Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CNI-Metrics-Helper - Cannot retrieve Metrics #2115

Closed
quadrinho opened this issue Oct 24, 2022 · 9 comments · Fixed by #2119
Closed

CNI-Metrics-Helper - Cannot retrieve Metrics #2115

quadrinho opened this issue Oct 24, 2022 · 9 comments · Fixed by #2119
Assignees
@jdn5126

Comments

@quadrinho
Copy link

Hello,
i am trying to use CNI Metrics Helper Chart to retrieve Metrics from the VPC CNI Addon on my EKS Cluster but i recieved this error:

kubectl logs -f cni-metrics-helper-74b9b997b4-8zrcp -n kube-system
{"level":"info","ts":"2022-10-24T17:03:04.843Z","caller":"cni-metrics-helper/main.go:45","msg":"Constructed new logger instance"}
{"level":"info","ts":"2022-10-24T17:03:04.843Z","caller":"runtime/proc.go:250","msg":"Starting CNIMetricsHelper. Sending metrics to CloudWatch: true, LogLevel Debug"}
{"level":"info","ts":"2022-10-24T17:03:04.879Z","caller":"cni-metrics-helper/main.go:119","msg":"Using REGION=eu-central-1 and CLUSTER_ID=my-eks-cluster"}
{"level":"info","ts":"2022-10-24T17:03:34.880Z","caller":"runtime/proc.go:250","msg":"Collecting metrics ..."}
{"level":"info","ts":"2022-10-24T17:03:34.980Z","caller":"metrics/cni_metrics.go:195","msg":"Total aws-node pod count:- %!(EXTRA int=2)"}
{"level":"debug","ts":"2022-10-24T17:03:34.988Z","caller":"metrics/metrics.go:382","msg":"cni-metrics text output: # HELP awscni_add_ip_req_count The number of add IP address requests\n# TYPE awscni_add_ip_req_count counter\nawscni_add_ip_req_count 225\n# HELP awscni_assigned_ip_addresses The number of IP addresses assigned to pods\n# TYPE awscni_assigned_ip_addresses gauge\nawscni_assigned_ip_addresses 11\n# HELP awscni_assigned_ip_per_cidr The total number of IP addresses assigned per cidr\n# TYPE awscni_assigned_ip_per_cidr gauge\nawscni_assigned_ip_per_cidr{cidr="10.192.168.34/32"} 1# HELP awscni_aws_api_latency_ms AWS API call latency in ms\n# TYPE awscni_aws_api_latency_ms summary\nawscni_aws_api_latency_ms_sum{api="AssignPrivateIpAddresses",error="false",status="200"} 1182\nawscni_aws_api_latency_ms_count{api="AssignPrivateIpAddresses",error="false",status="200"} 2\nawscni_aws_api_latency_ms_sum{api="AttachNetworkInterface",error="false",status="200"} 1775\nawscni_aws_api_latency_ms_count{api="AttachNetworkInterface",error="false",status="200"} 2\nawscni_aws_api_latency_ms_sum{api="CreateNetworkInterface",error="false",status="200"} 1089\nawscni_aws_api_latency_ms_count{api="CreateNetworkInterface",error="false",status="200"} 2\nawscni_aws_api_latency_ms_sum{api="CreateTags",error="false",status="200"} 100\nawscni_aws_api_latency_ms_count{api="CreateTags",error="false",status="200"} 1\nawscni_aws_api_latency_ms_sum{api="DescribeInstances",error="false",status="200"} 172\nawscni_aws_api_latency_ms_count{api="DescribeInstances",error="false",status="200"} 2\nawscni_aws_api_latency_ms_sum{api="DescribeNetworkInterfaces",error="false",status="200"} 390\nawscni_aws_api_latency_ms_count{api="DescribeNetworkInterfaces",error="false",status="200"} 