Uploaded image for project: 'Distributed Tracing'
  1. Distributed Tracing
  2. TRACING-6070

Tempo operator version 0.20.0-1 creates a NetworkPolicy that blocks connection to tempo tracing querier when accessed via Kiali

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • None
    • Tempo
    • None
    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • Tracing Sprint # 285
    • Critical

      The Tempo operator when upgraded to the version 0.20.0-1 , the Kiali faces issue with getting the tracing visuals.

      This is because we see a new network policy created tempo-tempostack-tracing-query-frontend in the tracing-system namespace which does not include ingress to the port 16685 .

      Once this port is added into the networkPolicy we can get the tracing visuals from from Kiali.

      The tempo-tempostack-tracing-query-frontend networkPolicy that tempo operator creates :

       

          kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1
    metadata:
    name: tempo-tempostack-tracing-query-frontend
    namespace: tracing-system
    labels:
    app.kubernetes.io/component: query-frontend
    app.kubernetes.io/instance: tempostack-tracing
    app.kubernetes.io/managed-by: tempo-operator
    app.kubernetes.io/name: tempo
    spec:
    podSelector:
    matchLabels:
    app.kubernetes.io/component: query-frontend
    app.kubernetes.io/instance: tempostack-tracing
    app.kubernetes.io/managed-by: tempo-operator
    app.kubernetes.io/name: tempo
    ingress:
    - ports:
    - protocol: TCP
    port: 9095
    - protocol: TCP
    port: 3200
    - protocol: TCP
    port: 16686
    - protocol: TCP
    port: 16687
    - protocol: TCP
    port: 8443
    from:
    - namespaceSelector: {}
    - ports:
    - protocol: TCP
    port: 9095
    - protocol: TCP
    port: 3200
    from:
    - podSelector:
    matchLabels:
    app.kubernetes.io/component: querier
    app.kubernetes.io/instance: tempostack-tracing
    app.kubernetes.io/managed-by: tempo-operator
    app.kubernetes.io/name: tempo
    egress:
    - ports:
    - protocol: TCP
    port: 4318
    to:
    - ipBlock:
    cidr: 0.0.0.0/0
    - ports:
    - protocol: TCP
    port: 4317
    to:
    - ipBlock:
    cidr: 0.0.0.0/0
    - ports:
    - protocol: TCP
    port: 9095
    to:
    - podSelector:
    matchLabels:
    app.kubernetes.io/component: querier
    app.kubernetes.io/instance: tempostack-tracing
    app.kubernetes.io/managed-by: tempo-operator
    app.kubernetes.io/name: tempo
    - ports:
    - protocol: TCP
    port: 3200
    to:
    - podSelector:
    matchLabels:
    app.kubernetes.io/component: querier
    app.kubernetes.io/instance: tempostack-tracing
    app.kubernetes.io/managed-by: tempo-operator
    app.kubernetes.io/name: tempo
    - to:
    - ipBlock:
    cidr: 0.0.0.0/0
    - namespaceSelector: {}
    policyTypes:
    - Egress
    - Ingress

      Version :

       

      Tempo version : 0.20.0-1
Openshift version : 4.17

       

      How to reproduce :

      1. Install the tempo operator version 0.20.0-1
      2. Create the required instances required for the operator.
      3.  List the netwokPolicies in the namespace particularly check below netPol :
        tempo-tempostack-tracing-query-frontend
      4. Check if you can get the tracing visulas from Kiali
      5. Create a new networkPolicy that includes the ingress from 16685 port.
      - protocol: TCP
port: 16685

             6. Check if you can get the tracing from the Kiali dashboard.

       

       

              rh-ee-ozwalsh Ozzy Walsh
              rhn-support-atpatil Atharva Patil
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: