Comments (7)
HI @danishnawab
Thanks for reaching out.
Mizu tap creates an "agent" pod inside your cluster, in order to access the web ui mizu CLI tries to create k8s proxy or port forward. So the user which running the CLI need to have certain permissions in the cluster like get pod/service. Just wanted to double check that your IAM user have these permissions in a newly created namespace like "mizu"?
from kubeshark.
@IgorGov No, my user doesn't have access to the mizu
namespace, not out of the box.
Access within our organization is limited to the namespaces we deploy our stuff on. And, mizu
is not one of those.
Could there be a way by which mizu could run in such environments? I suppose there would be others with a similar authentication setup.
Perhaps mizu could instead start the agent in the existing namespaces instead of a new namespace?
from kubeshark.
Mizu have the ability to be deployed (and created needed resources) to an existing namespace, you can use the "mizu-resources-namespace" flag:
./mizu tap --set mizu-resources-namespace=<namespace for k8s resource to be deployed> -n <the same namespace>
Notice that you won't be able to deploy to namespace "A" and sniff traffic from namespace "B".
Let me know if that helps
from kubeshark.
So deploying mizu in one of the existing services worked to the point that the server could come up and the traffic viewer was loaded in my browser, however, I didn't see any traffic.
Looking at the logs, I could see the following statements:
[2022-02-08T23:46:31.669+0100] DEBUG ▶ error while getting kubernetes server version, err: Get "https://<redacted>:443/version?timeout=32s": getting credentials: exec: executable aws-iam-authenticator failed with exit code 1 ▶ [68653 provider.go:1149 GetKubernetesVersion]
[2022-02-08T23:46:31.670+0100] ERROR ▶ Get "https://<redacted>:443/version?timeout=32s": getting credentials: exec: executable aws-iam-authenticator failed with exit code 1 ▶ [68653 common.go:94 handleKubernetesProviderError]
At first, I assumed that my IAM user doesn't have the access rights to query the k8s version, but then I tried executing kubectl version
and it successfully listed both the client and the server versions.
from kubeshark.
can you please run the command with flag "--set dump-logs=true", it should generate a zip file with all mizu logs (cli, server and tappers). The command should look like:
../mizu tap --set mizu-resources-namespace=<ns> -n <ns> --set dump-logs=true
Can you confirm that CLI detects pods to tap? the output should look like:
Can you confirm that mizu tapper pods are up and running? see the highlighted pods:
from kubeshark.
This issue is stale because it has been open for 30 days with no activity.
from kubeshark.
This issue was closed because it has been inactive for 14 days since being marked as stale.
from kubeshark.
Related Issues (20)
- Couldn't initialize the tracer HOT 10
- Improve support for homebrew HOT 8
- Add Websocket support
- Detect socket creation errors using eBPF
- Kind support( pf-ring, ebpf, serviceMesh) HOT 8
- Specific PCAP TTL for Errors HOT 1
- Kubeshark with Bottlerocket? HOT 1
- kubeshark deployment DOSes `kube-apiserver` if k8s audit events enabled HOT 10
- Client OS: `windows 10`, chrome: `121.0.6167.185` failing HOT 1
- New Helper named Uniqe HOT 1
- Using kubeshark CLI with multiple kubeconfig files
- We can't verify pre-built binaries for windows/amd64 with checksum files HOT 1
- WebSockets in an IPv6 primary cluster fail HOT 1
- no push access for the kubeshark fork HOT 1
- Windows 11 Curl install does not work HOT 1
- Improve/Complete AMQP support
- Resolved K8s component name is inaccurate
- Does ICMP Traffic Capture is not possible?
- Upgrade fails HOT 1
- eBPF tracer Crashes for Kernel versions older than 5.5 HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubeshark.