-
Notifications
You must be signed in to change notification settings - Fork 446
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can not start in AWS IAM environment #768
Comments
HI @danishnawab |
@IgorGov No, my user doesn't have access to the |
Mizu have the ability to be deployed (and created needed resources) to an existing namespace, you can use the "mizu-resources-namespace" flag: Notice that you won't be able to deploy to namespace "A" and sniff traffic from namespace "B". Let me know if that helps |
So deploying mizu in one of the existing services worked to the point that the server could come up and the traffic viewer was loaded in my browser, however, I didn't see any traffic.
At first, I assumed that my IAM user doesn't have the access rights to query the k8s version, but then I tried executing |
This issue is stale because it has been open for 30 days with no activity. |
This issue was closed because it has been inactive for 14 days since being marked as stale. |
Describe the bug
In my organization, we use AWS IAM to authenticate access to our Kubernetes cluster. Mizu seems to have trouble booting up in such an environment.
It just silently fails when running
mizu tap PODNAME
, but when runningmizu view
the following error is shown:I suspect mizu is incompatible with the authentication mechanism and perhaps that is also the reason why
mizu tap PODNAME
does nothing.To Reproduce
Steps to reproduce the behavior:
.kube/config
useaws-iam-authenticator
to authenticate to the Kubernetes clustermizu tap PODNAME
Waiting for Mizu Agent to start...
Expected behavior
Mizu should boot successfully
Logs
Desktop (please complete the following information):
Additional context
Unfortunately, I am not too familiar with the authentication setup on the AWS side. But it is clear that our users do not have the access rights needed by Mizu.
Is it possible for Mizu to work around this limitation?
The text was updated successfully, but these errors were encountered: