==================================================================================================== ========================================= Pod describe ========================================= ==================================================================================================== Name: am-685d4f4864-th27z Namespace: xlou Priority: 0 Node: gke-xlou-cdm-default-pool-4f098948-tbmx/10.142.0.69 Start Time: Fri, 07 Apr 2023 21:26:22 +0000 Labels: app=am app.kubernetes.io/component=am app.kubernetes.io/instance=am app.kubernetes.io/name=am app.kubernetes.io/part-of=forgerock pod-template-hash=685d4f4864 tier=middle Annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: true Status: Running IP: 10.106.43.16 IPs: IP: 10.106.43.16 Controlled By: ReplicaSet/am-685d4f4864 Init Containers: fbc-init: Container ID: containerd://947e1d4e4f5f44887d56e818b0a8bb0d421ad19d953c3feb50023a1ba2c4112c Image: gcr.io/engineeringpit/lodestar-images/am:xlou Image ID: gcr.io/engineeringpit/lodestar-images/am@sha256:fae86102dd8374e78ac5d98db56845fe98742e7aebebd5445a81ba84bfa5eed5 Port: Host Port: Command: /bin/bash -c if [ -d /fbc/config ]; then echo "Existing openam configuration found. Skipping copy" else echo "Copying docker image configuration files to the shared volume" cd /home/forgerock/openam cp -r .homeVersion * /fbc fi State: Terminated Reason: Completed Exit Code: 0 Started: Fri, 07 Apr 2023 21:26:23 +0000 Finished: Fri, 07 Apr 2023 21:26:23 +0000 Ready: True Restart Count: 0 Environment: Mounts: /fbc from fbc (rw) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-bqcj9 (ro) truststore-init: Container ID: containerd://aa2ce73ac468cbb33967d51adf2505acefdd7652f06a64b18b616a4a49ee7564 Image: gcr.io/engineeringpit/lodestar-images/am:xlou Image ID: gcr.io/engineeringpit/lodestar-images/am@sha256:fae86102dd8374e78ac5d98db56845fe98742e7aebebd5445a81ba84bfa5eed5 Port: Host Port: Command: /home/forgerock/import-pem-certs.sh State: Terminated Reason: Completed Exit Code: 0 Started: Fri, 07 Apr 2023 21:26:23 +0000 Finished: Fri, 07 Apr 2023 21:26:23 +0000 Ready: True Restart Count: 0 Environment: TRUSTSTORE_PATH: /truststore/amtruststore TRUSTSTORE_PASSWORD: changeit AM_PEM_TRUSTSTORE: /var/run/secrets/truststore/cacerts Mounts: /truststore from new-truststore (rw) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-bqcj9 (ro) /var/run/secrets/truststore from truststore (rw) Containers: openam: Container ID: containerd://a391d2f3669a86a7c9a899f6ae68f6f04070f7e71ba2ae3ffe8bb1f32a20fc80 Image: gcr.io/engineeringpit/lodestar-images/am:xlou Image ID: gcr.io/engineeringpit/lodestar-images/am@sha256:fae86102dd8374e78ac5d98db56845fe98742e7aebebd5445a81ba84bfa5eed5 Port: 8080/TCP Host Port: 0/TCP Command: bash /home/forgerock/docker-entrypoint.sh State: Running Started: Fri, 07 Apr 2023 21:26:24 +0000 Ready: True Restart Count: 0 Limits: memory: 10Gi Requests: cpu: 11 memory: 10Gi Liveness: http-get http://:8080/am/json/health/live delay=30s timeout=5s period=30s #success=1 #failure=3 Readiness: http-get http://:8080/am/json/health/ready delay=20s timeout=5s period=10s #success=1 #failure=3 Startup: http-get http://:8080/am/json/health/live delay=0s timeout=1s period=10s #success=1 #failure=40 Environment Variables from: am-env-secrets Secret Optional: false platform-config ConfigMap Optional: false amster-env-secrets Secret Optional: false ds-env-secrets Secret Optional: false Environment: NAMESPACE: xlou (v1:metadata.namespace) AM_STORES_SSL_ENABLED: true TRUSTSTORE_PATH: /home/forgerock/amtruststore TRUSTSTORE_PASSWORD: changeit AM_STORES_USER_TYPE: LDAPv3ForForgeRockIAM Mounts: /home/forgerock/amtruststore from new-truststore (ro,path="amtruststore") /home/forgerock/openam from fbc (rw) /var/run/secrets/am from am-secrets (rw) /var/run/secrets/amster from amster-key (rw) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-bqcj9 (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: fbc: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: am-secrets: Type: Projected (a volume that contains injected data from multiple sources) SecretName: am-passwords SecretOptionalName: SecretName: am-keystore SecretOptionalName: amster-key: Type: Secret (a volume populated by a Secret) SecretName: amster Optional: false truststore: Type: Secret (a volume populated by a Secret) SecretName: truststore-pem Optional: false new-truststore: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: kube-api-access-bqcj9: Type: Projected (a volume that contains injected data from multiple sources) TokenExpirationSeconds: 3607 ConfigMapName: kube-root-ca.crt ConfigMapOptional: DownwardAPI: true QoS Class: Burstable Node-Selectors: Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s node.kubernetes.io/unreachable:NoExecute op=Exists for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 47m default-scheduler Successfully assigned xlou/am-685d4f4864-th27z to gke-xlou-cdm-default-pool-4f098948-tbmx Normal Pulling 47m kubelet Pulling image "gcr.io/engineeringpit/lodestar-images/am:xlou" Normal Pulled 47m kubelet Successfully pulled image "gcr.io/engineeringpit/lodestar-images/am:xlou" in 208.459021ms Normal Created 47m kubelet Created container fbc-init Normal Started 47m kubelet Started container fbc-init Normal Pulling 47m kubelet Pulling image "gcr.io/engineeringpit/lodestar-images/am:xlou" Normal Pulled 47m kubelet Successfully pulled image "gcr.io/engineeringpit/lodestar-images/am:xlou" in 214.028034ms Normal Created 47m kubelet Created container truststore-init Normal Started 47m kubelet Started container truststore-init Normal Pulling 47m kubelet Pulling image "gcr.io/engineeringpit/lodestar-images/am:xlou" Normal Pulled 47m kubelet Successfully pulled image "gcr.io/engineeringpit/lodestar-images/am:xlou" in 207.946064ms Normal Created 47m kubelet Created container openam Normal Started 47m kubelet Started container openam Warning Unhealthy 47m (x2 over 47m) kubelet Startup probe failed: Get "http://10.106.43.16:8080/am/json/health/live": context deadline exceeded (Client.Timeout exceeded while awaiting headers) ==================================================================================================== =========================================== Pod logs =========================================== ==================================================================================================== Copying docker image configuration files to the shared volume Copying /opt/java/openjdk/lib/security/cacerts to /truststore/amtruststore Found (1) certificates in /var/run/secrets/truststore/cacerts Importing (1) certificates into /truststore/amtruststore Certificate was added to keystore Import complete! 10.106.43.1 - - [07/Apr/2023:22:12:02 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms 10.106.42.23 - - [07/Apr/2023:22:12:08 +0000] "GET /am/json/metrics/prometheus HTTP/1.1" 200 357254 26ms 10.106.43.1 - - [07/Apr/2023:22:12:12 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms 10.106.43.1 - - [07/Apr/2023:22:12:22 +0000] "GET /am/json/health/live HTTP/1.1" 200 - 1ms 10.106.43.1 - - [07/Apr/2023:22:12:22 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms {"timestamp":"2023-04-07T22:12:32.677Z","level":"DEBUG","thread":"http-nio-8081-exec-44","mdc":{"transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506273"},"logger":"org.forgerock.openam.cors.CorsFilter","message":"handling non-CORS request","context":"default"} {"timestamp":"2023-04-07T22:12:32.677Z","level":"DEBUG","thread":"http-nio-8081-exec-44","mdc":{"transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506273"},"logger":"org.forgerock.openam.cors.CorsFilter","message":"handling