You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Visit linkerd-viz-my-cluster.domain.com URL, see that linkerd-viz is working as expected.
Open any jaeger trace for any component.
Expected result:
Jaeger UI is working as expected
Actual result:
Jaeger UI loads, but shows no data.
After Jaeger pod restart UI is not loading and 403 error is seen in linkerd-proxy container of jaeger pod
Logs, error output, etc
[ 3776.356949s] INFO ThreadId(01) inbound:server{port=16686}: linkerd_app_inbound::policy::http: Request denied server.group=policy.linkerd.io server.kind=server server.name=jaeger-ui route.group= route.kind=default route.name=default client.tls=None(NoClientHello) client.ip=10.42.0.23
[ 3776.356999s] INFO ThreadId(01) inbound:server{port=16686}:rescue{client.addr=10.42.0.23:56060}: linkerd_app_core::errors::respond: HTTP/1.1 request failed error=client 10.42.0.23:56060: server: 10.42.0.41:16686: unauthorized request on route error.sources=[unauthorized request on route]
output of linkerd check -o short
For whatever reason linkerd check output is broken too
linkerd-viz
----------- \ Running viz extension check
‼ viz extension proxies are up-to-date
Get "https://versioncheck.linkerd.io/version.json?version=stable-2.14.10&uuid=unknown&source=cli": dial tcp: lookup versioncheck.linkerd.io on 10.26.3.12:53: no such host| Running viz extension check
see https://linkerd.io/2.14/checks/#l5d-viz-proxy-cp-version for hints
ing viz extension check \ Running viz extension check
Status check results are × / Running viz extension check
user@win10-work:~$ extension check
ing viz extension check | Running viz extension check
nsion check - Running viz extension check
Running viz extension check
Yeah, that jaeger-ui AuthorizationPolicy is restricting access from viz' web ServiceAccount only, used when using the jaeger site from the viz dashboard. To allow accessing via the ingress, you would need to add your ingress controller's ServiceAccount into that AuthorizationPolicy. The ingress controller would need to be meshed as well.
What is the issue?
When deploying Jaeger extension using linkerd helm chart, it is not possible to have working Jaeger UI via Ingress due to Server policy on jaeger-ui
How can it be reproduced?
Expected result:
Jaeger UI is working as expected
Actual result:
Logs, error output, etc
output of
linkerd check -o short
For whatever reason linkerd check output is broken too
Environment
Kubernetes version: v1.28.8+k3s1
Cluster Environment: oVirt
Host OS: Ubuntu 22.04 LTS
Linkerd version: stable-2.14.10
Possible solution
Not a real solution, but I've found that deleting these two objects fixes access to jaeger ui
so it seems that they are missing some part for Ingress access, but I'm not sure which one would be that
Additional context
No response
Would you like to work on fixing this bug?
None
The text was updated successfully, but these errors were encountered: