Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-10015

Creation of NetworkPolicy is required when using Distributed Tracing UIPlugin with OSSM

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • OSSM 2.6.8
    • Documentation, Kiali, Tracing
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      Description:

       It has been advised in OSSM docs to include the namespace containing OpenTelemetryCollector in ServiceMeshMemberRoll.

      I cam across a situation where end users tend to keep TempoStack and OpenTelemetryCollector in same namespace and they added the namespace in SMMR resource as well. Because of this, querying of traces returns timeout because all of the traffic is denied by default. 

      It would be better to have a section of documentation to allow connections from openshift-cluster-observability-operator as DistributedTracing UIPlugin runs in that namespace. Below NetworkPolicy needs to be created to fix the same:

      apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-from-openshift-observability-operator
  namespace: tracing-system  // Namespace containing tempostack and otelcol
spec:
  podSelector: {}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: openshift-cluster-observability-operator

       

      Documentation:

       [-]https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/service_mesh/index#ossm-overview-distr-tracing_observability 

              Unassigned Unassigned
              rhn-support-dgautam Dhruv Gautam
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: