-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl: none from centraldashboard to profiles which cause rbac access denied #7505
Comments
Did you enable TLS in your Istio service mesh? |
Yes,l saw the traffic is from centraldashboard to profile,so l created two destinationrule on centraldashboard & profile to enable MTLS. But it still ssl.
profile
|
I think that is for kubeflow/manifests You can join the CNCF Slack and access our meetings at the Kubeflow Community website. Our channel on the CNCF Slack is here #kubeflow-platform. You can also find there our biweekly meetings, including the commentable Agenda. /close |
@juliusvonkohout: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Background
We install kubeflow:v1.8.0 and an individual istio:1.20.3.
Issue
When we use DEX to do OIDC authentication and login kubeflow successfully, it will got a rbac access denied error in UI.
We enable RBAC debug log and get log info from profiles-kfam pod.
istioctl pc log --level "rbac:debug" profiles-kfam-*.kubeflow
k logs -f profiles-kfam-*
Then find out that's because traffic from centraldashboard to profiles without ssl and not able to get principals info(cluster.local/ns/kubeflow/sa/centraldashboard) so the authorizationpolicy** profiles-kfam** doesn't work.
Any idea how to fix this issue?
The text was updated successfully, but these errors were encountered: