Troubleshooting
Common questions and issues related to KuboVisor.
What are permission levels?
KuboVisor currently supports two different set of permissions to analyze your cluster:
limited write permissions
read-only permissions
With limited write permissions, KuboVisor has read-only access to all deployed resources on your cluster, in all namespaces. Additionally, read-write access to pods in a specific namespace is granted. We wonβt be able to temper with resources outside of this namespace, only see them.
With read-only permissions, KuboVisor has read-only access to all deployed resources on your cluster, in all namespaces. We wonβt be able to temper with resources, only see them.
Is my cluster network access restriction supported?
In order to use KuboVisor with your cluster, we need to be able to reach it. Below are the network restrictions that we currently support:
None
β
β
You donβt have anything more to do!
Network whitelist
β
β
Add the following IP to the list of authorized networks: 34.141.253.143
Agent Helm chart issues
Cloud mode conflicting resources
If you have the following error:
Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "ksa-kubovisor" in namespace "kubovisor" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "kubovisor-agent"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "kubovisor"
It indicates that resources that would be created by the Helm chart already exists in the cluster, but are not managed by Helm.
In this case, it indicates that KuboVisor is already configured for cloud mode in this Namespace.
If this is not your installation, contact your cluster administrator. If this is your installation and you wish to use KuboVisor agent instead of cloud mode, you can follow these steps:
Delete the cluster on which you want to install the agent from KuboVisor.
Delete the following resources from the Namespace where you want to install the agent.
Make sure that your current context is set to the right Namespace, or add --namespace myns
to all the following commands, replacing myns
by the Namespace name.
ServiceAccount ksa-kubovisor
:
kubectl delete sa ksa-kubovisor
Role kubovisor-limited
:
kubectl delete role kubovisor-limited
RoleBinding kubovisor-limited
:
kubectl delete rolebinding kubovisor-limited
Once all these resources are deleted, you can install the agent.
Multiple KuboVisor agent releases
If you have the following error:
Error: INSTALLATION FAILED: rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "ksa-kubovisor" in namespace "kubovisor" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "kubovisor-agent2": current value is "kubovisor-agent"
It indicates that another Helm release of KuboVisor agent is installed on the cluster in this Namespace. You can list installed Helm releases with:
helm list
Last updated