November 09, 2023 01:30 UTC
|
WARN
|
less than a minute
|
Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
|
See more
Start Time
November 09, 2023 01:30 UTC
|
Type
WARN
|
Affected Components
Europe (regions) - Cloud Run
Asia Pacific (regions) - Cloud Run
Europe (regions) - Google App Engine
Asia Pacific (regions) - Google App Engine
Europe (regions) - Google Cloud Functions
Asia Pacific (regions) - Google Cloud Functions
Europe (regions) - Secret Manager
Asia Pacific (regions) - Secret Manager
europe-west1 - Cloud Run
europe-west1 - Google App Engine
europe-west1 - Google Cloud Functions
australia-southeast1 - Cloud Run
australia-southeast1 - Google App Engine
australia-southeast1 - Google Cloud Functions
australia-southeast1 - Secret Manager
europe-west1 - Secret Manager
|
Message
Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
|
Details
Summary: Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
Description: There is no impact to cluster functionality or performance. The only impact is extra logs in Cloud Logging.
gke-metadata-server is a GKE-managed system workload that is part of the GKE Workload Identity feature. Versions 0.4.272 to 0.4.280 of gke-metadata-server contain an incorrect configuration that results in a high rate of debug logs that contain the string "Unable to sync sandbox". These logs are then ingested into Cloud Logging, consuming Cloud Logging ingestion quota, and causing excess billable usage when exceeding the free monthly allotment.
A rollout containing a fix to no longer ingest the excess logs to Cloud Logging is about 25% complete.
We will provide an update by Friday, 2023-11-10 14:00 US/Pacific.
Diagnosis: Customers can determine whether their cluster is impacted by inspecting the gke-metadata-server daemonset with kubectl get daemonset -n kube-system -l k8s-app=gke-metadata-server -o yaml and looking at the components.gke.io/component-version annotation in .spec.template.metadata.annotations. If the value is a version between 0.4.272 and 0.4.280 (inclusive), then the cluster is currently affected.
Workaround:
- Customers using GKE Rapid Channel can upgrade their cluster control plane to 1.28.2-gke.1157000 and above, or 1.27.7-gke.1038000 and above.
- Customers on GKE Regular Channel, GKE Stable Channel, or who are not using release channels do not have a workaround at this time.
|
|
November 09, 2023 01:30 UTC
|
WARN
|
ongoing
|
Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
|
See more
Start Time
November 09, 2023 01:30 UTC
|
Type
WARN
|
Affected Components
Europe (regions) - Cloud Run
Asia Pacific (regions) - Cloud Run
Europe (regions) - Google App Engine
Asia Pacific (regions) - Google App Engine
Europe (regions) - Google Cloud Functions
Asia Pacific (regions) - Google Cloud Functions
Europe (regions) - Secret Manager
Asia Pacific (regions) - Secret Manager
europe-west1 - Cloud Run
europe-west1 - Google App Engine
europe-west1 - Google Cloud Functions
australia-southeast1 - Cloud Run
australia-southeast1 - Google App Engine
australia-southeast1 - Google Cloud Functions
australia-southeast1 - Secret Manager
europe-west1 - Secret Manager
|
Message
Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
|
Details
Summary: Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
Description: There is no impact to cluster functionality or performance. The only impact is extra logs in Cloud Logging.
gke-metadata-server is a GKE-managed system workload that is part of the GKE Workload Identity feature. Versions 0.4.272 to 0.4.280 of gke-metadata-server contain an incorrect configuration that results in a high rate of debug logs that contain the string "Unable to sync sandbox". These logs are then ingested into Cloud Logging, consuming Cloud Logging ingestion quota, and causing excess billable usage when exceeding the free monthly allotment.
A rollout containing a fix to no longer ingest the excess logs to Cloud Logging is about 25% complete.
We will provide an update by Friday, 2023-11-10 14:00 US/Pacific.
Diagnosis: Customers can determine whether their cluster is impacted by inspecting the gke-metadata-server daemonset with kubectl get daemonset -n kube-system -l k8s-app=gke-metadata-server -o yaml and looking at the components.gke.io/component-version annotation in .spec.template.metadata.annotations. If the value is a version between 0.4.272 and 0.4.280 (inclusive), then the cluster is currently affected.
