search

osinfra-io / google-cloud-kubernetes

Infrastructure as Code (IaC) example for Google Cloud Platform Kubernetes resources.
https://www.osinfra.io
GNU General Public License v2.0
1 stars 0 forks source link

Error logs #110

Open brettcurtis opened 1 month ago

brettcurtis commented 1 month ago

compute.google.apis

The Ingress controller performs periodic checks of service account permissions by fetching a test resource from your Google Cloud project. You will see this as a GET of the (non-existent) global BackendService with the name k8s-ingress-svc-acct-permission-check-probe. As this resource should not normally exist, the GET request will return "not found". This is expected; the controller is checking that the API call is not rejected due to authorization issues. If you create a BackendService with the same name, then the GET will succeed instead of returning "not found". - https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#implementation_details

The resource 'projects/plt-k8s-tf39-sb/global/backendServices/k8s-ingress-svc-acct-permission-check-probe' was not found
Required 'compute.firewalls.get' permission for 'projects/plt-lz-networking-tfd8-sb/global/firewalls/gke-services-us-east4-a-009ac074-mcsd

trafficdirector.googleapis.com

{
  "protoPayload": {
    "@type": "type.googleapis.com/google.cloud.audit.AuditLog",
    "status": {
      "code": 5,
      "message": "Requested entity was not found."
    },
    "authenticationInfo": {
      "serviceAccountDelegationInfo": [
        {}
      ],
      "principalSubject": "serviceAccount:plt-k8s-tf39-sb.svc.id.goog[gke-mcs/gke-mcs-importer]"
    },
    "requestMetadata": {
      "callerIp": "gce-internal-ip",
      "callerSuppliedUserAgent": "grpc-go/1.45.0,gzip(gfe)",
      "requestAttributes": {
        "time": "2024-08-25T13:45:48.789544899Z",
        "auth": {}
      },
      "destinationAttributes": {}
    },
    "serviceName": "trafficdirector.googleapis.com",
    "methodName": "envoy.service.discovery.v3.AggregatedDiscoveryService.StreamAggregatedResources",
    "authorizationInfo": [
      {
        "resource": "projects/362793201562/networks/standard-shared/nodes/gke-services-us-east1-b-default-pool-10931f69-q7ks-primary",
        "permission": "trafficdirector.networks.getConfigs",
        "granted": true,
        "resourceAttributes": {},
        "permissionType": "DATA_READ"
      }
    ],
    "resourceName": "projects/362793201562/networks/standard-shared/nodes/gke-services-us-east1-b-default-pool-10931f69-q7ks-primary",
    "request": {
      "@type": "type.googleapis.com/envoy.service.discovery.v3.DiscoveryRequest"
    }
  },
  "insertId": "14t40fvd3mc1",
  "resource": {
    "type": "audited_resource",
    "labels": {
      "service": "trafficdirector.googleapis.com",
      "method": "envoy.service.discovery.v3.AggregatedDiscoveryService.StreamAggregatedResources",
      "project_id": "plt-k8s-tf39-sb"
    }
  },
  "timestamp": "2024-08-25T13:45:48.780022149Z",
  "severity": "ERROR",
  "logName": "projects/plt-k8s-tf39-sb/logs/cloudaudit.googleapis.com%2Fdata_access",
  "receiveTimestamp": "2024-08-25T13:45:49.376918080Z"
}