Replies: 16 comments 32 replies
-
Please provide actual replication procedures. Exactly what did you run (the commands to execute) in order to install the operator and Kiali server, and please indicate what the Kiali CR actually looks like. I suspect this is not a bug. But without knowing exactly how this was installed, I can't tell. Note also regarding this: |
Beta Was this translation helpful? Give feedback.
-
I used the following Helm values and included the Custom Resource (CR) definition as shown below, but the installation did not create the Kiali server and the resources that gets configured via the CR
Therefore I had to apply the CR manually using kubectl apply. Here are the details of that CR:
Noted: |
Beta Was this translation helpful? Give feedback.
-
Could this also be the reason why only namespaces, |
Beta Was this translation helpful? Give feedback.
-
(I converted this to a Q&A Discussion - this does not appear to be a bug.) |
Beta Was this translation helpful? Give feedback.
-
You did not tell me exactly how you installed (what command you used to install). You only gave me the values yaml you used. So I can only blindly guess at how you are installing this. But I just tested this myself - and here is what I did. I used the helm CLI directly.
The Kiali Operator installed fine:
The Kiali Server installed fine:
The Kiali CR was created correctly - this is what it looks like after the operator fully reconciled it and installed Kiali Server:
results in: apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
annotations:
ansible.sdk.operatorframework.io/verbosity: "1"
meta.helm.sh/release-name: kiali-operator
meta.helm.sh/release-namespace: kiali-operator
creationTimestamp: "2024-04-23T15:10:25Z"
finalizers:
- kiali.io/finalizer
generation: 1
labels:
app: kiali-operator
app.kubernetes.io/instance: kiali-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kiali-operator
app.kubernetes.io/part-of: kiali-operator
app.kubernetes.io/version: v1.83.0
helm.sh/chart: kiali-operator-1.83.0
version: v1.83.0
name: kiali
namespace: istio-system
resourceVersion: "1518"
uid: bddc578a-f6c1-4273-b60c-25562297158f
spec:
auth:
strategy: token
deployment:
accessible_namespaces:
- .*
view_only_mode: false
external_services:
custom_dashboards:
grafana:
url: http://kube-prometheus-stack-grafana.monitoring.svc.cluster.local:80
prometheus:
url: http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090
server:
web_root: /kiali
status:
conditions:
- ansibleResult:
changed: 12
completion: 2024-04-23T15:11:08.892327
failures: 0
ok: 76
skipped: 54
lastTransitionTime: "2024-04-23T15:10:57Z"
message: Awaiting next reconciliation
reason: Successful
status: "True"
type: Running
- lastTransitionTime: "2024-04-23T15:11:09Z"
message: Last reconciliation succeeded
reason: Successful
status: "True"
type: Successful
- lastTransitionTime: "2024-04-23T15:11:09Z"
message: ""
reason: ""
status: "False"
type: Failure
deployment:
accessibleNamespaces: default,ingress-nginx,istio-system,kiali-operator,kube-node-lease,kube-public,kube-system
instanceName: kiali
namespace: istio-system
environment:
isKubernetes: true
kubernetesVersion: 1.27.3
operatorVersion: v1.83.0
progress:
duration: "0:00:10"
message: 7. Finished all resource creation
specVersion: default This is the latest Kiali helm charts - but nothing should have changed between the old 1.66 version and the latest version. Those commands should still work. In fact, I just tried it myself and it worked the same way. First I uninstalled the Kiali CR via apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
annotations:
ansible.sdk.operatorframework.io/verbosity: "1"
meta.helm.sh/release-name: kiali-operator
meta.helm.sh/release-namespace: kiali-operator
creationTimestamp: "2024-04-23T15:18:23Z"
finalizers:
- kiali.io/finalizer
generation: 1
labels:
app: kiali-operator
app.kubernetes.io/instance: kiali-operator
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kiali-operator
app.kubernetes.io/part-of: kiali-operator
app.kubernetes.io/version: v1.66.1
helm.sh/chart: kiali-operator-1.66.1
version: v1.66.1
name: kiali
namespace: istio-system
resourceVersion: "2390"
uid: f4b22e1c-9bf3-41ed-a5b2-f681d61601df
spec:
auth:
strategy: token
deployment:
accessible_namespaces:
- .*
view_only_mode: false
external_services:
custom_dashboards:
grafana:
url: http://kube-prometheus-stack-grafana.monitoring.svc.cluster.local:80
prometheus:
url: http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090
server:
web_root: /kiali
status:
conditions:
- ansibleResult:
changed: 20
completion: 2024-04-23T15:19:08.517029
failures: 0
ok: 109
skipped: 104
lastTransitionTime: "2024-04-23T15:18:53Z"
message: Awaiting next reconciliation
reason: Successful
status: "True"
type: Running
- lastTransitionTime: "2024-04-23T15:19:08Z"
message: Last reconciliation succeeded
reason: Successful
status: "True"
type: Successful
- lastTransitionTime: "2024-04-23T15:19:08Z"
message: ""
reason: ""
status: "False"
type: Failure
deployment:
accessibleNamespaces: default,ingress-nginx,istio-system,kiali-operator,kube-node-lease,kube-public,kube-system
instanceName: kiali
namespace: istio-system
environment:
isKubernetes: true
kubernetesVersion: 1.27.3
