Loki - input size too long #431
-
Hello everyone, I am wondering if there is a workaround for current Loki limitation that is present in the stack or is there anything planned for the future to circumvent that? Problem: For user that does not possess cluster-admin they may possess view of all namespaces in form of cluster-monitoring-view or cluster-reader Example environment: OCP 4.12 cluster on vSphere, 10 operators installed with namespaces character count above 5120 Loki query limit. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 7 replies
-
Hi @jbartyze-rh Unfortunately for non-cluster admins, we don't have a good solution/workaround at the moment for this problem. When we will implement it, the workaround when you hit this issue will be to create RoleBindings per namespace (instead of ClusterRoleBinding) for the non-admin users with Read access to logs, with the intent to reduce the number of accessible namespaces in that way. It will not eliminate the problem if you keep assigning as many namespaces, but it offers you the possibility to have less namespaces just for netobserv flow logs access. Would that be an acceptable trade-off for you? |
Beta Was this translation helpful? Give feedback.
-
By the way, can you elaborate on that please?
cluster-admins should not get this error. Just note that they need to be in the cluster-admin group, not just the role : cf https://issues.redhat.com/browse/LOG-4236?focusedId=22459085&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-22459085 |
Beta Was this translation helpful? Give feedback.
@jbartyze-rh I get your point & frustration - this would be something to discuss with openshift-logging team as they maintain the loki-operator.