2\nawscni_aws_api_latency_ms_sum{api="GetMetadata",error="false",status="200"} 8812\nawscni_aws_api_latency_ms_count{api="GetMetadata",error="false",status="200"} 174419\nawscni_aws_api_latency_ms_sum{api="GetMetadata",error="true",status="404"} 322\nawscni_aws_api_latency_ms_count{api="GetMetadata",error="true",status="404"} 20904\nawscni_aws_api_latency_ms_sum{api="ModifyNetworkInterfaceAttribute",error="false",status="200"} 853\nawscni_aws_api_latency_ms_count{api="ModifyNetworkInterfaceAttribute",error="false",status="200"} 2\nawscni_aws_api_latency_ms_sum{api="waitForENIAndIPsAttached",error="false",status="200"} 10010\nawscni_aws_api_latency_ms_count{api="waitForENIAndIPsAttached",error="false",status="200"} 2\n# HELP awscni_build_info A metric with a constant '1' value labeled by version, revision, and goversion from which amazon-vpc-cni-k8s was built.\n# TYPE awscni_build_info gauge\nawscni_build_info{goversion="go1.18.3",version=""} 1\n# HELP awscni_del_ip_req_count The number of delete IP address requests\n# TYPE awscni_del_ip_req_count counter\nawscni_del_ip_req_count{reason="PodDeleted"} 219\n# HELP awscni_eni_allocated The number of ENIs allocated\n# TYPE awscni_eni_allocated gauge\nawscni_eni_allocated 4\n# HELP awscni_eni_max The maximum number of ENIs that can be attached to the instance, accounting for unmanaged ENIs\n# TYPE awscni_eni_max gauge\nawscni_eni_max 8\n# HELP awscni_force_removed_enis The number of ENIs force removed while they had assigned pods\n# TYPE awscni_force_removed_enis counter\nawscni_force_removed_enis 0\n# HELP awscni_force_removed_ips The number of IPs force removed while they had assigned pods\n# TYPE awscni_force_removed_ips counter\nawscni_force_removed_ips 0\n# HELP awscni_ip_max The maximum number of IP addresses that can be allocated to the instance\n# TYPE awscni_ip_max gauge\nawscni_ip_max 232\n# HELP awscni_ipamd_action_inprogress The number of ipamd actions in progress\n# TYPE awscni_ipamd_action_inprogress gauge\nawscni_ipamd_action_inprogress{fn="increaseDatastorePool"} 0\nawscni_ipamd_action_inprogress{fn="nodeIPPoolReconcile"} 0\nawscni_ipamd_action_inprogress{fn="nodeInit"} 0\n# HELP awscni_reconcile_count The number of times ipamd reconciles on ENIs and IP/Prefix addresses\n# TYPE awscni_reconcile_count counter\nawscni_reconcile_count{fn="eniDataStorePoolReconcileAdd"} 403448\nawscni_reconcile_count{fn="eniReconcileAdd"} 1\n# HELP awscni_total_ip_addresses The total number of IP addresses\n# TYPE awscni_total_ip_addresses gauge\nawscni_total_ip_addresses 58\n# HELP awscni_total_ipv4_prefixes The total number of IPv4 prefixes\n# TYPE awscni_total_ipv4_prefixes gauge\nawscni_total_ipv4_prefixes 0\n# HELP go_gc_duration_seconds A summary of the pause duration of garbage collection cycles.