Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-9611

OCP 4.18.3 - Kiali (OSSM) cannot visualize MTLS traffic and does not show all flows

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • None
    • Kiali, Tracing
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      • Deploy openshift cluster running 4.18
      • Install operators:
        • kiali: 2.4.4
          0.119.0-2 --> telemetry
          servicemesh -> 3.0.1
          tempo: 0.15.4-1
      • Deploy bookinfo demo application
      • Configure MTLS traffic for traffic flows for test flow
      • Curl from external traffic --> observe that traffic IS visualized in kiali (but does not show MTLS locks regardless of "security" display toggle
      • Curl from inside a container to another internal endpoint as part of the same MTLS chain --> observe that traffic is NOT visualized at all. (Confirm that traffic does progress through the gateway and is showing up at the endpoint, and MTLS is enabled)
      • Suspect an issue with visualization and tracing rules.
      Show
      Deploy openshift cluster running 4.18 Install operators: kiali: 2.4.4 0.119.0-2 --> telemetry servicemesh -> 3.0.1 tempo: 0.15.4-1 Deploy bookinfo demo application Configure MTLS traffic for traffic flows for test flow Curl from external traffic --> observe that traffic IS visualized in kiali (but does not show MTLS locks regardless of "security" display toggle Curl from inside a container to another internal endpoint as part of the same MTLS chain --> observe that traffic is NOT visualized at all. (Confirm that traffic does progress through the gateway and is showing up at the endpoint, and MTLS is enabled) Suspect an issue with visualization and tracing rules.
    • Critical
    • Customer Escalated, Customer Facing

      OpenShift 4.18.3
      kiali: 2.4.4
      0.119.0-2 --> telemetry
      servicemesh -> 3.0.1
      tempo: 0.15.4-1

       

      //ISSUE:

      We have two clusters that are currently running the versioning above and are having trouble with visual output. Traffic being generated from outside the cluster is visualized but traffic generated from inside a container is not shown.

       

      MTLS is not visualized, lock icons are not shown (even though we have security toggle enabled), and we have cluster-wide MTLS enabled and yet no banner is showing as expected.

      Traffic graph even showing IDLE connections or long-timeframe does not show data as expected.

      tempo, kiali and ossm + open telemetry configs match documentation and expected configuration - need assistance in identifying the root of the error with visualized traffic flow.

      Confirmed MTLS traffic IS configured properly and is flowing (visible internally in log output at gateway and endpoints) confirmed security is enabled but cannot be visualized.

      This visualization aspect is required for security guidance and demonstration for stakeholders and is high impact for the customer while unable to get loaded.

       

      Data samples, screenshots, data and case links available in first comments after this issue is filed. Sensitive data omitted from case submission.

        1. mtls-confirmed.png
          756 kB
          Will Russell

              Unassigned Unassigned
              rhn-support-wrussell Will Russell
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: