search

spiffe / spiffe-helper

The SPIFFE Helper is a tool that can be used to retrieve and manage SVIDs on behalf of a workload
Apache License 2.0
47 stars 41 forks source link

UNIX socket connection refused #221

Open keeganwitt opened 6 days ago

keeganwitt commented 6 days ago

We are running into an error I haven't been able to diagnose as of yet. The helper will get into a state where it's unable to connect to the UNIX socket, and continues to do so until the pod is restarted (then it goes healthy again even on the same node). I've yet to identify any pattern to this.

Error while dialing: dial unix /run/spire/agent/socket: connect: connection refused\"" system=spiffe-helper
time="2024-11-23T08:29:33Z" level=error msg="Unable to update JWT SVID: rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: dial unix /run/spire/agent/socket: connect: connection refused\"" system=spiffe-helper
keeganwitt commented 6 days ago

115 might be a potential short-term fix for this, as a liveness probe could cause a container restart when it gets into this state.