Troubleshoot UCT-C Issues

■

For analyzing the issues, log into the UCT-C Controller /UCT-C TAP pod using the following command and verify the logs present in pod-data folder.

kubectl -it exec <<pod name>> -n <<namespace>> -- bash

■

GigaVUE-FM to UCT-C Controller Connectivity Issues - When UCT-C Controller connectivity is unreachable, verify whether 503 Service Temporarily Unavailable error messages are observed in GigaVUE-FM's vmm.log (refer to the log messages below). If the error messages are available, check and update the UCT-C Controller service name or port number (as shown in the nginx.yaml) used in the ingress resource.

nginx.yaml

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

annotations:

 kubernetes.io/ingress.allow-http: "false"

 kubernetes.io/ingress.class: nginx-uct

 nginx.ingress.kubernetes.io/backend-protocol: HTTPS

 nginx.ingress.kubernetes.io/configuration-snippet: proxy_set_header Authorization

 $http_authorization;

 nginx.ingress.kubernetes.io/rewrite-target: /

 nginx.ingress.kubernetes.io/secure-backends: "true"

 nginx.ingress.kubernetes.io/ssl-passthrough: "true"

name: uct-cntlr-ingress

namespace: uct

spec:

 rules:

  - http:

     paths:

       - backend:

           service:

             name: gigamon-uctc-cntlr-service

              port:

                number: 8443

path: /

pathType: ImplementationSpecific

Log-Snippet

Copy

2024-08-16 08:00:35,527 INFO [uctcControllerConnectivity-585] UctcControllerRestClientImpl - isAlive : connectivitUrl GET: https://<ExternalIP>:<ExternalPort>/api/v1.3/controller
2024-08-16 08:00:35,527 INFO [uctcControllerConnectivity-585] UctcRestClientBase - REQUEST GET https://<ExternalIP>:<ExternalPort>/api/v1.3/controller null
2024-08-16 08:00:36,566 INFO [uctcControllerConnectivity-585] UctcRestTemplateResponseErrorHandler - $$$ UCT-C 5XX Rest Error 503 Service Temporarily Unavailable
2024-08-16 08:00:36,566 ERROR [uctcControllerConnectivity-585] UctcRestClientBase - Request GET https://<ExternalIP>:<ExternalPort>/api/v1.3/controller UctcRestException:: com.gigamon.cloud.uctc.rest.client.UctcRestException: UCTC SERVER 
ERROR:: 503 SERVICE_UNAVAILABLE Service Temporarily Unavailable

■

UCT-C Controller not discovered by GigaVUE‑FM - When the UCT-C Controller is not discovered by GigaVUE-FM, check whether the Kubernetes cluster URL is updated properly in the yaml file.

■

UCT-C TAP not discovered by GigaVUE-FM- When UCT-C tap is not discovered by GigaVUE‑FM, verify whether the namespace in uctc-tap yaml file (as shown in the following uctc-tap.yaml) is same as that of UCT-C Controller yaml file.

uct-tap.yaml

# Value need to match me	tadata used for gcb-cntlr

#  value: "<UCT-CNTLR-SVC-NAME.UCT-CNTLR-NAMESPACE>.svc.cluster.local"

- name: UCTC_CNTLR_SVC_DNS

value: gigamon-uctc-cntlr-service.<<namespace>>.svc.cluster.local  ===> This should be same as that of the namespace in which uctc-controller is deployed.

■

Policy Rules stuck in deploying status for nodes where UCT-C TAP pod is not present - If Policy Source Selection Criteria matches Pods on the node where TAP is not launched, Rule status for those Pods will be 'deploying' until a UCT-C TAP pod gets launched on respective nodes. If Master Nodes in Cluster do not have UCT-C TAP, add nodename in the DefaultExclusion Source Selector.
If you miss adding the node names, the policy rules on pods will be stuck in Undeploying status when you try to undeploy them. It is recommended that you delete the policy.

Policy Deployment Error Code

Error Code	Description
Pod doesn't exist.	Pod no longer exists in the cluster.
Number of network interfaces exceed max limit for a pod.	Number of network interfaces exceed max limit for a pod.
Policy not found for the pod.	Policy would have deleted from UCT-C Tap. Redeploy the policy.
Policy exceeds max limit for a pod.	Each Pod can have up to 8 polices.
Rule does not exist.	Rule does not exist in the UCT-C Tap. Redeploy the policy.
Duplicate Rule Exists for Policy.	When a new rule is pushed to TAP for a Pod which already has an identical rule (same Policy, same rule name, same filter and same tunnel). Remove duplicate filter and redeploy the policy.
Duplicate Rule Filter for pod.	Same filter is applied to a Pod from different rules (different policy name or rule name). Remove duplicate filter and redeploy the policy.
Rule exceeds max limit for a pod.	Each Pod interface can have up to 32 rules in each direction (ingress / egress).
Container doesn't exist.	TAP failed retrieving container info by container id.
Policy deployment not allowed for Hostnet pods with cgroupv1 .	Policy deployment not allowed for Hostnet pods with cgroupv1. cgroup v2 is required on the worker node to support the Host Network Enabled feature.