Skip to content
This repository has been archived by the owner on Jul 26, 2022. It is now read-only.

RST_STREAM exception every 24 hours for gcpSecretsManager externalsecrets #768

Closed
MPV opened this issue Jun 3, 2021 · 4 comments
Closed

RST_STREAM exception every 24 hours for gcpSecretsManager externalsecrets #768

MPV opened this issue Jun 3, 2021 · 4 comments
Labels
bug Something isn't working gcp Stale

Comments

@MPV
Copy link

MPV commented Jun 3, 2021

Starting this week, we have started getting these kinds of errors for secrets with the gcpSecretsManager backendType:

$ kubectl -n kubernetes-external-secrets logs -l app.kubernetes.io/name=kubernetes-external-secrets | grep "my-secret" | jq -r
{
  "level": 50,
  "message_time": "2021-06-03T12:06:23.731Z",
  "pid": 20,
  "hostname": "kubernetes-external-secrets-6cbb86d747-fntjz",
  "payload": {
    "code": 4,
    "details": "Deadline exceeded",
    "metadata": {
      "internalRepr": {},
      "options": {}
    },
    "note": "Exception occurred in retry method that was not classified as transient"
  },
  "msg": "failure while polling the secret my-namespace/my-secret"
}
{
  "level": 50,
  "message_time": "2021-06-03T12:07:33.745Z",
  "pid": 20,
  "hostname": "kubernetes-external-secrets-6cbb86d747-fntjz",
  "payload": {
    "code": 4,
    "details": "Deadline exceeded",
    "metadata": {
      "internalRepr": {},
      "options": {}
    },
    "note": "Exception occurred in retry method that was not classified as transient"
  },
  "msg": "failure while polling the secret my-namespace/my-secret"
}
{
  "level": 50,
  "message_time": "2021-06-03T12:08:17.442Z",
  "pid": 20,
  "hostname": "kubernetes-external-secrets-6cbb86d747-fntjz",
  "payload": {
    "code": 13,
    "details": "Received RST_STREAM with code 2 triggered by internal client error: read ETIMEDOUT",
    "metadata": {
      "internalRepr": {},
      "options": {}
    },
    "note": "Exception occurred in retry method that was not classified as transient"
  },
  "msg": "failure while polling the secret my-namespace/my-secret"
}

...for an ExternalSecret of this type:

apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: my-secret
  namespace: my-namespace
spec:
  backendType: gcpSecretsManager
  data:
  - key: my-secret-in-gcp
    name: service-account.json
  projectId: my-project
@MPV
Copy link
Author

MPV commented Jun 3, 2021

(on version 7.2.1)

@moolen moolen added gcp bug Something isn't working labels Jun 14, 2021
@moolen
Copy link
Member

moolen commented Jun 14, 2021

hmm, seems like multiple users reporting issues with google grpc services here: googleapis/nodejs-datastore#679.
tho, i'm not sure if this is related.

@github-actions
Copy link

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

@github-actions github-actions bot added the Stale label Sep 13, 2021
@github-actions
Copy link

This issue was closed because it has been stalled for 30 days with no activity.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working gcp Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MPV @moolen