blob: 28d70241fc9e94c56de7b2e892e86c83e3945527 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
### Understand the alert
This alert is related to Kubernetes Kubelet token requests. It monitors the number of failed `Token()` requests to an alternate token source. If you receive this alert, it means that your system is experiencing an increased rate of token request failures.
### What does a token request in Kubernetes mean?
In Kubernetes, tokens are used for authentication purposes when making requests to the API server. The Kubelet uses tokens to authenticate itself when it needs to access cluster information or manage resources on the API server.
### Troubleshoot the alert
- Investigate the reason behind the failed token requests
1. Check the Kubelet logs for any error messages or warnings related to the token requests. You can use the following command to view the logs:
```
journalctl -u kubelet
```
Look for any entries related to `Token()` request failures or authentication issues.
2. Verify the alternate token source configuration
Review the Kubelet configuration file, usually located at `/etc/kubernetes/kubelet/config.yaml`. Check the `authentication` and `authorization` sections to ensure all the required settings have been correctly configured.
Make sure that the specified alternate token source is available and working correctly.
3. Check the API server logs
Inspect the logs of the API server to identify any issues that may prevent the Kubelet from successfully requesting tokens. Use the following command to view the logs:
```
kubectl logs -n kube-system kube-apiserver-<YOUR_NODE_NAME>
```
Look for any entries related to authentication, especially if they are connected to the alternate token source.
4. Monitor kubelet_token_requests metric
Keep an eye on the `kubelet_token_requests` metric using the Netdata dashboard or a monitoring system of your choice. If the number of failed requests continues to increase, this might indicate an underlying issue that requires further investigation.
### Useful resources
1. [Understanding Kubernetes authentication](https://kubernetes.io/docs/reference/access-authn-authz/authentication/)
2. [Kubelet configuration reference](https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/)
|
