sts-sponsors team mailing list archive
-
sts-sponsors team
-
Mailing list archive
-
Message #02599
[Bug 1913583] Re: [plugin][k8s] Canonical Distribution of Kubernetes fixes
I tested the package available in focal-proposed, and it could capture
correctly information that before the patch couldn't, for example:
Before the patch:
root@juju-867473-k8s-4:~# cat sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_namespaces.1
Error from server (Forbidden): namespaces is forbidden: User "system:kube-proxy" cannot list resource "namespaces" in API group "" at the cluster scope
versus
After the patch:
root@juju-867473-k8s-4:~# cat sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/kubectl_--kubeconfig_.root.cdk.cdk_addons_kubectl_config_get_namespaces.1
NAME STATUS AGE
default Active 26h
ingress-nginx-kubernetes-worker Active 26h
kube-node-lease Active 26h
kube-public Active 26h
kube-system Active 26h
kubernetes-dashboard Active 26h
Evidence:
root@juju-867473-k8s-4:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
root@juju-867473-k8s-4:~# apt policy sosreport
sosreport:
Installed: 4.0-1~ubuntu0.20.04.3
Candidate: 4.0-1~ubuntu0.20.04.3
Version table:
*** 4.0-1~ubuntu0.20.04.3 500
500 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
100 /var/lib/dpkg/status
3.9-1ubuntu2 500
500 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 Packages
root@juju-867473-k8s-4:~# sosreport -o kubernetes
Please note the 'sosreport' command has been deprecated in favor of the new 'sos' command, E.G. 'sos report'.
Redirecting to 'sos report -o kubernetes'
sosreport (version 4.0)
This command will collect system configuration and diagnostic
information from this Ubuntu system.
For more information on Canonical visit:
https://www.ubuntu.com/
The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.
No changes will be made to system configuration.
Press ENTER to continue, or CTRL-C to quit.
Please enter the case id that you are generating this report for []:
Setting up archive ...
Setting up plugins ...
Running plugins. Please wait ...
Starting 1/1 kubernetes [Running: kubernetes]
Finished running plugins
Creating compressed archive...
Your sosreport has been generated and saved in:
/tmp/sosreport-juju-867473-k8s-4-2021-02-19-uskifug.tar.xz
Size 2.75MiB
Owner root
md5 402d7a949075fe9a06aca191413d7406
Please send this file to your support representative.
root@juju-867473-k8s-4:~# tar xJf /tmp/sosreport-juju-867473-k8s-4-2021-02-19-uskifug.tar.xz
root@juju-867473-k8s-4:~# find sosreport-*/ -type d -name kubernetes -exec grep -H -i forbidden {} \;
grep: sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes: Is a directory
root@juju-867473-k8s-4:~# find sosreport-*/ -type d -name kubernetes -exec grep -r -H -i forbidden {} \;
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/limitranges/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_--all-namespaces_true_limitranges:Error from server (Forbidden): limitranges is forbidden: User "system:kube-proxy" cannot list resource "limitranges" in API group "" at the cluster scope
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/nodes/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_describe_node_juju-867473-k8s-6:Lease: Failed to get lease: leases.coordination.k8s.io "juju-867473-k8s-6" is forbidden: User "system:kube-proxy" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-node-lease"
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/nodes/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_describe_node_juju-867473-k8s-5:Lease: Failed to get lease: leases.coordination.k8s.io "juju-867473-k8s-5" is forbidden: User "system:kube-proxy" cannot get resource "leases" in API group "coordination.k8s.io" in the namespace "kube-node-lease"
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/ingresses/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_--all-namespaces_true_ingresses:Error from server (Forbidden): ingresses.networking.k8s.io is forbidden: User "system:kube-proxy" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/pvc/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_--all-namespaces_true_pvc:Error from server (Forbidden): persistentvolumeclaims is forbidden: User "system:kube-proxy" cannot list resource "persistentvolumeclaims" in API group "" at the cluster scope
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 15:17:27 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 15:17:27.712751 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 15:17:27 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 15:17:27.732629 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 15:17:27 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 15:17:27.745465 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 16:23:57 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 16:23:57.083942 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 16:23:57 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 16:23:57.119272 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 16:23:57 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 16:23:57.135644 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:21:51 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:21:51.529073 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:21:51 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:21:51.674501 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:21:51 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:21:51.756449 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:24:43 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:24:43.683518 