Hello,
I am having a lot of warning and error logs clutter my logs from GKE autopilot pods in the kube-system namespace. However, I don't have access to these machines because I get a denial response ("GKE Warden authz [denied by managed-namespaces-limitation]") when trying to exec sh into them.
How can I triage/resolve these issues without access into these pods?
Here are the common logs:
Container: gke-metrics-agent
Logs:
- warn uasexporter/exporter.go:119 UAS Metrics Request channel full, discarding old request {"kind": "exporter", "name": "uas"}
- error uasexporter/exporter.go:226 failed to get response from UAS {"kind": "exporter", "name": "uas", "error": "rpc error: code = PermissionDenied desc = The caller does not have permission"}"
Container: image-package-extractor
Additional Details: there are dozens of these logs, all with different paths so i don't believe the paths below are necessarily relevant to the core issue
Logs:
- Failed to parse package block, skipping: invalid package format syntax (expected "KEY: VAL") found in line "8374302ab936fb95e0b0d140d0891851 usr/sbin/tzconfig"
- Failed to parse package block, skipping: invalid package format syntax (expected "KEY: VAL") found in line "d9db83d6fe6616e0e10ee9e1f4abbb61 lib/x86_64-linux-gnu/ld-2.31.so"
Container: cilium-agent
Logs:
- error "Error deleting LRP local redirect policy to be deleted not found"
- warning "Error removing NOTRACK rules unable to run 'iptables -t filter -D CILIUM_INPUT -p tcp -d 10.132.15.222 --dport 53 -j ACCEPT' iptables command: exit status 1 stderr="iptables: Bad rule (does a matching rule exist in that chain?).\n"
- error "unable to run 'iptables -t filter -D CILIUM_OUTPUT -p tcp -s 10.132.15.222 --sport 53 -j ACCEPT' iptables command: exit status 1 stderr="iptables: Bad rule (does a matching rule exist in that chain?).\n""
LinkedIn
Twitter