non-CORS request","context":"default"} {"timestamp":"2023-04-07T22:12:32.681Z","eventName":"AM-LOGIN-MODULE-COMPLETED","transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506273","trackingIds":["197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506276"],"userId":"id=amadmin,ou=user,ou=am-config","principal":["amadmin"],"entries":[{"moduleId":"DataStore","info":{"authControlFlag":"REQUIRED","moduleClass":"DataStore","ipAddress":"10.106.42.10","authLevel":"0"}}],"result":"SUCCESSFUL","realm":"/","component":"Authentication","source":"audit","topic":"authentication","level":"INFO","_eventId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506278"} {"timestamp":"2023-04-07T22:12:32.684Z","eventName":"AM-SESSION-CREATED","transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506273","trackingIds":["197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506276"],"userId":"id=amadmin,ou=user,ou=am-config","runAs":"id=amadmin,ou=user,ou=am-config","objectId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506276","operation":"CREATE","realm":"/","component":"Session","source":"audit","topic":"activity","level":"INFO","_eventId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506281"} {"timestamp":"2023-04-07T22:12:32.685Z","eventName":"AM-LOGIN-COMPLETED","transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506273","trackingIds":["197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506276"],"userId":"id=amadmin,ou=user,ou=am-config","principal":["amadmin"],"entries":[{"moduleId":"DataStore","info":{"ipAddress":"10.106.42.10","authLevel":"0"}}],"result":"SUCCESSFUL","realm":"/","component":"Authentication","source":"audit","topic":"authentication","level":"INFO","_eventId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506283"} {"timestamp":"2023-04-07T22:12:32.685Z","eventName":"AM-ACCESS-OUTCOME","transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506273","trackingIds":["197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506276"],"userId":"id=amadmin,ou=user,ou=am-config","client":{"ip":"10.106.42.10","port":34106},"http":{"request":{"secure":true,"method":"POST","path":"https://xlou.iam.xlou-cdm.engineeringpit.com/am/json/authenticate","headers":{"accept":["*/*"],"accept-api-version":["protocol=1.0,resource=2.0"],"content-type":["application/json"],"host":["xlou.iam.xlou-cdm.engineeringpit.com"],"user-agent":["python-requests/2.28.2"],"x-forwarded-for":["35.212.145.225"],"x-forwarded-host":["xlou.iam.xlou-cdm.engineeringpit.com"],"x-forwarded-port":["443"],"x-forwarded-proto":["https"],"x-real-ip":["35.212.145.225"],"x-request-id":["d880e3cfe39d86582af578fd633fa23c"],"x-scheme":["https"]}}},"response":{"status":"SUCCESSFUL","statusCode":"200","elapsedTime":8,"elapsedTimeUnits":"MILLISECONDS"},"realm":"/","component":"Authentication","source":"audit","topic":"access","level":"INFO","_eventId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506285"} {"timestamp":"2023-04-07T22:12:32.895Z","level":"DEBUG","thread":"http-nio-8081-exec-19","mdc":{"transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506289"},"logger":"org.forgerock.openam.cors.CorsFilter","message":"handling non-CORS request","context":"default"} {"timestamp":"2023-04-07T22:12:32.895Z","level":"DEBUG","thread":"http-nio-8081-exec-19","mdc":{"transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506289"},"logger":"org.forgerock.openam.cors.CorsFilter","message":"handling non-CORS