search

robusta-dev / kubewatch

Watch k8s events and trigger Handlers
Apache License 2.0
630 stars 87 forks source link

What is “missing_scope” in the logs? #91

Closed robinhalet closed 6 days ago

robinhalet commented 1 week ago

Hello, I've installed Kubewatch via Helm, and, unless I've missed something, I don't see anything problematic in my configuration. However, no webhook is triggered, and I only have this message, "missing_scope" in the logs:

time="2024-11-18T21:56:00Z" level=info msg="Kubewatch controller synced and ready" pkg=kubewatch-Pod time="2024-11-18T21:56:00Z" level=info msg="Kubewatch controller synced and ready" pkg=kubewatch-Deployment time="2024-11-18T21:56:00Z" level=info msg="Kubewatch controller synced and ready" pkg=kubewatch-DaemonSet time="2024-11-18T21:56:00Z" level=info msg="Kubewatch controller synced and ready" pkg=kubewatch-Event time="2024-11-18T21:56:00Z" level=info msg="Processing update to Pod: default/kubewatch-57d5967c64-4tjpm" pkg=kubewatch-Pod time="2024-11-18T21:56:00Z" level=info msg="Processing update to Pod: default/kubewatch-5468d4584f-rlthr" pkg=kubewatch-Pod time="2024-11-18T21:56:00Z" level=info msg="Processing update to Event: default/kubewatch.18092d8dbad81610" pkg=kubewatch-Event time="2024-11-18T21:56:00Z" level=info msg="Processing add to Event: default/kubewatch-5468d4584f.18092ec62fc0c2b3" pkg=kubewatch-Event time="2024-11-18T21:56:00Z" level=info msg="Processing add to Event: default/kubewatch-5468d4584f-rlthr.18092ec63021fb22" pkg=kubewatch-Event time="2024-11-18T21:56:00Z" level=info msg="Processing update to Deployment: default/kubewatch" pkg=kubewatch-Deployment time="2024-11-18T21:56:00Z" level=info msg="Processing update to Deployment: default/kubewatch" pkg=kubewatch-Deployment time="2024-11-18T21:56:00Z" level=info msg="missing_scope\n" time="2024-11-18T21:56:00Z" level=info msg="missing_scope\n" time="2024-11-18T21:56:00Z" level=info msg="missing_scope\n" time="2024-11-18T21:56:00Z" level=info msg="missing_scope\n" time="2024-11-18T21:56:00Z" level=info msg="missing_scope\n"

Would anyone be able to help me understand what's going on?

Here is my configuration:

apiVersion: v1 kind: ConfigMap metadata: name: kubewatch data: .kubewatch.yaml: | namespace: "" handler: slackwebhook: enabled: true channel: "#another-cluster" username: ":robot_face:" emoji: "" slackwebhookurl: "https://hooks.slack.com/services/XX/XX/XX" resource: clusterrole: false configmap: false daemonset: false deployment: true ingress: false job: false namespace: false node: false persistentvolume: false pod: true replicaset: false replicationcontroller: false secret: false serviceaccount: false services: true event: true coreevent: false

The webhook works when I connect to the pod and make a curl request.

arikalon1 commented 1 week ago

Hi @robinhalet

I think the missing_scope is an error message returned from Slack, saying you don't have enough permissions to perform the operation (sending the message)

Is it possible the webhook url is missing some authorization? Maybe it's authorized to send messages to a specific channel only? Maybe it's the username?

This is how it's supposed to work:

  # Example Webhook URL:
  url = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX""
  # Message to Slack
  msg = {
      "channel": "#my-alerts",
      "username": "Webhook_Username",
      "text": "Pod startup failed",
      "icon_emoji": ""
  }
  msg = json.dumps(msg).encode('utf-8')
  resp = http.request('POST',url, body=msg)

does that help?

robinhalet commented 6 days ago

Indeed, a rights issue on the Slack side. Thanks for the help and sorry for the inconvenience with this (silly) error.