Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

transport: restore default timeout behavior for MDS universe_domain #2399

Closed
quartzmo opened this issue Feb 5, 2024 · 5 comments
Closed

transport: restore default timeout behavior for MDS universe_domain #2399

quartzmo opened this issue Feb 5, 2024 · 5 comments
Assignees
@quartzmo
Labels
type: cleanup An internal cleanup or hygiene concern.

Comments

@quartzmo
Copy link
Member

quartzmo commented Feb 5, 2024

Revert #2393 to restore the previous behavior, per spec, of usages of Credentials.GetUniverseDomain in transport package.

This should be done once the underlying MDS issue causing googleapis/google-cloud-go#9350 and similar is resolved.
@quartzmo quartzmo added the type: cleanup An internal cleanup or hygiene concern. label Feb 5, 2024
@quartzmo quartzmo self-assigned this Feb 5, 2024
@patrickmeiring
Copy link

I am also running the google cloud client libraries on GKE. Because of the requests to /computeMetadata/v1/universe/universe_domain, which do not appear supported by GKE metadata server (see b/325999688), the endpoint is 404ing. This is producing nuisance errors in Cloud Logging.

I don't think there is any functional impact to the app. (We do not even appear to be waiting for the 1s timeout implemented as a mitigation for googleapis/google-cloud-go#9350, because the library correctly treats 404 as a non-retriable error.)

@quartzmo
Copy link
Member Author

@patrickmeiring I think this issue is the wrong place to report that the 404 responses from MDS are a nuisance in Cloud Logging. As you noted, the timeout behavior is (or at least should be) unrelated to the handling of 404 errors.

To determine where to report this issue, can you confirm whether MDS is available at all in your GKE environment? Or is some other form of auth used? I know this sounds obvious, but if MDS is indeed present, then I think the source of the 404 nuisance errors is the lack of support for the universe domain endpoint in MDS in your particular GKE environment.

@patrickmeiring
Copy link

patrickmeiring commented Feb 20, 2024
edited
Loading

MDS = GCE Metadata Server, correct?

I believe in our environment, GKE metadata server (part of GKE Workload Identity feature [1]) is receiving and handling these requests, not the GCE Metadata server. Or not directly, anyway.

I think this issue is the wrong place to report that the 404 responses from MDS are a nuisance in Cloud Logging.

You're right. I actually filed the Buganizer ticket (above: b/325999688) for the 404s for GKE Metadata Server, mostly sharing it here to ensure you had full visibility about how this library is behaving on GKE.

Original issue reporter was on GKE too, but they were getting different behaviour -- possibly because they were not using Workload Identity or other reasons?

[1] https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#using_from_your_code

quartzmo added a commit to quartzmo/google-api-go-client that referenced this issue Mar 21, 2024
@quartzmo
fix(transport): return GDU for all errors from MDS universe_domain
9d58549 
refs: googleapis#2399
@quartzmo quartzmo mentioned this issue Mar 21, 2024
Merged
quartzmo added a commit that referenced this issue Mar 21, 2024
@quartzmo
fix(transport): return GDU for all errors from MDS universe_domain (#…
63b7c0d 
…2484)

refs: #2399
@release-please release-please bot mentioned this issue Mar 21, 2024
Merged
@codyoss
Copy link
Member

codyoss commented Jun 10, 2024

@quartzmo I think we can close this now with the most recent auth changes?

@quartzmo
Copy link
Member Author

Yes, I'll close this now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@quartzmo quartzmo

Labels
type: cleanup An internal cleanup or hygiene concern.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@quartzmo @patrickmeiring @codyoss