request","context":"default"} {"timestamp":"2023-04-07T22:12:32.897Z","eventName":"AM-ACCESS-OUTCOME","transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506289","trackingIds":["197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506276"],"userId":"id=amadmin,ou=user,ou=am-config","client":{"ip":"10.106.42.10","port":34106},"server":{"ip":"10.106.43.16","port":8081},"http":{"request":{"secure":true,"method":"GET","path":"https://xlou.iam.xlou-cdm.engineeringpit.com/am/json/serverinfo/version","headers":{"accept":["*/*"],"accept-api-version":["protocol=2.1"],"host":["xlou.iam.xlou-cdm.engineeringpit.com"],"user-agent":["python-requests/2.28.2"],"x-forwarded-for":["35.212.145.225"],"x-forwarded-host":["xlou.iam.xlou-cdm.engineeringpit.com"],"x-forwarded-port":["443"],"x-forwarded-proto":["https"],"x-real-ip":["35.212.145.225"],"x-request-id":["ad5a61a8123334f3d420a20062b20616"],"x-scheme":["https"]}}},"request":{"protocol":"CREST","operation":"READ"},"response":{"status":"SUCCESSFUL","statusCode":"","elapsedTime":2,"elapsedTimeUnits":"MILLISECONDS","detail":{"revision":"-560502796"}},"realm":"/","component":"Server Info","source":"audit","topic":"access","level":"INFO","_eventId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9506293"} 10.106.42.10 - - [07/Apr/2023:22:12:32 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 1ms 10.106.42.10 - - [07/Apr/2023:22:12:32 +0000] "POST /am/json/authenticate?realm=/ HTTP/1.1" 200 167 8ms 10.106.43.1 - - [07/Apr/2023:22:12:32 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 1ms 10.106.42.10 - - [07/Apr/2023:22:12:32 +0000] "GET /am/json/serverinfo/version HTTP/1.1" 200 275 4ms 10.106.42.23 - - [07/Apr/2023:22:12:38 +0000] "GET /am/json/metrics/prometheus HTTP/1.1" 200 357268 26ms 10.106.43.1 - - [07/Apr/2023:22:12:42 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms 10.106.43.1 - - [07/Apr/2023:22:12:52 +0000] "GET /am/json/health/live HTTP/1.1" 200 - 1ms 10.106.43.1 - - [07/Apr/2023:22:12:52 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 1ms {"timestamp":"2023-04-07T22:13:02.442Z","level":"WARN","thread":"OpenDJ LDAP SDK Client Worker(28)","mdc":{"transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9505702"},"logger":"com.sun.identity.idm.IdRepoListener","message":"objectChanged called with an empty name","context":"default"} {"timestamp":"2023-04-07T22:13:03.291Z","level":"WARN","thread":"OpenDJ LDAP SDK Client Worker(28)","mdc":{"transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9505702"},"logger":"com.sun.identity.idm.IdRepoListener","message":"objectChanged called with an empty name","context":"default"} 10.106.43.1 - - [07/Apr/2023:22:13:02 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms 10.106.42.23 - - [07/Apr/2023:22:13:08 +0000] "GET /am/json/metrics/prometheus HTTP/1.1" 200 357271 25ms {"timestamp":"2023-04-07T22:13:18.996Z","level":"WARN","thread":"OpenDJ LDAP SDK Client Worker(28)","mdc":{"transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9505702"},"logger":"com.sun.identity.idm.IdRepoListener","message":"objectChanged called with an empty name","context":"default"} {"timestamp":"2023-04-07T22:13:19.291Z","level":"WARN","thread":"OpenDJ LDAP SDK Client Worker(28)","mdc":{"transactionId":"197c0faf-2036-4f6d-a68c-23d1b42e04f8-9505702"},"logger":"com.sun.identity.idm.IdRepoListener","message":"objectChanged called with an empty name","context":"default"} 10.106.43.1 - - [07/Apr/2023:22:13:12 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 1ms 10.106.43.1 - - [07/Apr/2023:22:13:22 +0000] "GET /am/json/health/live HTTP/1.1" 200 - 2ms 10.106.43.1 - - [07/Apr/2023:22:13:22 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms 10.106.43.1 - - [07/Apr/2023:22:13:32 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms 10.106.42.23 - - [07/Apr/2023:22:13:38 +0000] "GET /am/json/metrics/prometheus HTTP/1.1" 200 357279 26ms 10.106.43.1 - - [07/Apr/2023:22:13:42 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms 10.106.43.1 - - [07/Apr/2023:22:13:52 +0000] "GET /am/json/health/live HTTP/1.1" 200 - 2ms 10.106.43.1 - - [07/Apr/2023:22:13:52 +0000] "GET /am/json/health/ready HTTP/1.1" 200 - 2ms