Enable Optional Metrics Server #176
Comments
|
Thinking longer term this feels like something we may want to implement an overall process/package for that does these things, not that said package would live IN uds-core. We are looking at/thinking about ways to be able to enable or disable a component in a package getting included into a bundle, but nothing exists today (optional components doesnt really fit the use case. FSYA Rob created an issue for that here to at least start the discussion on what that could look like. We were primarily thinking of the metrics server scenario when talking about it. I know it was mentioned in a thread that you figured out a way to get past the limitation of metrics server being available, but would probably be useful to identify which addons/eks things you are using and if they are consistently used. Feel free to if any of these are wrong or if something's missing (im sure im forgetting something):
|
Thanks @zachariahmiller vpc-cni, kube-proxy & coredns deploy by default (part of core EKS). We dropped calico right after this feature droppped because netpols enforcement can be done natively via a vpc-cni flag. EKS Add-Ons used today:
EKS Add-Ons we're exploring:
|
|
There was a good/long conversation in Slack about this issue and how to resolve. The tentative position I would like to take is that we provide metrics-server always with uds-core. This means that you would have to disable the distro-provided (or addon) one that you may already be installing so that there aren't any conflicts. Ideally this means less for your deployment to maintain (i.e. Ironbank images, updates to the chart, etc), but won't remove any flexibility since you will still have access to all the helm overrides as needed. The one part that I would want to confirm - will this cause any issues deploying other things due to dependencies? My understanding is that anything using metrics typically has a soft dependency on it - something like an autoscaler/hpa would deploy successfully but not be "functional" until metrics-server is deployed. I would be curious to hear perspective on whether this is acceptable or problematic at all. Ultimately just hoping to reduce friction and hopefully reduce maintenance burden on your deploy side. By leveraging uds-core's metrics-server you would get:
Ideally these are all pros, so looking for any help understanding the cons here. |
|
One con I could see is adoption to certain environments with Would there be a way to make it optional but default to |
|
Yeah @zack-is-cool that's definitely a scenario that would be annoying. Hope is that the most likely 2 environments are EKS and RKE2. EKS doesn't provide metrics-server out of the box, and RKE2 makes it easy to disable so hopefully that's a quick solve. Optional metrics-server is a path we could look at, but I don't think it makes sense to handle entirely at the zarf/uds-core layer and would likely rely on something like defenseunicorns/uds-cli#426 to allow someone to deselect a component. I think where I'm sort of landing is maybe we should switch metrics-server from |
|
Agreed @mjnagel. I spoke with @UncleGedd earlier on implementing the referenced uds issue with this case in mind and I think once that is implemented and metrics has been switched to |
## Description Switches metrics-server from required to default to support deselecting it when you want to use a k8s distro default metrics-server. ## Related Issue Related to #176 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed
|
Going to have to take a step back here temporarily - |
|
Blocked by zarf-dev/zarf#2320 / the refactor to optionality in zarf. |
## Description Switches metrics-server from required to default to support deselecting it when you want to use a k8s distro default metrics-server. ## Related Issue Related to defenseunicorns/uds-core#176 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed
|
I believe at this point we should be able to switch to The linked uds-cli issue would still be necessary to provide this at the bundle layer, but this would complete everything we need to resolve on our side. |
|
@drewhagen just a heads up this might be a bit in the air pending some CLI discussions on how they handle those changes. Might be worth moving this a blocked state pending decision there. |
|
@mjnagel Sounds good. Switching to blocked. |
|
I think defenseunicorns/uds-cli#426 and defenseunicorns/uds-cli#757 are the most relevant here. Per some discussions with @UncleGedd last week the likely path forward is that uds-cli will have more intelligence/logic specifically around handling of uds-core. |
|
@drewhagen pivoting a bit here based on thinking this through and chatting with the team. Most k8s distros that we validate testing on provide metrics-server by default (ex: rke2, k3s, etc) or are quite common addons (ex: eks). New path forward would be making metrics-server an optional component, not deployed by default:
|
BREAKING CHANGE: metric server is no longer required and is optional. To enable it, add it to the optionalComponents key on the core package Release-As: 0.25.0 ## Description Since many of our supported Kubernetes distros (rke2, k3d, eks) often come with metrics-server or have an add-on, we make this change to optionally enable it at the uds-core layer. ## Related Issue Relates to [uds-core#176](#176) ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ x ] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed Co-authored-by: Micah Nagel <[email protected]>
|
Linking a small docs update to close this out fully - although the primary change has already happened in code. |
## Description Updates docs to reference override for TLS version + reflect metrics server being optional now. ## Related Issue Related to #599 Fixes #176 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md) followed
Is your feature request related to a problem? Please describe.
As an AWS EKS / UDS Core user, I would like to deploy all my EKS add-ons in a single package via zarf prior to installing UDS Core. Some EKS add-ons depend on metrics server to exist.
Describe the solution you'd like
Describe alternatives you've considered
1.) Split the EKS Add-Ons into two zarf packages and deploy them on either side of UDS Core (in a bundle) to account for race conditions.
2.) Deploy all EKS Add-Ons prior to UDS Core (in a bundle) and let the austoscaler & node termination handler pods that depend on metrics server dangle until the metrics server is deployed with UDS Core
Additional context
OpenShift has a non-optional metrics server but I'm not aware of other distros or deployments that may benefit from this.
The text was updated successfully, but these errors were encountered: