Docker watcher should back off on authentication errors #113
Labels
bug
Something isn't working
Team:Elastic-Agent-Control-Plane
Label for the Agent Control Plane team
Team:Elastic-Agent-Data-Plane
Label for the Agent Data Plane team
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the docker watcher will check if the docker socket is accessible by calling the
/infoendpoint, and will then proceed to consume a stream of events from the/eventsendpoint. The latter is restarted every second whenever it ends, no matter the reason.In effect, if the
/eventsendpoint is protected by an authorization plugin, the watcher will continue trying to access it, even if no useful progress can be made, and will continue logging error messages about it. This is far from ideal and should be fixed.The simplest fix would be to check
/eventsat watcher creation, but the call is unfortunately asynchronous and we'd have to take care to wrap the check in a timeout. In general, we should do an exponential backoff on calls to the watch function, as well as actually checking the error it encountered.This was raised as an issue for the
add_docker_metadataprocessor in beats and thedockerprovider in elastic-agent.The text was updated successfully, but these errors were encountered: