This message was deleted.
# neuvector-securitya
adamant-kite-43734
09/03/2024, 10:03 AMThis message was deleted.
h
hundreds-evening-84071
09/03/2024, 11:02 AMkubernetes distribution and version?
what are the resources on the cluster?
For neuvector: how many controller and scanner replicas?
c
cool-restaurant-66394
09/03/2024, 11:41 AMDistribution: GKE
Version: Client Version: v1.30.3 Server Version: v1.29.6-gke.1326000
I do not know what you mean by resources, and there are 3 controllers and 105 enforcers in neuvector
q
quaint-candle-18606
09/03/2024, 7:13 PMI think @hundreds-evening-84071 was asking about available resources in the cluster itself. It might help to know how many rules neuvector is trying. to handle, images in the registry, etc. Are the Controllers running out of RAM? Something else? Where is the “no healthy upstream” message coming from?
c
cool-restaurant-66394
09/04/2024, 7:29 AMThe thing is that most of the time i can not even access the dashboard, trying to log in results in getting back to the logging screen with either a no healthy upstream message, a session has expired message or upstream connect error or disconnect/reset before headers. reset reason: connection termination message
p
powerful-librarian-10572
09/04/2024, 8:22 AMYou need to be more specific, are the workload healthy? Also neuvector is a ressource hog in my experience, do you have enough ressources ?
c
cool-restaurant-66394
09/04/2024, 8:27 AMIt should have enough, it is production environment
p
powerful-librarian-10572
09/04/2024, 8:28 AMYeah i've seen production environments with 150% ram allocation lmao thats not saying anything
c
cool-restaurant-66394
09/04/2024, 8:28 AMHow can I check it? I am not the one managing the cloud environment, just the one in charge of security
p
powerful-librarian-10572
09/04/2024, 8:29 AMWell check if the workloads are healthy
powerful-librarian-10572
09/04/2024, 8:30 AMif an OOM reaper keeps sowing, you won't get much productivity out of your pods lmao
c
cool-restaurant-66394
09/04/2024, 8:31 AMThey are all running without restarts, none have an error
p
powerful-librarian-10572
09/04/2024, 8:32 AMAll marked healthy?
c
cool-restaurant-66394
09/10/2024, 11:22 AMYes, they are all healthy
i
important-activity-72202
09/17/2024, 7:08 AMJust my 2 cent: I would temporarily give the pod with the UI more resources (requested CPU and MEM), i.e. the manager pod. Then, at least, you should be able to see the UI. It could of course also be a problem with your networking. Try to access the UI using port-forwarding.
➕ 1
c
cool-restaurant-66394
09/17/2024, 8:01 AMThe problem seems to be in our load balancer, as if we access it via port forward it goes smoothly, but when trying to access through the web, we get 503 errors and it is unusable
i
important-activity-72202
09/17/2024, 8:23 AMI would open a ticket with google. They have quite good support people and the support doesn't cost much
important-activity-72202
09/17/2024, 8:24 AMLikely, you hit some limit which then needs to be adapted to your load/usage