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:24:44 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:24:44.688829 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:24:46 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:24:46.356782 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:25:40 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:25:40.257914 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:25:41 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:25:41.139082 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:25:42 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:25:42.457639 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:29:01 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:29:01.535403 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:29:04 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:29:04.703540 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:29:05 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:29:05.156994 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:08 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:08.897088 55200 authorization.go:73] Forbidden: "/api/v1/namespaces?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:48 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:48.305779 55200 authorization.go:73] Forbidden: "/api/v1/namespaces?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_namespaces.1:Error from server (Forbidden): namespaces is forbidden: User "system:kube-proxy" cannot list resource "namespaces" in API group "" at the cluster scope
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/pods/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_--all-namespaces_true_pods:Error from server (Forbidden): pods is forbidden: User "system:kube-proxy" cannot list resource "pods" in API group "" at the cluster scope
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/deployments/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_--all-namespaces_true_deployments:Error from server (Forbidden): deployments.apps is forbidden: User "system:kube-proxy" cannot list resource "deployments" in API group "apps" at the cluster scope
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_namespaces:Error from server (Forbidden): namespaces is forbidden: User "system:kube-proxy" cannot list resource "namespaces" in API group "" at the cluster scope
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_--raw_.metrics:Error from server (Forbidden): forbidden: User "system:kube-proxy" cannot get path "/metrics"
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/rc/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_--all-namespaces_true_rc:Error from server (Forbidden): replicationcontrollers is forbidden: User "system:kube-proxy" cannot list resource "replicationcontrollers" in API group "" at the cluster scope
sosreport-juju-867473-k8s-4-2021-02-19-uskifug/sos_commands/kubernetes/resourcequotas/kubectl_--kubeconfig_.root.cdk.kubeproxyconfig_get_--all-namespaces_true_resourcequotas:Error from server (Forbidden): resourcequotas is forbidden: User "system:kube-proxy" cannot list resource "resourcequotas" in API group "" at the cluster scope
root@juju-867473-k8s-4:~#
root@juju-867473-k8s-4:~# vim /etc/apt/sources.list
root@juju-867473-k8s-4:~# apt-get update -qq
root@juju-867473-k8s-4:~# apt policy sosreport
sosreport:
Installed: 4.0-1~ubuntu0.20.04.3
Candidate: 4.0-1~ubuntu0.20.04.4
Version table:
4.0-1~ubuntu0.20.04.4 500
500 http://nova.clouds.archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
*** 4.0-1~ubuntu0.20.04.3 500
500 http://nova.clouds.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
100 /var/lib/dpkg/status
3.9-1ubuntu2 500
500 http://nova.clouds.archive.ubuntu.com/ubuntu focal/main amd64 Packages
root@juju-867473-k8s-4:~# apt-get -q install sosreport
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be upgraded:
sosreport
1 upgraded, 0 newly installed, 0 to remove and 20 not upgraded.
Need to get 237 kB of archives.
After this operation, 4096 B of additional disk space will be used.
Get:1 http://nova.clouds.archive.ubuntu.com/ubuntu focal-proposed/main amd64 sosreport amd64 4.0-1~ubuntu0.20.04.4 [237 kB]
Fetched 237 kB in 0s (9024 kB/s)
(Reading database ... 70113 files and directories currently installed.)
Preparing to unpack .../sosreport_4.0-1~ubuntu0.20.04.4_amd64.deb ...
Unpacking sosreport (4.0-1~ubuntu0.20.04.4) over (4.0-1~ubuntu0.20.04.3) ...
Setting up sosreport (4.0-1~ubuntu0.20.04.4) ...
Processing triggers for man-db (2.9.1-1) ...
root@juju-867473-k8s-4:~# sosreport -o kubernetes
Please note the 'sosreport' command has been deprecated in favor of the new 'sos' command, E.G. 'sos report'.
Redirecting to 'sos report -o kubernetes'
sosreport (version 4.0)
This command will collect system configuration and diagnostic
information from this Ubuntu system.
For more information on Canonical visit:
https://www.ubuntu.com/
The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.
No changes will be made to system configuration.
Press ENTER to continue, or CTRL-C to quit.
Please enter the case id that you are generating this report for []:
Setting up archive ...
Setting up plugins ...
Running plugins. Please wait ...
Starting 1/1 kubernetes [Running: kubernetes]
Finished running plugins
Creating compressed archive...
Your sosreport has been generated and saved in:
/tmp/sosreport-juju-867473-k8s-4-2021-02-19-snotach.tar.xz
Size 2.88MiB
Owner root
md5 4a516bba4ea4bcbcc0bda5099dc6c316
Please send this file to your support representative.
