Including some metrics folks. Matt/Jeff? On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio < mateus.caruc...@getupcloud.com> wrote:
> Answering my own question, that "namespace" field on audit log refers to > the unamespaced resource "/oapi/v1/subjectaccessreviews", not the subject > access review object of the request. > > Still, the problem persists... > > -- > Mateus Caruccio / Master of Puppets > GetupCloud.com > We make the infrastructure invisible > Gartner Cool Vendor 2017 > > 2017-09-13 22:39 GMT-03:00 Mateus Caruccio <mateus.caruc...@getupcloud.com > >: > >> Audit logs show this: >> >> 2017-09-13T22:18:43.907186125-03:00 AUDIT: >> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" >> ip="10.150.10.35" method="POST" user="mateus" groups="\"system:authenticated >> :oauth\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" >> namespace="<none>" uri="/oapi/v1/subjectaccessreviews" >> 2017-09-13T22:18:43.941696064-03:00 AUDIT: >> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" >> response="201" >> >> I'm I wrong o that "namespace" field should be not <none>? >> >> >> -- >> Mateus Caruccio / Master of Puppets >> GetupCloud.com >> We make the infrastructure invisible >> Gartner Cool Vendor 2017 >> >> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio <mateus.caruc...@getupcloud.co >> m>: >> >>> After a fresh Origin 3.6.0, hawkular returns only 403 Forbiden. >>> What is the auth path used by hawkular and how can I check if it's >>> correct (secrets, servicaccounts, token, etc)? >>> >>> $ oc version >>> oc v3.6.0+c4dd4cf >>> kubernetes v1.6.1+5115d708d7 >>> features: Basic-Auth GSSAPI Kerberos SPNEGO >>> >>> Server <redacted> >>> openshift v3.6.0+c4dd4cf >>> kubernetes v1.6.1+5115d708d7 >>> >>> >>> $ oc -n openshift-infra get rc -o yaml | grep image: >>> image: docker.io/openshift/origin-metrics-cassandra:v3.6.0 >>> image: docker.io/openshift/origin-met >>> rics-hawkular-metrics:v3.6.0 >>> image: docker.io/openshift/origin-metrics-heapster:v3.6.0 >>> >>> >>> $ oc -n openshift-infra get pods >>> NAME READY STATUS RESTARTS AGE >>> hawkular-cassandra-1-vg250 1/1 Running 0 42m >>> hawkular-metrics-4rkn4 1/1 Running 0 38m >>> heapster-fjg8t 1/1 Running 1 50m >>> >>> >>> $ oadm diagnostics MetricsApiProxy >>> [Note] Determining if client configuration exists for client/cluster >>> diagnostics >>> Info: Successfully read a client config file at >>> '/home/getup/.kube/config' >>> Info: Using context for cluster-admin access: >>> 'default/<redacted>:443/system:admin' >>> >>> [Note] Running diagnostic: MetricsApiProxy >>> Description: Check the integrated heapster metrics can be reached >>> via the API proxy >>> >>> [Note] Summary of diagnostics execution (version v3.6.0+c4dd4cf): >>> [Note] Completed with no errors or warnings seen. >>> >>> >>> >>> Thanks >>> -- >>> Mateus Caruccio / Master of Puppets >>> GetupCloud.com >>> We make the infrastructure invisible >>> Gartner Cool Vendor 2017 >>> >> >> > > _______________________________________________ > dev mailing list > dev@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > >
_______________________________________________ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
