https://live.paloaltonetworks.com/t5/cn-series-discussions/kubernetes-plugin-monitoring-definition-bug/m-p/587760#M27 <P>Took me long, but now i think i found strange behavior of the Kubernetes plugin - monitoring definition and especially matching criteria in the dynamic address groups.</P> <P>TL/DR - having service in the kubernetes cluster, which does not have assigned ports - breaks the polling and watcher</P> <P>&nbsp;</P> <P>Starting point was : working cn series as well the possibility to use the data from monitoring definition - both: to create dynamic groups and to use them in policy. Suddenly after while the monitoring definition processes (polling and watcher) stopped function (stuck in initializing state). Long story short - discovered in the kubernetes plugin logs the following suspicious lines</P> <LI-CODE lang="markup">2024-05-23 13:21:39.868 +0300 ERROR: k8s-ret: skipping service, no port information found 'NoneType' object is not iterable 2024-05-23 13:21:39.869 +0300 ERROR: k8s-ret: skipping service, no port information found 'NoneType' object is not iterable </LI-CODE> <P>&nbsp;</P> <P>Looking at my kubernetes cluster - there were two distinct from the other services - without ports (PORT(S) column)</P> <LI-CODE lang="markup">NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE longhorn-system longhorn-engine-manager ClusterIP None &lt;none&gt; &lt;none&gt; 87d longhorn-system longhorn-replica-manager ClusterIP None &lt;none&gt; &lt;none&gt; 87d </LI-CODE> <P>&nbsp;</P> <P>Next - i just add some ports definition to them - as i want to see if that will make any difference to the panorama monitoring definition processes. And it does - the processes started in normal state (connected) <BR /><BR /></P> <LI-CODE lang="markup">2024-05-23 13:24:20.327 +0300 DEBUG: k8s-ret: &lt;labkube&gt; Successfully retrieved Service information.</LI-CODE> <P>&nbsp;</P> <P>Still not sure for the root cause of this behavior, probably can be bug. As having services without ports seems just ok for me. <BR />Hope that, this behavior is reproducible elsewhere and will be addressed?</P> Thu, 23 May 2024 10:52:30 GMT YLesev 2024-05-23T10:52:30Z https://live.paloaltonetworks.com/t5/cn-series-discussions/kubernetes-plugin-monitoring-definition-bug/m-p/587760#M27 <P>Took me long, but now i think i found strange behavior of the Kubernetes plugin - monitoring definition and especially matching criteria in the dynamic address groups.</P> <P>TL/DR - having service in the kubernetes cluster, which does not have assigned ports - breaks the polling and watcher</P> <P>&nbsp;</P> <P>Starting point was : working cn series as well the possibility to use the data from monitoring definition - both: to create dynamic groups and to use them in policy. Suddenly after while the monitoring definition processes (polling and watcher) stopped function (stuck in initializing state). Long story short - discovered in the kubernetes plugin logs the following suspicious lines</P> <LI-CODE lang="markup">2024-05-23 13:21:39.868 +0300 ERROR: k8s-ret: skipping service, no port information found 'NoneType' object is not iterable 2024-05-23 13:21:39.869 +0300 ERROR: k8s-ret: skipping service, no port information found 'NoneType' object is not iterable </LI-CODE> <P>&nbsp;</P> <P>Looking at my kubernetes cluster - there were two distinct from the other services - without ports (PORT(S) column)</P> <LI-CODE lang="markup">NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE longhorn-system longhorn-engine-manager ClusterIP None &lt;none&gt; &lt;none&gt; 87d longhorn-system longhorn-replica-manager ClusterIP None &lt;none&gt; &lt;none&gt; 87d </LI-CODE> <P>&nbsp;</P> <P>Next - i just add some ports definition to them - as i want to see if that will make any difference to the panorama monitoring definition processes. And it does - the processes started in normal state (connected) <BR /><BR /></P> <LI-CODE lang="markup">2024-05-23 13:24:20.327 +0300 DEBUG: k8s-ret: &lt;labkube&gt; Successfully retrieved Service information.</LI-CODE> <P>&nbsp;</P> <P>Still not sure for the root cause of this behavior, probably can be bug. As having services without ports seems just ok for me. <BR />Hope that, this behavior is reproducible elsewhere and will be addressed?</P> Thu, 23 May 2024 10:52:30 GMT https://live.paloaltonetworks.com/t5/cn-series-discussions/kubernetes-plugin-monitoring-definition-bug/m-p/587760#M27 YLesev 2024-05-23T10:52:30Z https://live.paloaltonetworks.com/t5/cn-series-discussions/kubernetes-plugin-monitoring-definition-bug/m-p/588277#M30 <P>Hi <SPAN style="background: var(--ck-color-mention-background); color: var(--ck-color-mention-text);"><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/373715045">@YLesev</a></SPAN> ,</P> <P>&nbsp;</P> <P>Thanks for sharing your findings. I would recommend reaching out to support to share what you have.&nbsp;</P> Wed, 29 May 2024 15:36:35 GMT https://live.paloaltonetworks.com/t5/cn-series-discussions/kubernetes-plugin-monitoring-definition-bug/m-p/588277#M30 JayGolf 2024-05-29T15:36:35Z