Unable to see the replicasets and pods using admin user

[absnmohammedsedex]

There are 2 different questions here,

1. I can log in using basic username and password authentication, but I cannot see the replicasets and pods. Is it something not yet added to the dashboard or am I missing something here?
2. I am using external ingress with OIDC authentication, it works fine and it takes me to the login page where it is asking for a username and password(admin user and password) then it allows me to login. I am not using the weave gitops OIDC config here.
   I can log in via both authentications but cannot see the replicasets and pods.

If I try to bypass the adminUser, the pod fails with CrashLoopRecovery.

Can I bypass the adminUser as I can login via AD OIDC?
How can I see the replicasets, pods and pod logs?

I have checked the RBAC clusterRole and have allowed full access and added admin user to impersonationResourceNames list.

Environment

• Weave-Gitops Version - 2.0.36
• Flux Version - 2.3.0
• Kubernetes version(EKS) - 1.30

To Reproduce
Steps to reproduce the behavior:

$ PASSWORD="averyverystrongpassword"
$ gitops create dashboard ww-gitops \
  --password=$PASSWORD \
  --export > ./clusters/ovh-fluxcd/weave/weave-gitops-dashboard.yaml

Expected behavior

Actual Behavior
I'm not seeing any of these, except the deployments, helm releases.

Additional Context (screenshots, logs, etc)

[absnmohammedsedex]

I see the following errors in logs,

2024-09-12T11:26:00.093Z	INFO	gitops.auth-server	auth/server.go:462	failed to get ID Token from request
2024-09-12T11:26:00.093Z	INFO	gitops	middleware/middleware.go:61	request error	{"uri": "/oauth2/userinfo", "status": 400}
2024-09-12T11:26:00.119Z	INFO	gitops.auth-server	auth/server.go:462	failed to get ID Token from request
2024-09-12T11:26:00.119Z	INFO	gitops	middleware/middleware.go:61	request error	{"uri": "/oauth2/userinfo", "status": 400}
[controller-runtime] log.SetLogger(...) was never called, logs will not be displayed:
goroutine 195 [running]:
runtime/debug.Stack()
	/usr/local/go/src/runtime/debug/stack.go:24 +0x7a
sigs.k8s.io/controller-runtime/pkg/log.eventuallyFulfillRoot()
	/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/log/log.go:59 +0xae
sigs.k8s.io/controller-runtime/pkg/log.(*delegatingLogSink).WithName(0xc0003a1040, {0x32940c3, 0x14})
	/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/log/deleg.go:147 +0x4f
github.com/go-logr/logr.Logger.WithName({{0x35a1580, 0xc0003a1040}, 0x0}, {0x32940c3, 0x14})
	/go/pkg/mod/github.com/go-logr/[email protected]/logr.go:336 +0x66
sigs.k8s.io/controller-runtime/pkg/client.newClient(0xc0022d0000, {0x0, 0xc0000b8070, {0x35a2e70, 0xc0021b3340}, 0x0, {0x0, 0x0}, 0x0})
	/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/client/client.go:120 +0x14b
sigs.k8s.io/controller-runtime/pkg/client.New(0xc0002eb440, {0x0, 0xc0000b8070, {0x35a2e70, 0xc0021b3340}, 0x0, {0x0, 0x0}, 0x0})
	/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/client/client.go:101 +0xd8
github.com/weaveworks/weave-gitops/core/clustersmngr/cluster.getClientFromConfig(0xc0002eb440, 0xc0000b8070)
	/app/core/clustersmngr/cluster/single.go:68 +0x493
github.com/weaveworks/weave-gitops/core/clustersmngr/cluster.(*singleCluster).GetUserClient(0xc0006172c0, 0xc00185da10)
	/app/core/clustersmngr/cluster/single.go:93 +0x18d
github.com/weaveworks/weave-gitops/core/clustersmngr.(*clustersManager).getOrCreateClient(0xc0004f4140, 0xc00185da10, {0x35a2420, 0xc0006172c0})
	/app/core/clustersmngr/factory.go:627 +0x4b6
github.com/weaveworks/weave-gitops/core/clustersmngr.(*clustersManager).getUserClientWithNamespaces.func1({0x35a2420, 0xc0006172c0}, {0x358f980, 0xc0003126e0}, 0xc0007bbd40)
	/app/core/clustersmngr/factory.go:430 +0x105
created by github.com/weaveworks/weave-gitops/core/clustersmngr.(*clustersManager).getUserClientWithNamespaces
	/app/core/clustersmngr/factory.go:427 +0x416

[gecube]

Hi! I am not administrator, neither developer, nor consultant from Weave. So the below only my POV:

1. The weave gitops shows only basic objects without any relation to downstream objects. It is not how ArgoCD works or luntry - they show the full chain of related objects. And for us it wasn't issue.
2. don't got idea. So you want to set up OIDC and don't set up admin user, right?

[absnmohammedsedex]

@gecube, thank you for the comments. I can get it working using an external ingress with AWS Cognito integration, but I need to authenticate using the admin creds that log me in without access to the pods.

If weave gitops doesn't show the pods, then it's useless for us. By reading the documentation, they mentioned it shows the pods, replicasets, etc. I do see deployments and other k8s objects except pods and replicaset. I am assuming it might be due to the permission issue.

[absnmohammedsedex]

I can log in as admin but am unable to see pods for weave gitops as shown in the screenshot. I have checked the cluster permissions assigned to the admin user; it has

permission to list and show pods.

[gecube]

Hm. strange... maybe I am wrong.. I checked the docs for weave gitops... Please take a look

Here: https://github.com/weaveworks/weave-gitops/blob/main/doc/img/02-workload-detail.png

we don't see any rs and pods

but here:

https://github.com/weaveworks/weave-gitops/blob/main/doc/img/03-graph.png

we see.

It is very interesting, which permission do have weave gitops itself, as it utilises RBAC of k8s. Let's say you don't have for your OIDC user permission in RBAC of k8s to see deployments, and then weave gitops won't allow you to see them.

[gecube]

I think the issue is that it was compiled against old fluxcd library versions: 591cc3d
and now we are using newer fluxcd 2.3.0 with NEW API for Helmreleases and kustomization

[absnmohammedsedex]

I understand as I have already upgraded the Flux version to 2.30, and I can see the helmrelease API version is v2 and the kustomize API version is v1, all latest.

[kingdonb]

Weave GitOps is in need of maintainers!

Thank you for the feedback, it is good to understand as an outsider (who does not use ArgoCD) what is it that people mean when they say "an Argo-style UI" - it's never been as clear to me as it is right now.

Is that the main feature you're looking for in a UI? The ability to see drill-down dependencies or parent-child relationships between objects, and to see (for example) the fact that a pod is stuck in crashloopbackoff?

[absnmohammedsedex]

It would be beneficial for developers to have a UI portal to manage helm releases, live deployments, and replicasets in addition to the Flux CLI.

[kingdonb]

I'm working with some Headlamp devs to get the Flux plugin into the catalog, it's making some excellent progress

• Create Flux plugin headlamp-k8s/headlamp#1872
• Init flux plugin headlamp-k8s/plugins#75

It's currently a bit of a lift to get it installed, but if you're interested in trying it out, all of the information is here

It is heavily inspired by Weave GitOps (the flux parts, anyway)