-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gateway-api: Expose metric port setting #23104
Conversation
32d6b34
to
8fe79d3
Compare
8fe79d3
to
816ff81
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thank you!
ee9c467
to
83cc64d
Compare
These are hostNetwork ports, which are a somewhat limited resource. Is there a reason the gateway controller uses a separate metrics port despite being in the same process? FWIW the PR looks fine, just curious. |
This is to make sure that users can disable and set port number for Gateway API controller accordingly. Fixes: cilium#23082 Reported-by: Karsten Nielsen <karsten.nielsen@ingka.ikea.com> Signed-off-by: Tam Mach <tam.mach@cilium.io>
@@ -625,6 +625,10 @@ gatewayAPI: | |||
# This will automatically set enable-envoy-config as well. | |||
enabled: false | |||
|
|||
# -- Metrics port for Gateway API controller. | |||
# If set to 0, metrics will be disabled. | |||
metricsPort: 9965 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I think that metricsPort is the better name, all most other components (agent, operator, proxy, relay) use prometheus.port
for the name, e.g. gatewayAPI.prometheus.port
. Something to consider, I don't have strong feelings about this (and there are other agent metrics like Hubble (not relay) which do not use prometheus.port
either).
@@ -217,6 +217,7 @@ data: | |||
enable-envoy-config: "true" | |||
enable-gateway-api-secrets-sync: {{ .Values.gatewayAPI.secretsNamespace.sync | quote }} | |||
gateway-api-secrets-namespace: {{ .Values.gatewayAPI.secretsNamespace.name | quote }} | |||
gateway-api-metrics-addr: ":{{ .Values.gatewayAPI.metricsPort }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add this port to the metrics service as well, so they can be discovered via the ServiceMonitor infrastructure (though it seems that for the proxy, the infrastructure might also be incomplete).
83cc64d
to
1081f17
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for @cilium/operator owned files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM in service mesh terms, but I also wondered about why it needs to be a separate port.
Regarding the multiple ports - my understanding here is that the metrics are exposed by a third-party library ( The Hubble and Cilium-Agent metrics are also exposed on a different port, but the reason there is not technical, but more use-case driven: Having them on separate ports allows them to be scraped by different consumers (the Hubble metrics will be more interesting to app teams, while the Cilium metrics will be interesting to platform teams). Having said that, the gateway-api and envoy metrics will likely have the same consumers as the regular cilium-agent metrics, i.e. platform teams. So I think it's worth having a discussion if it makes sense to expose then under a common port. But it would likely require us to implement some kind of gather functionality inside the agent itself, which I don't think I think is a larger undertaking that will not make it into v1.13. |
While the controller-runtime supports starting up an independent metrics server, there's no need to use that. You can also access the registry separately via Or just overwrite it with a separate registry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM from a datapath perspective.
I would personally prefer to fold these metrics into the main Cilium metrics registry, having multiple ports for metrics seems overkill. But I will let the other people already in this deal with that.
This is good point, I didn't know that Registry is global variable in controller package. |
Closed in favour of #23501 |
Description
This is to make sure that users can disable and set port number for Gateway API controller accordingly.
Fixes: #23082
Reported-by: Karsten Nielsen karsten.nielsen@ingka.ikea.com
Signed-off-by: Tam Mach tam.mach@cilium.io
Tasks
Testing
Testing was done locally as per below
Installation with default value
Installation with metric port disabled