New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error messages do not point to the issue #49

Closed
bobrik opened this Issue Oct 13, 2016 · 2 comments

Comments

Projects
None yet
4 participants
@bobrik

bobrik commented Oct 13, 2016

Currently, if the service token is invalid, you get the following in the logs:

2016-10-13 13:15:35,246 15 ERROR Unahandled exception killed Namespace manager
Traceback (most recent call last):
  File "<string>", line 295, in _manage_resource
  File "<string>", line 386, in _sync_resources
  File "site-packages/requests/models.py", line 808, in json
  File "site-packages/simplejson/__init__.py", line 516, in loads
  File "site-packages/simplejson/decoder.py", line 370, in decode
  File "site-packages/simplejson/decoder.py", line 400, in raw_decode
JSONDecodeError: Expecting value: line 1 column 1 (char 0)
2016-10-13 13:15:35,246 15 WARNING Re-starting watch on resource: Namespace

In kube-apiserver logs you can see:

I1013 13:39:41.172145       1 handlers.go:162] GET /api/v1/namespaces: (301.966µs) 401 [[python-requests/2.9.1] 10.36.15.21:64402]
E1013 13:39:43.193494       1 handlers.go:54] Unable to authenticate the request due to an error: crypto/rsa: verification error

I think kube-policy-controller can do a better job of telling the user what is wrong. Documenting existence of LOG_LEVEL env variable is a good first step. Detecting 401 and suggesting possible remediations is even better.

Related to kubernetes/kubernetes#22351.

@caseydavenport

This comment has been minimized.

Show comment
Hide comment
@caseydavenport

caseydavenport Oct 13, 2016

Member

Agreed - the debuggability of the policy controller is rather poor right now. Thanks for raising this.

Member

caseydavenport commented Oct 13, 2016

Agreed - the debuggability of the policy controller is rather poor right now. Thanks for raising this.

@urzds

This comment has been minimized.

Show comment
Hide comment
@urzds

urzds Feb 13, 2017

I just ran into the same issue. Would have been great, if I would have received more information from the calico-policy-controller logs.

urzds commented Feb 13, 2017

I just ran into the same issue. Would have been great, if I would have received more information from the calico-policy-controller logs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment