Uploaded image for project: 'Network Observability'
  1. Network Observability
  2. NETOBSERV-857

After some time, it fails to retrieve flows

    • False
    • None
    • False
    • NetObserv - Sprint 232, NetObserv - Sprint 233
    • Critical

      After 2+ hours, Network Observability is unable to retrieve flows anymore. It reports an error where it no longer recognizes the server cert (see attachment). To reproduce,

      1. Install Loki Operator 5.6.
      2. Create a LokiStack.
      3. Install Network Observability Operator 1.0.0.
      4. Create a FlowCollector. Configure the tls section as follows:

        tls
          caCert
            certFile: service-ca.crt
            name: lokistack-gateway-ca-bundle
            type: configmap
          X enable
      

      Leave insecureSkipVerify disabled.

      5. Leave it running for 2+ hours.

      This is consistently reproducible.

      Workarounds:

      • Enable insecureSkipVerify. It now works. Even if you change it back to disable, it still works!
      • Delete FlowCollector and create a new one. The flows start working again.

        1. image-2023-03-07-13-47-54-219.png
          137 kB
          Mehul Modi
        2. screenshot-1.png
          189 kB
          Mehul Modi
        3. Screenshot from 2023-01-30 14-18-30-auth_issue.png
          182 kB
          Steven Lee

              jpinsonn@redhat.com Julien Pinsonneau
              stlee@redhat.com Steven Lee
              Mehul Modi Mehul Modi
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: