search

kubetail-org / kubetail

Web-based, real-time log viewer for Kubernetes
https://www.kubetail.com/demo
Apache License 2.0
299 stars 15 forks source link

kubetail does not show any error when rbac is not configured correctly. #66

Closed rophy closed 2 months ago

rophy commented 2 months ago

As title, running kubetail as container, with following logging config:

logging:
  enabled: true
  level: debug
  format: pretty
  access-log:
    enabled: true
    hide-health-checks: false

I intentionally removed the ClusterRoleBinding, and try to access logs from frontend. Accessing the UI will see no error message from both backend log and UI, the UI simply shows "Beginning of feed" with no logs.

Adding the ClusterRole back and I'll see the logs. Ideally, I expect to see rbac errors at the backend log.

amorey commented 2 months ago

Thanks for the suggestion. I'll take a look and see how we can implement it.

amorey commented 2 months ago

It will take a few iterations to get this right but as a first attempt, I made query errors more visible in the UI (previously they were only going to the browser console log).

Here are some screenshots:

Screen Shot 2024-05-02 at 4 46 07 PM Screen Shot 2024-05-02 at 4 46 19 PM

The code is live in 0.4.6:

helm repo update
helm upgrade kubetail kubetail/kubetail --namespace kubetail

Logging auth errors in the backend will take more thought because:

  1. They're noisy by default
  2. I can't figure out an efficient way to monitor the Kubernetes API for RBAC changes

Let me know if this addresses the problem you ran into and if you have any suggestions on how to improve it!