Loki instances using memcached for caching may emit excessive warning or error logs when the configured`memcached_client` service port name does not match the actual Kubernetes service port. This does not cause a crash or failure, but it results in noisy logs and ineffective caching behavior.
A Kubernetes worker node has entered the **NotReady** state.
Pods that mount NFS volumes and set `securityContext.fsGroup` still have the directory owned by `root\:root`. The kubelet does not chown the share, so non\-root containers fail with \"Permission denied\".
CoreDNS deployment is unavailable or has no ready endpoints, indicating an imminent cluster\-wide DNS outage.
Critical AWS VPC CNI node IP pool depletion detected causing cascading pod scheduling failures.
Detects rewrite error which leads to service unavailability.
Critical NGINX Ingress Controller SSL certificate validation failure detected. This pattern indicates
Critical AWS VPC CNI IP address exhaustion detected. This pattern indicates cascading failures
Detects a critical kubelet panic in the EventedPLEG subsystem under rapid pod launch pressure. When triggered, the node's kubelet crashes, the node becomes NotReady and all resident pods are evicted resulting in a full node\-level outage until manual intervention.
One or more cluster components (kubectl sessions, operators, controllers, CI/CD jobs, etc.) hit the **default client\-side rate\-limiter in client\-go** (QPS = 5, Burst = 10). The client logs messages such as `Waited for <N>s due to client\-side throttling, not priority and fairness` and delays each request until a token is available. Although the API server itself may still have spare capacity, and Priority & Fairness queueing is not the bottleneck, end\-user actions and controllers feel sluggish or appear to “stall”.
Prometheus is failing to scrape and write Envoy metrics from Istio sidecars due to an unexpected EOF error. This occurs when trying to collect metrics from services that don't have proper protocol selection configured in their Kubernetes Service definition
Telepresence 2.5.x versions suffer from a critical TLS handshake error between the mutating webhook and the agent injector.
80% or more of a deployment's replica pods are scheduled on the same Kubernetes node. If this node shuts down or experiences a problem, the service will experience an outage.
The NGINX Ingress Controller rejects an Ingress manifest whose
ArgoCD application controller fails to process certain custom resources due to being unable to find API fields in struct RawExtension. This commonly affects users deploying Datadog Operator CRDs, resulting in application sync errors for these resources.
Kyverno policies with JMESPath expressions are failing due to references to keys that don't exist in the target resources. This happens when policies attempt to access object properties that aren't present in the resources being validated, resulting in \"Unknown key\" errors during policy validation.
Karpenter is unable to provision new nodes because the current Karpenter version is not compatible with Kubernetes version . This incompatibility causes validation errors in the nodeclass controller and prevents pods from being scheduled properly in the cluster.
The aws\-load\-balancer\-controller is unable to translate an Ingress resource into an AWS ALB Listener Rule when the path contains a wildcard (*) and the pathType is set to Prefix.
The ingress\-nginx controller has detected that a service does not have any active endpoints.
The Nginx ingress encountered an error while trying to obtain an X.509 certificate from the Kubernetes secret.
Karpenter is used to automatically provision Kubernetes nodes. NodePools can define a
\- Detects Kubernetes events where Bitnami container images are being pulled from Docker Hub.
\- Detects Kubernetes events where Bitnami container image pulls are failing due to repository deprecation.
\- Detects Kubernetes events where container images are being pulled from the deprecated /bitnami repository on Docker Hub.
\- Detects Kubernetes events where container images are being pulled from the unmaintaing /bitnamilegacy repository on Docker Hub.
\- Detects Kubernetes events where Bitnami Secure container images are being pulled.
\- Detects Kubernetes events where container images are being pulled from the deprecated /bitnami repository on Docker Hub.
\- Detects Kubernetes Deployment resources without CPU requests configured on containers.
\- Detects Kubernetes Deployment resources without CPU limits configured on containers.
\- Detects Kubernetes Deployment resources without memory requests configured on containers.
\- Detects Kubernetes Deployment resources without memory limits configured on containers.
\- Detects Kubernetes Deployment resources without liveness probes configured on containers.
\- Detects Kubernetes Deployment resources without readiness probes configured on containers.