Workaround:
- Customers using GKE Rapid Channel can upgrade their cluster control plane to 1.28.2-gke.1157000 and above, or 1.27.7-gke.1038000 and above.
- Customers on GKE Regular Channel, GKE Stable Channel, or who are not using release channels do not have a workaround at this time.
|
|
November 08, 2023 23:55 UTC
|
WARN
|
less than a minute
|
Customer experiencing a requests to Secret Manager timeout for App Engine and Cloud Run. and Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
|
See more
Start Time
November 08, 2023 23:55 UTC
|
Type
WARN
|
Affected Components
Europe (regions) - Cloud Run
Asia Pacific (regions) - Cloud Run
Europe (regions) - Google App Engine
Asia Pacific (regions) - Google App Engine
Europe (regions) - Google Cloud Functions
Asia Pacific (regions) - Google Cloud Functions
Europe (regions) - Secret Manager
Asia Pacific (regions) - Secret Manager
europe-west1 - Cloud Run
europe-west1 - Google App Engine
europe-west1 - Google Cloud Functions
australia-southeast1 - Cloud Run
australia-southeast1 - Google App Engine
australia-southeast1 - Secret Manager
australia-southeast1 - Google Cloud Functions
europe-west1 - Secret Manager
|
Message
Customer experiencing a requests to Secret Manager timeout for App Engine and Cloud Run. and Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
|
Details
Summary: Customer experiencing a requests to Secret Manager timeout for App Engine and Cloud Run.
Description: Mitigation work is currently underway by our engineering team.
We do not have an ETA for mitigation at this point.
We will provide more information by Wednesday, 2023-11-08 16:40 US/Pacific.
Diagnosis: Requests to Secret Manager might time out for App Engine and Cloud Run customers.
Workaround: Some customers reported that removing the secret manager calls and "hard coded" the secrets is a workaround.
Summary: Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
Description: There is no impact to cluster functionality or performance. The only impact is extra logs in Cloud Logging.
gke-metadata-server is a GKE-managed system workload that is part of the GKE Workload Identity feature. Versions 0.4.272 to 0.4.280 of gke-metadata-server contain an incorrect configuration that results in a high rate of debug logs that contain the string "Unable to sync sandbox". These logs are then ingested into Cloud Logging, consuming Cloud Logging ingestion quota, and causing excess billable usage when exceeding the free monthly allotment.
A rollout containing a fix to no longer ingest the excess logs to Cloud Logging is about 25% complete.
We will provide an update by Friday, 2023-11-10 14:00 US/Pacific.
Diagnosis: Customers can determine whether their cluster is impacted by inspecting the gke-metadata-server daemonset with kubectl get daemonset -n kube-system -l k8s-app=gke-metadata-server -o yaml and looking at the components.gke.io/component-version annotation in .spec.template.metadata.annotations. If the value is a version between 0.4.272 and 0.4.280 (inclusive), then the cluster is currently affected.
Workaround:
- Customers using GKE Rapid Channel can upgrade their cluster control plane to 1.28.2-gke.1157000 and above, or 1.27.7-gke.1038000 and above.
- Customers on GKE Regular Channel, GKE Stable Channel, or who are not using release channels do not have a workaround at this time.
|
|
November 08, 2023 23:55 UTC
|
WARN
|
about 2 hours
|
Customer experiencing a requests to Secret Manager timeout for App Engine and Cloud Run. and Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
|
See more
Start Time
November 08, 2023 23:55 UTC
|
Type
WARN
|
Affected Components
Europe (regions) - Cloud Run
Asia Pacific (regions) - Cloud Run
Europe (regions) - Google App Engine
Asia Pacific (regions) - Google App Engine
Europe (regions) - Google Cloud Functions
Asia Pacific (regions) - Google Cloud Functions
Europe (regions) - Secret Manager
Asia Pacific (regions) - Secret Manager
europe-west1 - Cloud Run
europe-west1 - Google App Engine
europe-west1 - Google Cloud Functions
australia-southeast1 - Cloud Run
australia-southeast1 - Google App Engine
australia-southeast1 - Secret Manager
australia-southeast1 - Google Cloud Functions
europe-west1 - Secret Manager
|
Message
Customer experiencing a requests to Secret Manager timeout for App Engine and Cloud Run. and Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
|
Details
Summary: Customer experiencing a requests to Secret Manager timeout for App Engine and Cloud Run.
Description: Mitigation work is currently underway by our engineering team.
We do not have an ETA for mitigation at this point.
We will provide more information by Wednesday, 2023-11-08 16:40 US/Pacific.
Diagnosis: Requests to Secret Manager might time out for App Engine and Cloud Run customers.
Workaround: Some customers reported that removing the secret manager calls and "hard coded" the secrets is a workaround.
Summary: Google Kubernetes Engine customers with Workload Identity enabled may see high application logging rate
Description: There is no impact to cluster functionality or performance. The only impact is extra logs in Cloud Logging.
gke-metadata-server is a GKE-managed system workload that is part of the GKE Workload Identity feature. Versions 0.4.272 to 0.4.280 of gke-metadata-server contain an incorrect configuration that results in a high rate of debug logs that contain the string "Unable to sync sandbox". These logs are then ingested into Cloud Logging, consuming Cloud Logging ingestion quota, and causing excess billable usage when exceeding the free monthly allotment.
A rollout containing a fix to no longer ingest the excess logs to Cloud Logging is about 25% complete.
We will provide an update by Friday, 2023-11-10 14:00 US/Pacific.
Diagnosis: Customers can determine whether their cluster is impacted by inspecting the gke-metadata-server daemonset with kubectl get daemonset -n kube-system -l k8s-app=gke-metadata-server -o yaml and looking at the components.gke.io/component-version annotation in .spec.template.metadata.annotations. If the value is a version between 0.4.272 and 0.4.280 (inclusive), then the cluster is currently affected.
Workaround:
- Customers using GKE Rapid Channel can upgrade their cluster control plane to 1.28.2-gke.1157000 and above, or 1.27.7-gke.1038000 and above.
- Customers on GKE Regular Channel, GKE Stable Channel, or who are not using release channels do not have a workaround at this time.
|
|
August 08, 2023 15:15 UTC
|
WARN
|
less than a minute
|
Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results.
|
See more
Start Time
August 08, 2023 15:15 UTC
|
Type
WARN
|
Affected Components
Americas (regions) - Google App Engine
Asia Pacific (regions) - Google App Engine
Americas (regions) - Google Cloud Functions
Asia Pacific (regions) - Google Cloud Functions
us-west3 - Google App Engine
us-west4 - Google App Engine
us-west3 - Google Cloud Functions
us-west4 - Google Cloud Functions
asia-east1 - Google App Engine
asia-east1 - Google Cloud Functions
|
Message
Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results.
|
Details
Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results.
Description: As communicated previously, we have segmented our repair of this incident into two phases:
a) Stopping erroneous enrichments (Completed on 2 August 2023)
b) Repairing historically impacted events that used these erroneous enrichments. (Revised ETA - 18 August 2023)
We will provide an update by Friday, 2023-08-18 10:30 US/Pacific with current details.
Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect.
Workaround: None at this time.
|
|
2024-04-11 05:52:59 UTC UTC
|
STATUS
|
? minutes
|
Sign in to view more status history.
|
See more
|
2024-04-11 05:52:59 UTC UTC
|
STATUS
|
? minutes
|
Sign in to view more status history.
|
See more
|
2024-04-11 05:52:59 UTC UTC
|
STATUS
|
? minutes
|
Sign in to view more status history.
|
See more
|
2024-04-11 05:52:59 UTC UTC
|
STATUS
|
? minutes
|
Sign in to view more status history.
|
See more
|
2024-04-11 05:52:59 UTC UTC
|
STATUS
|
? minutes
|
Sign in to view more status history.
|
See more
|