gke/WARN/2023_002

GKE workload timeout to Compute Engine metadata server.

Product: Google Kubernetes Engine
Rule class: WARN - Something that is possibly wrong

Description

If the workload uses a Google Authentication library, the default timeout for requests to the Compute Engine Metadata server might be too aggressive.

Failed requests may return something like ‘DefaultCredentialsError’.

Remediation

Check if you are possibly using a Google Authentication library and the requests to the metadata server are timing out. If so, try increasing the default timeout.

Further information

For google-auth-library-python, it’s possible to set the environment variable GCE_METADATA_TIMEOUT to increase the default timeout of 3 seconds.

Read more about Workload Identity troubleshooting