root@juju-867473-k8s-4:~# tar xJf /tmp/sosreport-juju-867473-k8s-4-2021-02-19-snotach.tar.xz
root@juju-867473-k8s-4:~# grep -r -H -i forbidden sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 15:17:27 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 15:17:27.712751 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 15:17:27 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 15:17:27.732629 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 15:17:27 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 15:17:27.745465 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 16:23:57 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 16:23:57.083942 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 16:23:57 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 16:23:57.119272 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 16:23:57 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 16:23:57.135644 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:21:51 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:21:51.529073 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:21:51 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:21:51.674501 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:21:51 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:21:51.756449 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:24:43 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:24:43.683518 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:24:44 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:24:44.688829 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:24:46 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:24:46.356782 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:25:40 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:25:40.257914 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:25:41 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:25:41.139082 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:25:42 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:25:42.457639 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:29:01 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:29:01.535403 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:29:04 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:29:04.703540 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 17:29:05 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 17:29:05.156994 55200 authorization.go:73] Forbidden: "/apis/authentication.k8s.io/v1/tokenreviews", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:08 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:08.897088 55200 authorization.go:73] Forbidden: "/api/v1/namespaces?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:48 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:48.305779 55200 authorization.go:73] Forbidden: "/api/v1/namespaces?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:52 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:52.794996 55200 authorization.go:73] Forbidden: "/api/v1/namespaces?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:54 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:54.527861 55200 authorization.go:73] Forbidden: "/api/v1/pods?fieldSelector=spec.nodeName%3Djuju-867473-k8s-5%2Cstatus.phase%21%3DFailed%2Cstatus.phase%21%3DSucceeded", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:54 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:54.530951 55200 authorization.go:73] Forbidden: "/api/v1/events?fieldSelector=involvedObject.name%3Djuju-867473-k8s-5%2CinvolvedObject.namespace%3D%2CinvolvedObject.kind%3DNode%2CinvolvedObject.uid%3Djuju-867473-k8s-5", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:54 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:54.537372 55200 authorization.go:73] Forbidden: "/apis/coordination.k8s.io/v1/namespaces/kube-node-lease/leases/juju-867473-k8s-5", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:54 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:54.722082 55200 authorization.go:73] Forbidden: "/api/v1/pods?fieldSelector=spec.nodeName%3Djuju-867473-k8s-6%2Cstatus.phase%21%3DFailed%2Cstatus.phase%21%3DSucceeded", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:54 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:54.724059 55200 authorization.go:73] Forbidden: "/api/v1/events?fieldSelector=involvedObject.name%3Djuju-867473-k8s-6%2CinvolvedObject.namespace%3D%2CinvolvedObject.kind%3DNode%2CinvolvedObject.uid%3Djuju-867473-k8s-6", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:54 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:54.731414 55200 authorization.go:73] Forbidden: "/apis/coordination.k8s.io/v1/namespaces/kube-node-lease/leases/juju-867473-k8s-6", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:54 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:54.838208 55200 authorization.go:73] Forbidden: "/metrics", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:54 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:54.957541 55200 authorization.go:73] Forbidden: "/apis/apps/v1/deployments?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:55 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:55.081885 55200 authorization.go:73] Forbidden: "/apis/networking.k8s.io/v1/ingresses?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:55 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:55.207310 55200 authorization.go:73] Forbidden: "/api/v1/limitranges?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:55 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:55.327233 55200 authorization.go:73] Forbidden: "/api/v1/pods?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:56 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:56.203305 55200 authorization.go:73] Forbidden: "/api/v1/persistentvolumeclaims?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:56 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:56.316649 55200 authorization.go:73] Forbidden: "/api/v1/replicationcontrollers?limit=500", Reason: ""
sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/journalctl_--no-pager_--unit_snap.kube-apiserver.daemon:Feb 19 18:00:56 juju-867473-k8s-4 kube-apiserver.daemon[55200]: I0219 18:00:56.442316 55200 authorization.go:73] Forbidden: "/api/v1/resourcequotas?limit=500", Reason: ""
root@juju-867473-k8s-4:~#
root@juju-867473-k8s-4:~# cat sosreport-juju-867473-k8s-4-2021-02-19-snotach/sos_commands/kubernetes/ingresses/kubectl_--kubeconfig_.root.cdk.cdk_addons_kubectl_config_get_--all-namespaces_true_ingresses
No resources found
--
You received this bug notification because you are a member of STS
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1913583
Title:
[plugin][k8s] Canonical Distribution of Kubernetes fixes
Status in sosreport package in Ubuntu:
Fix Released
Status in sosreport source package in Bionic:
New
Status in sosreport source package in Focal:
Fix Committed
Status in sosreport source package in Groovy:
Fix Committed
Status in sosreport source package in Hirsute:
Fix Released
Bug description:
[Impact]
Running sosreport in a CDK deployed environment won't collect as much
information as the plugin could, this is because the kubectl calls are
using the wrong paths for the kubeconfig files, this prevents from
having more detailed sosreports on the state of the cluster which
leads to a back and forth running extra commands to collect the rest
of the data.
[Test Case]
* Deploy CDK: juju deploy charmed-kubernetes # https://ubuntu.com/kubernetes/docs/quickstart
* ssh into the kubernetes-master/0
* Run sosreport
Expected result:
The sosreport contains a 'kubernetes' directory where all the commands
executed successfully
Actual result:
The sosreport contains a 'kubernetes' directory where some of the
commands contain "Forbidden" errors.
find sosreport-*/ -type d -name kubernetes -exec grep -H -i forbidden
{} \;
[Where problems could occur]
Any issues with this SRU should show themselves as failures in the
execution of the kubernetes plugin and that can be verified in the
sos.log file.
[Other Info]
Upstream:
https://github.com/sosreport/sos/pull/2387
https://github.com/sosreport/sos/pull/2387/commits
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1913583/+subscriptions
References
