Troubleshooting

Common questions and issues related to KuboVisor.

What are permission levels?

KuboVisor currently supports two different set of permissions to analyze your cluster:

  • limited write permissions

  • read-only permissions

With limited write permissions, KuboVisor has read-only access to all deployed resources on your cluster, in all namespaces. Additionally, read-write access to pods in a specific namespace is granted. We won’t be able to temper with resources outside of this namespace, only see them.

With read-only permissions, KuboVisor has read-only access to all deployed resources on your cluster, in all namespaces. We won’t be able to temper with resources, only see them.

For extended details on permission levels, refer to the cloud installation manual setup specific instructions.

Is my cluster network access restriction supported?

In order to use KuboVisor with your cluster, we need to be able to reach it. Below are the network restrictions that we currently support:

Restriction
Cloud
Agent
Comment

None

You don’t have anything more to do!

Network whitelist

Add the following IP to the list of authorized networks: 34.141.253.143

SSH bastion

Fully private

Agent Helm chart issues

Cloud mode conflicting resources

If you have the following error:

Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "ksa-kubovisor" in namespace "kubovisor" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "kubovisor-agent"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "kubovisor"

It indicates that resources that would be created by the Helm chart already exists in the cluster, but are not managed by Helm.

In this case, it indicates that KuboVisor is already configured for cloud mode in this Namespace.

If this is not your installation, contact your cluster administrator. If this is your installation and you wish to use KuboVisor agent instead of cloud mode, you can follow these steps:

  1. Delete the cluster on which you want to install the agent from KuboVisor.

  2. Delete the following resources from the Namespace where you want to install the agent.

Make sure that your current context is set to the right Namespace, or add --namespace myns to all the following commands, replacing myns by the Namespace name.

ServiceAccount ksa-kubovisor:

kubectl delete sa ksa-kubovisor

Role kubovisor-limited:

kubectl delete role kubovisor-limited

RoleBinding kubovisor-limited:

kubectl delete rolebinding kubovisor-limited
  1. Once all these resources are deleted, you can install the agent.

Multiple KuboVisor agent releases

If you have the following error:

Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "ksa-kubovisor" in namespace "kubovisor" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "kubovisor-agent2": current value is "kubovisor-agent"

It indicates that another Helm release of KuboVisor agent is installed on the cluster in this Namespace. You can list installed Helm releases with:

helm list

Last updated