Troubleshoot Sourcegraph with Kubernetes
If Sourcegraph with Kubernetes does not start up or shows unexpected behavior, there are a variety of ways you can determine the root cause of the failure.
See our operations guide for more useful commands and operations.
Common errors
Error: Error from server (Forbidden): error when creating "base/frontend/sourcegraph-frontend.Role.yaml": "sourcegraph-frontend" is forbidden: attempt to grant extra privileges.
The account you are using to apply the Kubernetes configuration doesn't have sufficient permissions to create roles, which can be resolved by creating a cluster-admin role for your user with the following command:
$ kubectl create clusterrolebinding cluster-admin-binding \ --clusterrole cluster-admin \ --user $YOUR_EMAIL --namespace $YOUR_NAMESPACE
Failed to provision volume with StorageClass "sourcegraph"
"kubectl get pv" shows no Persistent Volumes, and/or "kubectl get events" shows a Make sure a storage class named "sourcegraph" exists in your cluster within the same zone.
$ kubectl get storageclass sourcegraph -o=yaml \ --namespace $YOUR_NAMESPACE
Error: error retrieving RESTMappings to prune: invalid resource, Kind=Ingress, Namespaced=true: no matches for kind "Ingress" in version "".
Run kubectl version
to verify the Client Version matches the Server Version.
Run kubectl get ingresses -A
to check if there is more than one ingress for sourcegraph-frontend
. You can delete the duplicate with kubectl delete ingress sourcegraph-frontend --namespace $YOUR_NAMESPACE
Error: error when creating "base/cadvisor/cadvisor.ClusterRoleBinding.yaml": subjects[0].namespace: Required value
Add namespace: default
to the base/cadvisor/cadvisor.ClusterRoleBinding.yaml file under subjects
Multiple pods are stuck in Pending.
Lack of resources could be a contributing factor. Dump current cluster state and look for error messages. Below is an example of a message that indicates the cluster is currently under provisioned.
# dump.txt "Reason": "FailedScheduling", "Message": "0/3 nodes are available: 1 Insufficient memory, 3 Insufficient cpu.",
ImagePullBackOff / 429 Too Many Requests Errors.
This indicates the instance is getting rate-limited by Docker Hub(link), where our images are stored, as unauthenticated users are limited to 100 image pulls within a 6 hour period. Possible solutions included:
- Create a Docker Hub account with a higher rate limit
- Configure an
K8S object with your Docker Hub service that contains your docker credentials (link to tutorial) - Add these credentials to the default service account within the same namespace as your Sourcegraph deployment (link to tutorial)
Alternatively, you can wait until the rate limits are reset.
[OPTIONAL] You can also upgrade your account to a Docker Pro or Team subscription with higher rate-limits. (See Docker Hub for more information).
Irrelevant cAdvisor metrics are causing strange alerts and performance issues.
This is most likely due to cAdvisor picking up other metrics from the cluster. A workaround is available: Filtering cAdvisor metrics.
I don't see any metrics on my Grafana Dashboard.
Missing metrics indicate Sourcegraph is having issues connecting to the Kubernetes API. For instance, running a Sourcegraph instance as non-privileged prevents services from picking up metrics through the Kubernetes API. One of the potential solutions is to grant Prometheus and cAdvisor root access.
Which metrics are using the most resources?
- Access the UI for Prometheus temporarily with port-forward:
$ kubectl port-forward svc/prometheus 9090:30090
- Open http://localhost:9090/ in your browser
$ open http://localhost:9090
- Run
topk(10, count by (__name__)({__name__=~".+"}))
to check the values
You can't access Sourcegraph.
Make sure the namespace of the ingress-controller is ingress-nginx
. See the Troubleshooting ingress-nginx docs for more information.
Healthcheck failing with Strconv.Atoi: parsing "{$portName}": invalid syntax error
This can occur when the Readiness or Liveness probe is referring to a port that is not defined. Please ensure the port name is consistent with upstream. Foe example:
ports: - containerPort: 3188 name: minio ... livenessProbe: httpGet: path: /minio/health/live port: minio #this port name MUST exist in the same spec
Service mesh
Known issues when using a service mesh (e.g. Istio, Linkerd, etc.)
Git command [git rev-parse HEAD] failed (stderr: ""): strconv.Atoi: parsing "": invalid syntax
Error message: 
This error occurs because Envoy, the proxy used by Istio, drops proxied trailers for the requests made over HTTP/1.1 protocol by default. To resolve this issue, enable trailers in your instance following the examples provided for Kubernetes and Kubernetes with Helm.
Symbols sidebar and hovers are not working

In a service mesh like Istio, communication between services is secured using a feature called mutual Transport Layer Security (mTLS). mTLS relies on services communicating with each other using DNS names, rather than IP addresses, to identify the specific services or pods that the communication is intended for.
To illustrate this, consider the following examples of communication flows between the "frontend" component and the "symbols" component:
Example 1: Approved Communication Flow
- Frontend sends a request to
- The Envoy sidecar intercepts the request
- Envoy looks up the upstream service using the DNS name "symbols"
- Envoy forwards the request to the symbols component
Example 2: Disapproved Communication Flow
- Frontend sends a request to
- The Envoy sidecar intercepts the request
- Envoy tries to look up the upstream service using the IP address
- Envoy is unable to find the upstream service because it's an IP address not a DNS name
- Envoy will not forward the request to the symbols component
To resolve this issue, the solution is to redeploy the frontend after specifying the service address for symbols by setting the SYMBOLS_URL environment variable in frontend.
Please make sure the old frontend pods are removed.
Squirrel.LocalCodeIntel http status 502

Help request
Still need additional help? Please contact us using one of the methods listed below:
- Twitter @sourcegraph
- Email us at [email protected]
- File issues with our public issue tracker