Home / BeaverDeck / Docs / Configuration Guide / Troubleshooting

Troubleshooting

Permission errors: distinguish application-role denials from Kubernetes API denials. Check the BeaverDeck permission matrix, namespace scope, and ServiceAccount RBAC before changing configuration.

Problem	Likely cause	Check
Pod exits during startup with auth config import failure.	Existing Secret has invalid YAML, missing required fields, bad role references, raw password values, or unsupported schema.	Read pod logs. Fix the Secret, or delete it to start initialization again.
Initialization screen never creates the Secret.	ServiceAccount cannot create/update the configured Secret, or admin username/password validation fails.	Check pod logs and Kubernetes RBAC for Secrets in `CONFIG_SECRET_NAMESPACE`.
Ingress path loads assets or API incorrectly.	`BASE_PATH` and ingress forwarding path do not match.	Use a matching `ingress.path` and ensure the controller forwards the prefix.
Only one namespace is visible.	`ALLOW_ALL_NAMESPACES` is false, or the user's BeaverDeck role limits namespaces.	Check Helm value `allowAllNamespaces` and role permissions.
Metrics are missing in UI or Insights.	metrics-server is unavailable and direct kubelet resource metrics fallback cannot be used, or GPU/DCGM metrics are unavailable.	Open Node Insights or GPU Insights and check the specific metrics finding.
Secret reveal is disabled.	User has Secret view permission but not Secret edit/manage permission.	Grant `secrets: edit` only if decoded Secret access is intended.