We had an issue where it was not possible for normal users to view their metrics (but cluster-admin users could). But I didn't think this made it into any releases.
Would it be possible to attach the inventory file used? On Thu, Sep 14, 2017 at 8:34 AM, Paul Weil <[email protected]> wrote: > Including some metrics folks. Matt/Jeff? > > On Wed, Sep 13, 2017 at 9:44 PM, Mateus Caruccio < > [email protected]> wrote: > >> Answering my own question, that "namespace" field on audit log refers to >> the unamespaced resource "/oapi/v1/subjectaccessreviews", not the >> subject access review object of the request. >> >> Still, the problem persists... >> >> -- >> Mateus Caruccio / Master of Puppets >> GetupCloud.com >> We make the infrastructure invisible >> Gartner Cool Vendor 2017 >> >> 2017-09-13 22:39 GMT-03:00 Mateus Caruccio <[email protected] >> m>: >> >>> Audit logs show this: >>> >>> 2017-09-13T22:18:43.907186125-03:00 AUDIT: >>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" ip="10.150.10.35" >>> method="POST" user="mateus" groups="\"system:authenticated >>> :oauth\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" >>> namespace="<none>" uri="/oapi/v1/subjectaccessreviews" >>> 2017-09-13T22:18:43.941696064-03:00 AUDIT: >>> id="cf075af6-c8a7-4b3c-8727-4ad2aefa0a49" response="201" >>> >>> I'm I wrong o that "namespace" field should be not <none>? >>> >>> >>> -- >>> Mateus Caruccio / Master of Puppets >>> GetupCloud.com >>> We make the infrastructure invisible >>> Gartner Cool Vendor 2017 >>> >>> 2017-09-13 20:31 GMT-03:00 Mateus Caruccio < >>> [email protected]>: >>> >>>> After a fresh Origin 3.6.0, hawkular returns only 403 Forbiden. >>>> What is the auth path used by hawkular and how can I check if it's >>>> correct (secrets, servicaccounts, token, etc)? >>>> >>>> $ oc version >>>> oc v3.6.0+c4dd4cf >>>> kubernetes v1.6.1+5115d708d7 >>>> features: Basic-Auth GSSAPI Kerberos SPNEGO >>>> >>>> Server <redacted> >>>> openshift v3.6.0+c4dd4cf >>>> kubernetes v1.6.1+5115d708d7 >>>> >>>> >>>> $ oc -n openshift-infra get rc -o yaml | grep image: >>>> image: docker.io/openshift/origin-metrics-cassandra:v3.6.0 >>>> image: docker.io/openshift/origin-met >>>> rics-hawkular-metrics:v3.6.0 >>>> image: docker.io/openshift/origin-metrics-heapster:v3.6.0 >>>> >>>> >>>> $ oc -n openshift-infra get pods >>>> NAME READY STATUS RESTARTS AGE >>>> hawkular-cassandra-1-vg250 1/1 Running 0 42m >>>> hawkular-metrics-4rkn4 1/1 Running 0 38m >>>> heapster-fjg8t 1/1 Running 1 50m >>>> >>>> >>>> $ oadm diagnostics MetricsApiProxy >>>> [Note] Determining if client configuration exists for client/cluster >>>> diagnostics >>>> Info: Successfully read a client config file at >>>> '/home/getup/.kube/config' >>>> Info: Using context for cluster-admin access: >>>> 'default/<redacted>:443/system:admin' >>>> >>>> [Note] Running diagnostic: MetricsApiProxy >>>> Description: Check the integrated heapster metrics can be >>>> reached via the API proxy >>>> >>>> [Note] Summary of diagnostics execution (version v3.6.0+c4dd4cf): >>>> [Note] Completed with no errors or warnings seen. >>>> >>>> >>>> >>>> Thanks >>>> -- >>>> Mateus Caruccio / Master of Puppets >>>> GetupCloud.com >>>> We make the infrastructure invisible >>>> Gartner Cool Vendor 2017 >>>> >>> >>> >> >> _______________________________________________ >> dev mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