\n# TYPE go_gc_duration_seconds summary\ngo_gc_duration_seconds{quantile="0"} 4.5366e-05\ngo_gc_duration_seconds{quantile="0.25"} 5.4268e-05\ngo_gc_duration_seconds{quantile="0.5"} 5.6719e-05\ngo_gc_duration_seconds{quantile="0.75"} 6.1367e-05\ngo_gc_duration_seconds{quantile="1"} 0.000128543\ngo_gc_duration_seconds_sum 0.233102208\ngo_gc_duration_seconds_count 3521\n# HELP go_goroutines Number of goroutines that currently exist.\n# TYPE go_goroutines gauge\ngo_goroutines 39\n# HELP go_info Information about the Go environment.\n# TYPE go_info gauge\ngo_info{version="go1.18.3"} 1\n# HELP go_memstats_alloc_bytes Number of bytes allocated and still in use.\n# TYPE go_memstats_alloc_bytes gauge\ngo_memstats_alloc_bytes 7.315264e+06\n# HELP go_memstats_alloc_bytes_total Total number of bytes allocated, even if freed.\n# TYPE go_memstats_alloc_bytes_total counter\ngo_memstats_alloc_bytes_total 1.4620410456e+10\n# HELP go_memstats_buck_hash_sys_bytes Number of bytes used by the profiling bucket hash table.\n# TYPE go_memstats_buck_hash_sys_bytes gauge\ngo_memstats_buck_hash_sys_bytes 5781\n# HELP go_memstats_frees_total Total number of frees.\n# TYPE go_memstats_frees_total counter\ngo_memstats_frees_total 5.8609322e+07\n# HELP go_memstats_gc_cpu_fraction The fraction of this program's available CPU time used by the GC since the program started.\n# TYPE go_memstats_gc_cpu_fraction gauge\ngo_memstats_gc_cpu_fraction 1.9621378851981654e-06\n# HELP go_memstats_gc_sys_bytes Number of bytes used for garbage collection system metadata.\n# TYPE go_memstats_gc_sys_bytes gauge\ngo_memstats_gc_sys_bytes 5.729184e+06\n# HELP go_memstats_heap_alloc_bytes Number of heap bytes allocated and still in use.\n# TYPE go_memstats_heap_alloc_bytes gauge\ngo_memstats_heap_alloc_bytes 7.315264e+06\n# HELP go_memstats_heap_idle_bytes Number of heap bytes waiting to be used.\n# TYPE go_memstats_heap_idle_bytes gauge\ngo_memstats_heap_idle_bytes 9.084928e+06\n# HELP go_memstats_heap_inuse_bytes Number of heap bytes that are in use.\n# TYPE go_memstats_heap_inuse_bytes gauge\ngo_memstats_heap_inuse_bytes 1.04448e+07\n# HELP go_memstats_heap_objects Number of allocated objects.\n# TYPE go_memstats_heap_objects gauge\ngo_memstats_heap_objects 27384\n# HELP go_memstats_heap_released_bytes Number of heap bytes released to OS.\n# TYPE go_memstats_heap_released_bytes gauge\ngo_memstats_heap_released_bytes 4.923392e+06\n# HELP go_memstats_heap_sys_bytes Number of heap bytes obtained from system.\n# TYPE go_memstats_heap_sys_bytes gauge\ngo_memstats_heap_sys_bytes 1.9529728e+07\n# HELP go_memstats_last_gc_time_seconds Number of seconds since 1970 of last garbage collection.\n# TYPE go_memstats_last_gc_time_seconds gauge\ngo_memstats_last_gc_time_seconds 1.666630985356181e+09\n# HELP go_memstats_lookups_total Total number of pointer lookups.\n# TYPE go_memstats_lookups_total counter\ngo_memstats_lookups_total 0\n# HELP go_memstats_mallocs_total Total number of mallocs.\n# TYPE go_memstats_mallocs_total counter\ngo_memstats_mallocs_total 5.8636706e+07\n# HELP go_memstats_mcache_inuse_bytes Number of bytes in use by mcache structures.