New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl: none from centraldashboard to profiles which cause rbac access denied #7505
Projects
Comments
Did you enable TLS in your Istio service mesh? |
Yes,l saw the traffic is from centraldashboard to profile,so l created two destinationrule on centraldashboard & profile to enable MTLS. But it still ssl.
profile
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Background
We install kubeflow:v1.8.0 and an individual istio:1.20.3.
Issue
When we use DEX to do OIDC authentication and login kubeflow successfully, it will got a rbac access denied error in UI.
We enable RBAC debug log and get log info from profiles-kfam pod.
istioctl pc log --level "rbac:debug" profiles-kfam-*.kubeflow
k logs -f profiles-kfam-*
Then find out that's because traffic from centraldashboard to profiles without ssl and not able to get principals info(cluster.local/ns/kubeflow/sa/centraldashboard) so the authorizationpolicy** profiles-kfam** doesn't work.
Any idea how to fix this issue?
The text was updated successfully, but these errors were encountered: