Loading...

XML

Word

Printable

Type: Ticket
Resolution: Unresolved
Priority: Undefined
Fix Version/s: OSSM 2.6.6
Affects Version/s: None
Component/s: Istio, Kiali
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

The cluster is a multi-tenant one with plenty of groups, users and many namespaces. The issue seems to be that when the clusterrole cluster-monitoring-view is granted at the cluster scope, Kiali is trying to display namespaces that the user does not have and should not have access to.

From CU's OCP Cluster:

kiali-operator.v1.89.8           Kiali Operator                                   1.89.8     kiali-operator.v1.89.6                      Succeeded
servicemeshoperator.v2.6.4       Red Hat OpenShift Service Mesh                   2.6.4-0    servicemeshoperator.v2.6.2                  Succeeded

[md1dfin1@sqr02ocb01 md1dfin1]$ oc get smcp default-control-plane  -n istio-system -ojson | jq .spec.version
"v2.5"

[md1dfin1@sqr02ocb01 md1dfin1]$ oc get kiali kiali -n istio-system -ojson | jq .spec.version
"v1.73"

Here are the errors from kiali graph view:

deploymentconfigs.apps.openshift.io is forbidden: User "CH1CHOO1" cannot list resource "deploymentconfigs" in API group "apps.openshift.io" in the namespace "isintegration-external-services-sqa"Additional Detail:goroutine 23754 [running]:runtime/debug.Stack()  /usr/lib/golang/src/runtime/debug/stack.go:24 +0x5egithub.com/kiali/kiali/handlers.handlePanic({0x2341420, 0xc013224d38})  /remote-source/app/handlers/graph.go:86 +0x1adpanic({0x1baed80?, 0xc0128bd3b0?})  /usr/lib/golang/src/runtime/panic.go:770 +0x132github.com/kiali/kiali/graph.CheckError(...)  /remote-source/app/graph/util.go:38github.com/kiali/kiali/graph/telemetry/istio/appender.IstioAppender.getIstioComponentWorkloads({0x0?}, {0x202d7f0, 0xf}, 0xc021be9320)  /remote-source/app/graph/telemetry/istio/appender/istio_details.go:372 +0x486github.com/kiali/kiali/graph/telemetry/istio/appender.IstioAppender.getIngressGatewayWorkloads(...)  /remote-source/app/graph/telemetry/istio/appender/istio_details.go:364github.com/kiali/kiali/graph/telemetry/istio/appender.IstioAppender.decorateGateways({0xc021be9380?}, 0xc021be9380, 0xc021be9320, 0xc021be9320?)  /remote-source/app/graph/telemetry/istio/appender/istio_details.go:321 +0x4agithub.com/kiali/kiali/graph/telemetry/istio/appender.IstioAppender.AppendGraph({0x201daa1?}, 0xc021be9380, 0xc021be9320, 0xc00edb9c68)  /remote-source/app/graph/telemetry/istio/appender/istio_details.go:51 +0xa5github.com/kiali/kiali/graph/telemetry/istio.BuildNamespacesTrafficMap({, {}}, {0xc021be8d80, {0x0, {0xc018abfe00, 0x6, 0x6}}, 0x0, 0x1, 0xc021be8cc0, ...}, ...)  /remote-source/app/graph/telemetry/istio/istio.go:80 +0x674github.com/kiali/kiali/graph/api.graphNamespacesIstio({, _}, _, {}, {
{0x202351c, 0x9}, {0x201daa1, 0x5}, {{0xc0205026b3, 0x15}, ...}, ...})  /remote-source/app/graph/api/api.go:52 +0xf0github.com/kiali/kiali/graph/api.GraphNamespaces({{_}, _}, _, {{0x202351c, 0x9}
, {0x201daa1, 0x5}, {
{0xc0205026b3, 0x15}...

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

kiali_with_errors.jpg
182 kB
2025/01/23 9:35 PM
kiali_without_errors.jpg
104 kB
2025/01/23 9:42 PM
kiali_without_errors-1.jpg
104 kB
2025/01/23 9:43 PM
kiali_with_errors-1.jpg
182 kB
2025/01/23 9:43 PM
kiali_graph_error.jpg
185 kB
2025/01/23 9:53 PM
kiali_without_errors-2.jpg
104 kB
2025/01/23 9:54 PM
kiali.yaml
9 kB
2025/01/24 5:29 PM

Assignee:: John Mazzitelli

Reporter:: Moises Enrique Lozano Pereira

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/01/22 8:23 PM

Updated:: 2025/02/05 7:08 PM

Details

Description

Attachments

Attachments

Easy Agile Planning Poker

Activity

People

Dates