\n# TYPE go_memstats_mcache_inuse_bytes gauge\ngo_memstats_mcache_inuse_bytes 19200\n# HELP go_memstats_mcache_sys_bytes Number of bytes used for mcache structures obtained from system.\n# TYPE go_memstats_mcache_sys_bytes gauge\ngo_memstats_mcache_sys_bytes 31200\n# HELP go_memstats_mspan_inuse_bytes Number of bytes in use by mspan structures.\n# TYPE go_memstats_mspan_inuse_bytes gauge\ngo_memstats_mspan_inuse_bytes 330616\n# HELP go_memstats_mspan_sys_bytes Number of bytes used for mspan structures obtained from system.\n# TYPE go_memstats_mspan_sys_bytes gauge\ngo_memstats_mspan_sys_bytes 359040\n# HELP go_memstats_next_gc_bytes Number of heap bytes when next garbage collection will take place.\n# TYPE go_memstats_next_gc_bytes gauge\ngo_memstats_next_gc_bytes 1.310184e+07\n# HELP go_memstats_other_sys_bytes Number of bytes used for other system allocations.\n# TYPE go_memstats_other_sys_bytes gauge\ngo_memstats_other_sys_bytes 3.527803e+06\n# HELP go_memstats_stack_inuse_bytes Number of bytes in use by the stack allocator.\n# TYPE go_memstats_stack_inuse_bytes gauge\ngo_memstats_stack_inuse_bytes 1.441792e+06\n# HELP go_memstats_stack_sys_bytes Number of bytes obtained from system for stack allocator.\n# TYPE go_memstats_stack_sys_bytes gauge\ngo_memstats_stack_sys_bytes 1.441792e+06\n# HELP go_memstats_sys_bytes Number of bytes obtained from system.\n# TYPE go_memstats_sys_bytes gauge\ngo_memstats_sys_bytes 3.0624528e+07\n# HELP go_threads Number of OS threads created.\n# TYPE go_threads gauge\ngo_threads 22\n# HELP process_cpu_seconds_total Total user and system CPU time spent in seconds.\n# TYPE process_cpu_seconds_total counter\nprocess_cpu_seconds_total 244.7\n# HELP process_max_fds Maximum number of open file descriptors.\n# TYPE process_max_fds gauge\nprocess_max_fds 1.048576e+06\n# HELP process_open_fds Number of open file descriptors.\n# TYPE process_open_fds gauge\nprocess_open_fds 14\n# HELP process_resident_memory_bytes Resident memory size in bytes.\n# TYPE process_resident_memory_bytes gauge\nprocess_resident_memory_bytes 5.453824e+07\n# HELP process_start_time_seconds Start time of the process since unix epoch in seconds.\n# TYPE process_start_time_seconds gauge\nprocess_start_time_seconds 1.66621334163e+09\n# HELP process_virtual_memory_bytes Virtual memory size in bytes.\n# TYPE process_virtual_memory_bytes gauge\nprocess_virtual_memory_bytes 7.75020544e+08\n# HELP process_virtual_memory_max_bytes Maximum amount of virtual memory available in bytes.\n# TYPE process_virtual_memory_max_bytes gauge\nprocess_virtual_memory_max_bytes -1\n# HELP promhttp_metric_handler_requests_in_flight Current number of scrapes being served.\n# TYPE promhttp_metric_handler_requests_in_flight gauge\npromhttp_metric_handler_requests_in_flight 1\n# HELP promhttp_metric_handler_requests_total Total number of scrapes by HTTP status code.\n# TYPE promhttp_metric_handler_requests_total counter\npromhttp_metric_handler_requests_total{code="200"} 134\npromhttp_metric_handler_requests_total{code="500"} 0\npromhttp_metric_handler_requests_total{code="503"} 0\n"}

