Troubleshooting
This topic contains troubleshooting steps for various Wayfinder user types:
- Wayfinder administrator
- Workspace administrator
- Workspace member
Unless otherwise noted, any user type can do these steps.
Installing Wayfinderβ
[Wayfinder administrator]
Google Cloud authentication errorβ
If you encounter the following during an installation on GCP:
β Verifying you have correct permissions to Google Cloud
β Successfully verified permissions to Google Cloud API
Error: unable to create cluster provider - Get "https://cloudresourcemanager.googleapis.com/v1/projects?alt=json&prettyPrint=false": oauth2: cannot fetch token: 400 Bad Request
Response: {
"error": "invalid_grant",
"error_description": "Bad Request"
}
Ensure you have logged in using $ gcloud auth application-default login
. This ensures the credentials created via the web flow are stored in
Application Default Credentials (ADC) and facilitates using the CLI to use the SDK with those stored
credentials.
Certificates and cert-managerβ
If you are not using the installation options --api-tls-private-key-pem
and --ui-tls-private-key-pem
, Wayfinder installs and uses cert-manager to provision certificates. Occasionally, cert-manager can fail while requesting a certificate from LetsEncrypt and falls into an exponential backoff:
β Waiting for Cert Manager to successfully retrieve a certificate for API
Error: operation has been cancelled
OR
β Waiting for Cert Manager to successfully retrieve a certificate for UI
Error: operation has been cancelled
If you encounter this issue:
Check the status of the
certificate
resource in thewayfinder
namespace:kubectl -n wayfinder get certificate
Try deleting the certificate request, and then re-run the non-interactive install:
kubectl -n wayfinder delete certificate NAME
wf install --non-interactive
You can access the management cluster to perform the above via:
# Google Cloud
# Name: is the name of the management cluster we gave in the install
# Region: is the region we created the management cluster in
$ gcloud container clusters get-credentials NAME --zone REGION
# Amazon AWS
# Name: is the name of the management cluster we gave in the install
$ aws eks update-kubeconfig --name NAME
# Azure
# Name: is the name of the management cluster we gave in the install
# Region: is the location we placed the management cluster. The resource group created following the format wf-NAME-REGION
$ az aks get-credentials --admin --name NAME --resource-group wf-NAME-REGION
Creating or accessing a clusterβ
No available account when creating a clusterβ
[Wayfinder administrator]
To see an available account when creating a cluster, check that both of the following are true:
- There is at least one organization or shared account created in Wayfinder for this cloud provider.
- The above account(s) have a Stage selected in the account naming rules.
Access forbiddenβ
If you see this message in the UI or CLI while accessing a cluster, any of the following may be the cause:
If this is a multi-tenant cluster where you are a tenant, you can administer your namespace, but you will not be able to access cluster resources.
Make sure you have run the command
wf access
cluster to establish an assumed role as a user on this cluster. You only have to run this once.Check that a live session has been successfully established for your user ID:
wf sessions
Cluster is in an error stateβ
Check the health of your cluster by examining the detailed status of the resource:
wf get cluster βw WORKSPACE-NAME CLUSTER-NAME -o yaml
App deploymentβ
Can't create an ingress resourceβ
If while following the ingress resource generator instructions you don't find the expected tab or link to the generator:
In the UI, navigate to Resources > Clusters, click the name of your cluster, and then click the Capabilities tab to ensure you have nginx-ingress enabled.
Where do I find deployment details for my Kubernetes manifest?β
See Deploy an app into a namespace.
Robotsβ
Can't assign a robot token to a namespaceβ
Wayfinder only has visibility into the infrastructure it manages. Your namespace may exist in Kubernetes but not in Wayfinder.
If thatβs the case, manually create the namespace in Wayfinder to associate it with the cluster. This does not affect the existing namespace, but makes it visible to Wayfinder.
Costsβ
Don't see actual or estimated costβ
[Wayfinder administrator]
Actual costs: To see actual costs of infrastructure for a specific cloud vendor, both of the following must be true:
- There is at least one account with Cost audit enabled for this cloud vendor.
- Actual costs are enabled for this cloud vendor in the UI: Wayfinder settings > Costs > Actual
Estimated costs: To see estimated costs when creating clusters or cluster plans, this must be true:
- There is at least one account with Estimated costs enabled for this cloud vendor.
See account configuration for organization or shared accounts for your cloud vendor.