kiali: All apps are degraded due to unsynced proxies

General remarks

Describe the bug All my apps are degraded due to unsynced proxies, although istioctl proxy-status shows all proxies are synced.

screenshot2

Versions used Kiali: 1.27.0 Istio: 1.7.3 Kubernetes: 1.16.13

Installation Installed using helmfile

  - name: kiali-operator
    namespace: kiali-operator
    chart: kiali/kiali-operator
    version: 1.27.0
    values:
      - cr:
          create: false
          namespace: istio-system
          spec:
            deployment:
              accessible_namespaces:
              - '**'

Kiali CR kubectl get kiali -n istio-system kiali -o yaml>

apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
  annotations:
    ansible.operator-sdk/verbosity: "1"
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"kiali.io/v1alpha1","kind":"Kiali","metadata":{"annotations":{"ansible.operator-sdk/verbosity":"1"},"name":"kiali","namespace":"istio-system"},"spec":{"deployment":{"accessible_namespaces":["**"],"namespace":"kiali-operator"},"external_services":{"istio_namespace":"istio-system","prometheus":{"url":"http://prometheus-chart-server.monitoring.svc.cluster.local"}}}}
  creationTimestamp: "2020-12-07T15:06:25Z"
  finalizers:
  - finalizer.kiali
  generation: 1
  name: kiali
  namespace: istio-system
  resourceVersion: "52180939"
  selfLink: /apis/kiali.io/v1alpha1/namespaces/istio-system/kialis/kiali
  uid: 3fb8a2a9-f634-4dbb-b419-260b12e42e44
spec:
  deployment:
    accessible_namespaces:
    - '**'
    namespace: kiali-operator
  external_services:
    istio_namespace: istio-system
    prometheus:
      url: http://prometheus-chart-server.monitoring.svc.cluster.local
status:
  accessibleNamespaces:
  - '**'
  conditions:
  - ansibleResult:
      changed: 1
      completion: 2020-12-07T15:08:55.280506
      failures: 0
      ok: 83
      skipped: 76
    lastTransitionTime: "2020-12-07T15:06:25Z"
    message: Awaiting next reconciliation
    reason: Successful
    status: "True"
    type: Running

Kiali ClusterRole kubectl get clusterrole -n istio-system kiali -o yaml >

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    operator-sdk/primary-resource: istio-system/kiali
    operator-sdk/primary-resource-type: Kiali.kiali.io
  creationTimestamp: "2020-12-07T15:07:05Z"
  labels:
    app: kiali
    app.kubernetes.io/name: kiali
    app.kubernetes.io/part-of: kiali
    app.kubernetes.io/version: v1.27.0
    version: v1.27.0
  name: kiali
  resourceVersion: "52180047"
  selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/kiali
  uid: 04d06607-c7d3-407b-8138-0570ab5b4055
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - namespaces
  - nodes
  - pods
  - pods/log
  - pods/proxy
  - replicationcontrollers
  - services
  verbs:
  - get
  - list
  - patch
  - watch
- apiGroups:
  - extensions
  - apps
  resources:
  - deployments
  - replicasets
  - statefulsets
  verbs:
  - get
  - list
  - patch
  - watch
- apiGroups:
  - autoscaling
  resources:
  - horizontalpodautoscalers
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - batch
  resources:
  - cronjobs
  - jobs
  verbs:
  - get
  - list
  - patch
  - watch
- apiGroups:
  - networking.istio.io
  - security.istio.io
  resources:
  - '*'
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - watch
- apiGroups:
  - monitoring.kiali.io
  resources:
  - monitoringdashboards
  verbs:
  - get
  - list
- apiGroups:
  - iter8.tools
  resources:
  - experiments
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - watch

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 22 (8 by maintainers)

Most upvoted comments

@HazemElAgaty I see one suspicious misconfiguration in your kiali cr. It is pretty tiny but it might effect everything.

spec:
  deployment:
    accessible_namespaces:
    - '**'
    namespace: kiali-operator
  external_services:
    istio_namespace: istio-system
    prometheus:
      url: http://prometheus-chart-server.monitoring.svc.cluster.local

The istio_namespace field shouldn’t be under external_services. It should go at first level, under spec otherwise. Therefore it should be:

spec:
  istio_namespace: istio-system
  deployment:
    accessible_namespaces:
    - '**'
    namespace: kiali-operator
  external_services:
    prometheus:
      url: http://prometheus-chart-server.monitoring.svc.cluster.local

This property is specially important when you are installing kiali in a different namespace than the default.

Hope this tiny bit puts the big ones in place 😃

+4
xeviknal on Dec 10, 2020

Thanks @HazemElAgaty, I cc @xeviknal if he can take a look.

+2
lucasponce on Dec 9, 2020

Thank you for the quick fix! Much appreciated. 😃

+1
denniseffing on Jan 8, 2021

hi @denniseffing,

Thanks for letting us know about this one. Unfortunately, there is no workaround this one. I am preparing a PR approaching this bug. I guess it won’t be available until 2021 though.

+1
xeviknal on Dec 18, 2020

@jshaughn good point.

What about adding an extra notification like the ones for jaeger and grafana when are disabled? (should play around a bit though) Perhaps an entry in the FAQ?

+1
xeviknal on Dec 11, 2020

Actually, our problem was extremely similar to above! istio_namespace was pointing to the namespace Kiali itself was running inside, rather than istio 🤦 Thank you for the help!

+1
cathal-c on Dec 10, 2020

istio_namespace

@xeviknal Great catch, this fixed everything since yes I am installing kiali in a different namespace. Thanks a lot.

+1
HazemElAgaty on Dec 10, 2020

@xeviknal Yes, I am using token . I will try out anonymous and get back to you.

+1
HazemElAgaty on Dec 9, 2020
Read more comments on GitHub
← fastT5: forward() got an unexpected keyword argument 'cross_attn_head_mask'
kiali: Can not fetching the proxy-status →