operatorVersion: v1.66.1
progress:
duration: "0:00:14"
message: 7. Finished all resource creation
specVersion: default OK, so I have Kiali installed and running. Since the auth.strategy is set to "token" we need to get a token so we can log into Kiali. We have instructions on our FAQ on how to do that - please see: https://kiali.io/docs/faq/authentication/#how-to-obtain-a-token-when-logging-in-via-token-auth-strategy . Note that I am using minikube running k8s version greater than 1.24 so I need to obtain the token via
I point my browser to my Kiali UI and get to the login page and I copy-n-paste that token into the login field, at which point I am logged in. The masthead of the Kiali UI after I logged in looks like this: and the About Box shows us that I am logging into Kiali v1.66.1: Finally, one last item. I don't think you have configured your Prometheus correctly. You have this: external_services:
custom_dashboards:
prometheus:
url: "http://kube-prometheus-stack-prometheus.monitoring.svc.cluster.local:9090"
grafana:
url: "http://kube-prometheus-stack-grafana.monitoring.svc.cluster.local:80" You have those configured under |
Beta Was this translation helpful? Give feedback.
-
Thanks for the detailed response. I installed the kiali-operator using helm and then applied the following CR file
Then ran this to check the status -
I am still getting this error! I can access the kiali UI ok and can view only kiali and istiod namespace. Below are the kiali CR details -
|
Beta Was this translation helpful? Give feedback.
-
This sounds like it might be related to this:
But I do not know. You say you are not doing any upgrade of Kiali, its just a straight new install, so those might not be related. I cannot replicate your error installing Kiali using helm. In my earlier comment, I posted the exact commands I used to install Kiali Operator and the Server. I suggest you do that (uninstall everything and then run those exact commands I posted) and see if you get the same error. I suspect you are installing things differently than me. The only other idea I have is the error you are getting |
Beta Was this translation helpful? Give feedback.
-
The only alternative I can think of is try to install the latest Kiali Operator (not the old 1.66) and see if you get the same behavior. |
Beta Was this translation helpful? Give feedback.
-
@genfemme Are you committed to Istio 1.17? If you can update Istio you can use newer versions of Kiali. |
Beta Was this translation helpful? Give feedback.
-
@jmazzitelli @jshaughn |
Beta Was this translation helpful? Give feedback.
-
@jshaughn @jmazzitelli Following are the kiali-operator logs. I have added the last part of the logs to show the error -
This is the output of the kiali server status -
When I checked if the
|
Beta Was this translation helpful? Give feedback.
-
When you say, So, there has to be something that is wrong with your installation steps. I've asked several times for the full and exact steps you perform to install, but I have yet to see it. So, I cannot help any further because I have no idea how exactly you are installing and I suspect something you are doing is broke. If you are not using the Kiali.io instructions to install (via the helm CLI commands), then look for differences in your installation method compared with the supported methods of installation. As I mentioned earlier, I gave the steps I used (with 1.66.1) and it works for me on minikube. So you need to check the installation steps you are performing and find out what is different. |
Beta Was this translation helpful? Give feedback.
-
@jmazzitelli
The deployment is required to be done using the ArgoCD setup that we have. There is nothing in the deployment logs or pod logs that I could find to provide any reference. Could you suggest any steps to check the differences? I am not sure how to proceed with looking at the differences between what ArgoCD is invoking compared to running helm Cli as you mentioned. |
Beta Was this translation helpful? Give feedback.
-
@jmazzitelli |
Beta Was this translation helpful? Give feedback.
-
@jmazzitelli
But the role "kiali-viewer" is still not being added to the namespaces stated in the CR.
|
Beta Was this translation helpful? Give feedback.
-
Why are you expecting a |
Beta Was this translation helpful? Give feedback.
-
Describe the bug
I am encountering an issue while deploying a Kiali Server via a Kiali Custom Resource (CR).
When applying the CR, the operation fails due to an RBAC configuration error, stating that the
kiali-viewer
role cannot be found, despite its existence. Additionally, I discovered that thekiali-service-account
, which is crucial for Kiali's operation, does not generate any tokens, preventing proper authentication and authorization processes.Error Message with
Expected Behavior
The Kiali operator should successfully acknowledge and utilize the existing
kiali-viewer
role to configure the RoleBinding as specified in the CR. Thekiali-service-account
should automatically generate tokens upon creation.Environment
Kiali Operator version: 1.83.0
Istio version: 1.17.4
Kubernetes implementation: EKS
Kubernetes version: 1.28.3
Beta Was this translation helpful? Give feedback.
All reactions