Kubernetes 401 unauthorized

AdminStuff · June 20, 2022, 9:04am

CMK version: 2.1 Enterprise
OS version: Ubuntu 20.04

Error message:
[special_kube] Agent exited with code 1: 401, Reason: Unauthorized, Message: UnauthorizedCRIT, execution time 1.2 sec

Hi, I’ve been trying to set up kubernetes in the new checkmk 2.1. I’ve watched the tutorial and gone through the documentation. I’ve set it up accordingly but I’m stuck on a 401 unauthorized message.

I generated the token like so:
kubectl get secret $(kubectl get serviceaccount checkmk -o=jsonpath=’{.secrets[*].name}’ -n cmk-monitoring) -n cmk-monitoring -o=jsonpath=’{.data.token}’ | base64 --decode

martin.hirschvogel · June 21, 2022, 6:18am

Which Kubernetes version and which flavor (Vanilla, AWS, …) are you using?

For debugging purposes, you could help us a bit by providing some additional information. Please follow Debugging the kubernetes - k8s special agent - Checkmk Knowledge Base - Checkmk Knowledge Base

Follow the steps under Debugging K8s special agent

We just need the --debug flag set with the special agent call. This might show why the 401 was raised (e.g. insufficient permissions)

AdminStuff · June 23, 2022, 11:44am

Hi, thank you for the response.
I managed to get it running. I think the issue was the token and the Kubernetes version.

None of my deployments, namespaces are showing in the dashboard though ?

I also have a lot of these:

AdminStuff · June 24, 2022, 12:24pm

This seems to be the problem

davidwayne · June 24, 2022, 3:41pm

You can ignore these messages. The CRIT message on Check_MK is not related to this message. If it is still CRIT, then your problem is something else.

AdminStuff · June 27, 2022, 8:17am

Yes it is still critical.

martin.hirschvogel · June 27, 2022, 9:55am

I have never seen one of those
Can you provide a little more context, e.g. a screenshot of the hosts (incl. hostnames) of the hosts where this happens? e.g.

Does this happen for all your Kubernetes piggyback hosts?

AdminStuff · June 27, 2022, 9:59am

Hi,
Yes, everything you showed in the screenshot is showing up red on mine. Namespaces, pods, deployments etc.
E.g:

martin.hirschvogel · June 27, 2022, 5:12pm

What I can see from here:
The Check_MK service has in the summary an [agent] part and a [piggyback] part. For the Kubernetes monitoring, an agent part is not necessary as all data comes via [piggyback].

In your DCD, you need to configure it like this:

→ So that the agent part is not done anymore as then “Monitoring agents Checkmk agent / API integration” is set to none.

AdminStuff · June 28, 2022, 10:59am

Oh thank you. I did not see that part in the documentation. It works now!

system · June 28, 2023, 10:59am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.