Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error spam from credential provider when not on GCE #2673

Closed
jbeda opened this issue Nov 30, 2014 · 3 comments · Fixed by #2674
Closed

Error spam from credential provider when not on GCE #2673

jbeda opened this issue Nov 30, 2014 · 3 comments · Fixed by #2674
Labels
area/kubelet area/platform/gce priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/node Categorizes an issue or PR as relevant to SIG Node.

Comments

@jbeda
Copy link
Contributor

jbeda commented Nov 30, 2014

It looks like we always try and hit the metadata server even if we aren't on GCE. We then print an error out.

This should either be silent (assume after X attempts that we aren't on GCE?) or should only be activated with an option.

Email thread: https://groups.google.com/forum/#!topic/google-containers/w-ei5Xs6K0Y
@jbeda
Copy link
Contributor Author

jbeda commented Nov 30, 2014

cc: @mattmoor

@mattmoor mattmoor mentioned this issue Dec 1, 2014
Merged
@mattmoor
Copy link
Contributor

mattmoor commented Dec 1, 2014

FYI, the way the credentialprovider logic is set up, providers are asked once per keyring creation whether they are enabled.
https://github.com/GoogleCloudPlatform/kubernetes/blob/master/pkg/credentialprovider/provider.go#L30

If they are enabled, then they are asked to provide their contribution to .dockercfg each time the lazy keyring is accessed.
https://github.com/GoogleCloudPlatform/kubernetes/blob/master/pkg/credentialprovider/keyring.go#L47

For efficiency, there is a caching provider, which composes with heavier providers and stores their .dockercfg contribution for a predetermined TTL.
https://github.com/GoogleCloudPlatform/kubernetes/blob/master/pkg/credentialprovider/provider.go#L50

What was happening here was that "Enabled()" for our GCE-metadata implementations was logging about errors fetching "http://metadata", where the entire "Enabled()" check is "err == nil".

@goltermann goltermann added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Dec 3, 2014
@brendandburns
Copy link
Contributor

I believe that this was fixed by #2674

@dchen1107 dchen1107 added the sig/node Categorizes an issue or PR as relevant to SIG Node. label Feb 4, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/kubelet area/platform/gce priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/node Categorizes an issue or PR as relevant to SIG Node.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make credentialprovider less verbose about benign errors.
5 participants
@jbeda @mattmoor @brendandburns @dchen1107 @goltermann