search

openclarity / apiclarity

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 
https://apiclarity.io
Apache License 2.0
498 stars 64 forks source link

apiclarity-apiclarity pod can not start #364

Closed jpgong closed 9 months ago

jpgong commented 9 months ago

When i installed APIClarity in a K8s cluster using Helm,the apiclarity pod did not start properly.

image

kubectl describe pod,logs as follow: `Name: apiclarity-apiclarity-75f75c6db4-7w4q7 Namespace: apiclarity Priority: 0 Service Account: apiclarity-apiclarity Node: master/XX.XX.XX.XX Start Time: Wed, 20 Sep 2023 11:08:05 +0800 Labels: app=apiclarity-apiclarity pod-template-hash=75f75c6db4 Annotations: sidecar.istio.io/inject: false Status: Pending IP: 10.42.0.177 IPs: IP: 10.42.0.177 Controlled By: ReplicaSet/apiclarity-apiclarity-75f75c6db4 Init Containers: apiclarity-apiclarity-wait-for-db: Container ID: docker://7386e858d32f3e92fe18c606811ea03be57c563efbf76e766d2c71512021aa11 Image: docker.io/bitnami/postgresql:14.4.0-debian-11-r4 Image ID: docker-pullable://bitnami/postgresql@sha256:58744ac056007ba278d80090d41722e30c49b20d85c56653f337e7e0a7b2f312 Port: Host Port: Command: sh -c until pg_isready -h apiclarity-apiclarity-postgresql -p 5432 -U "postgres" -d "dbname=apiclarity"; do echo waiting for database; sleep 2; done; State: Running Started: Wed, 20 Sep 2023 11:08:06 +0800 Ready: False Restart Count: 0 Limits: cpu: 200m memory: 1000Mi Requests: cpu: 100m memory: 200Mi Environment: Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qhqkl (ro) Containers: apiclarity: Container ID: Image: ghcr.io/openclarity/apiclarity:v0.14.5 Image ID: Port: Host Port: Args: run --log-level warning State: Waiting Reason: PodInitializing Ready: False Restart Count: 0 Limits: cpu: 1 memory: 1000Mi Requests: cpu: 100m memory: 200Mi Liveness: http-get http://:8081/healthz/live delay=10s timeout=10s period=30s #success=1 #failure=5 Readiness: http-get http://:8081/healthz/ready delay=0s timeout=10s period=30s #success=1 #failure=5 Environment: POD_NAMESPACE: apiclarity (v1:metadata.namespace) RESPONSE_HEADERS_TO_IGNORE: <set to the key 'response.headers' of config map 'apiclarity-apiclarity-headers-to-ignore-configmap'> Optional: false REQUEST_HEADERS_TO_IGNORE: <set to the key 'request.headers' of config map 'apiclarity-apiclarity-headers-to-ignore-configmap'> Optional: false TRACE_SAMPLING_ENABLED: false BFLA_AUTOMATIC_LEARNING_AND_DETECTION: false DB_NAME: apiclarity DB_HOST: apiclarity-apiclarity-postgresql DB_PORT_NUMBER: 5432 DB_USER: postgres DB_PASS: <set to the key 'postgres-password' in secret 'apiclarity-postgresql-secret'> Optional: false STATE_BACKUP_FILE_NAME: /apiclarity/state.gob FUZZER_JOB_TEMPLATE_CONFIG_MAP_NAME: apiclarity-apiclarity-fuzzer-template FUZZER_DEPLOYMENT_TYPE: configmap Mounts: /apiclarity from apiclarity-apiclarity (rw) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qhqkl (ro) Conditions: Type Status Initialized False Ready False ContainersReady False PodScheduled True Volumes: apiclarity-apiclarity: Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace) ClaimName: apiclarity-apiclarity-pvc ReadOnly: false kube-api-access-qhqkl: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: DownwardAPI: true QoS Class: Burstable Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message

Normal Scheduled 18m default-scheduler Successfully assigned apiclarity/apiclarity-apiclarity-75f75c6db4-7w4q7 to master Normal Pulled 18m kubelet Container image "docker.io/bitnami/postgresql:14.4.0-debian-11-r4" already present on machine Normal Created 18m kubelet Created container apiclarity-apiclarity-wait-for-db Normal Started 18m kubelet Started container apiclarity-apiclarity-wait-for-db ` image

kubectl logs -f apiclarity-apiclarity-75f75c6db4-7w4q7 -n apiclarity, error reported as follows: image

Why is this pod stuck in the initialization state, not to start. Is it because I used the default value file values.yaml and didn't add a traces data source?

jpgong commented 9 months ago

apiclarity-apiclarity-postgresql-0 pod is running, but an error message is displayed by kubectl describe pod, image and image but the space of device is enough.