The values of the chart is configured in this way:

# This default name override is to maintain backwards compatability with
# existing naming
nameOverride: cni-metrics-helper

image:
  region: eu-central-1
  tag: v1.11.4
  account: "602401143452"
  domain: "amazonaws.com"   
  # Set to use custom image
  # override: "repo/org/image:tag"

env:
  USE_CLOUDWATCH: "true"
  AWS_CLUSTER_ID: "my-eks-cluster"
  AWS_REGION: "eu-central-1"
  AWS_DEFAULT_REGION: "eu-central-1"

fullnameOverride: "cni-metrics-helper"

serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: "cni-metrics-helper"
 #annotations: {}
  annotations:
    eks.amazonaws.com/role-arn: "arn:aws:iam::XXXX:role/AmazonEKSVPCCNIMetricsHelperRole"

Naturally instead of XXXX is present the correct account id and the Role and the Policyattached to the role is created following this link:

https://docs.aws.amazon.com/eks/latest/userguide/cni-metrics-helper.html

I really don't uderstand where is the problem.

Can someone help me?

Thanks,

Alessio
@quadrinho
Copy link
Author

Hello,

can anyone help me? I follow all steps of above official guide but it doesn't work.

Thanks a lot!

Alessio

@jdn5126
Copy link
Contributor

jdn5126 commented Oct 25, 2022

Hi @quadrinho , I am investigating this. In the meantime, can you confirm that the cni-metrics-helper pod can reach the aws-node pod running on the same node? Using
kubectl exec cni-metrics-helper-XXX -n kube-system -- curl <aws-node-ip>/metrics

And confirm that you do not have any security policy deployed that prevents control plane nodes from reaching worker nodes (similar to #2091)?

@quadrinho
Copy link
Author

Hello @jdn5126,

i have tried your command but i recieved connection refused (so the connectivity is present):

kubectl exec cni-metrics-helper-55dcc57786-4z5nm -n kube-system -- curl 10.199.120.204/metrics
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (7) Failed to connect to 10.199.120.204 port 80 after 0 ms: Connection refused

In bold the ip of one node of the Cluster EKS. Did i understand well? Had i to use the ip of the aws node.

About the second question, i can confirm that i haven't any security policy that prevents control plane nodes from reaching worker nodes

Thanks a lot for the help!

I am waiting your investigation.

@jdn5126
Copy link
Contributor

jdn5126 commented Oct 25, 2022

@quadrinho sorry, there was a typo in my message (port was missing). The curl command should be something like:

kubectl exec cni-metrics-helper-55dcc57786-4z5nm -n kube-system -- curl 10.199.120.204:61678/metrics

I followed the steps in https://docs.aws.amazon.com/eks/latest/userguide/cni-metrics-helper.html and found that it is possible for the eksctl create iamserviceaccount ... command to no-op if you previously created that role and associated it with a different OIDC URL.

Can you check the "Trust Relationships" for the AmazonEKSVPCCNIMetricsHelperRole role that you created and make sure the OIDC URL matches? This is easiest to check from your AWS console, and you can see how it should look from the "AWS CLI" tab of step 2 under "Deploy the CNI metrics helper" section in https://docs.aws.amazon.com/eks/latest/userguide/cni-metrics-helper.html .

If the OIDC URL does not match, then you will need to edit it.

Also, the reason you are not able to see more logging detailing the issue is that we have a logging bug! In

amazon-vpc-cni-k8s/pkg/publisher/publisher.go

Line 61 in 852d811

var log = logger.Get()
, we get the logger before it is initialized, so publishing errors are not logged. I will be fixing this logging issue separately.

If your OIDC URL is correct, and deleting and recreating the role does not fix the issue, please share your cluster ARN to [email protected] and I will look further.

@jdn5126
Copy link
Contributor

jdn5126 commented Oct 25, 2022

@quadrinho note that if you change the trust relationships or delete and recreate the role, you will need to restart cni-metrics-helper pod as in step 6.

@jdn5126 jdn5126 mentioned this issue Oct 25, 2022
Merged
@quadrinho
Copy link
Author

Hello @jdn5126,

thanks the problems seems a wrong OIDC URL.

Can you say us on which docker image version we will found the correct loggin?

Thanks a lot!

@jdn5126
Copy link
Contributor

jdn5126 commented Oct 26, 2022

@quadrinho glad that resolved your issue! The logging fix will be in the next CNI release (either 1.11.5 or 1.12.0, whichever is decided on). Judging from the existing cadence, that should be released in the next few weeks.

I am also updating the documentation at https://docs.aws.amazon.com/eks/latest/userguide/cni-metrics-helper.html , as the eksctl step to create the IAM role can no-op in a very unclear way. It is better to have a unique role per cluster to avoid this stale mapping, and the documentation should call that out.

@jdn5126
Copy link
Contributor

jdn5126 commented Oct 27, 2022

Closing this issue now that the doc has been updated in awsdocs/amazon-eks-user-guide#619

@jdn5126 jdn5126 closed this as completed Oct 27, 2022
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jdn5126 jdn5126

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Pass logger to CloudWatch publisher jdn5126/amazon-vpc-cni-k8s
2 participants
@jdn5126 @quadrinho