Open kazuhisya opened 2 years ago
Hello Team,
Env: OCP / cilium-olm v1.12.0
When hubble is enabled via the CiliumConfig, the hubble-ui pod starts failing at OCP env.
hubble: enabled: true metrics: enabled: - dns:query;ignoreAAAA - drop - tcp - flow - icmp - http serviceMonitor: enabled: true tls: enabled: true relay: enabled: true ui: enabled: true ingress: enabled: true hosts: - hubble-ui-cilium.apps.xxx.xxx.xxx
There is not enough permit for "ingresses". Adding a role can solve this, but it's useful if it's enabled from the beginning.
$ oc edit role -n cilium cilium-olm -o yaml # add following lines - apiGroups: - networking.k8s.io resources: - ingresses verbs: - '*'
Additional Information: Maybe this can be solved by adding lines like this near line 346 in rbac.cue, but I'm not familiar with cue....
{ apiGroups: [ "networking.k8s.io", ] resources: [ "ingresses", ] verbs: [ "*", ] },
https://github.com/cilium/cilium-olm/blob/master/config/operator/rbac.cue#L346
Thank you,
Hello Team,
Env: OCP / cilium-olm v1.12.0
When hubble is enabled via the CiliumConfig, the hubble-ui pod starts failing at OCP env.
There is not enough permit for "ingresses". Adding a role can solve this, but it's useful if it's enabled from the beginning.
Additional Information: Maybe this can be solved by adding lines like this near line 346 in rbac.cue, but I'm not familiar with cue....
https://github.com/cilium/cilium-olm/blob/master/config/operator/rbac.cue#L346
Thank you,