-yh

看起来是kuscia 和pad通讯存在问题。 可以按照:https://github.com/secretflow/secretflow/issues/1927 配置下kuscia 访问pad 的svc

wangzul avatar Nov 24 '25 02:11 wangzul