-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
None
-
None
-
False
-
None
-
False
-
-
-
NetObserv - Sprint 243, NetObserv - Sprint 244, NetObserv - Sprint 245, NetObserv - Sprint 246, NetObserv - Sprint 247, NetObserv - Sprint 248, NetObserv - Sprint 249, NetObserv - Sprint 250, NetObserv - Sprint 251, NetObserv - Sprint 252, NetObserv - Sprint 253, NetObserv - Sprint 254, NetObserv - Sprint 255
source: https://github.com/netobserv/network-observability-operator/discussions/431
In multi-tenant mode, when a non-admin user has access to many namespaces, Loki returns an error: "input size too long". This is because the loki gateway injects namespaces in query, which is limited in size.
A mitigation is possible by implementing Loki operator new feature "fine-grained access to logs" : https://github.com/openshift/enhancements/blob/28da5918d5e6b07f96b18341c3f4de63a35cb423/enhancements/cluster-logging/fine-grained-per-namespace-logs-access.md
It's not a fix, just a workaround: users would be able to declare per-namespace role bindings, limiting the number of allowed namespaces , hence avoiding this error.
Note: if you're having the same problem with cluster-admin users, please check https://access.redhat.com/solutions/7018952 or https://github.com/netobserv/documents/blob/main/loki_operator.md#loki-input-size-too-long-error
- links to