Serve metrics under a dedicated port

[linki]

etcd v3.3 introduced a new flag to allow serving /metrics and /health under a different port than e.g. /v2/keys. This allows us to protect etcd's data via firewall rules but still let monitoring tools to access the monitoring information.

See feature request in etcd repo: etcd-io/etcd#8060.
The implementation landed in v3.3: etcd-io/etcd#8242

This PR instructs etcd to serve metrics and health under the additonal port 2381 unconditionally when the used etcd binary is >=v3.3.x. However, if not explicitely set in the senza.yaml this port won't be mapped to the outside and therefore isn't accessible. It doesn't expose more information than anything under 2379 already does. See our intended usage here: zalando-incubator/kubernetes-on-aws#879.

Note: This fails when bundled with etcd lower than v3.3. Furthermore, serving this additional endpoint unconditionally should be safe but might not be desired. It keeps the implementation very simple, though. LMKWYT

/cc @CyberDem0n @aermakov-zalando @mikkeloscar

[mikkeloscar]

lgtm

[CyberDem0n]

It breaks compatibility with old etcd, because the same script is used for different images containing different version.
Moreover, it even breaks upgrade 3.2 => 3.3.

Those arguments should be applied conditionally, i.e. only if etcd version is >= 3.3.
You can get version from environment: ETCDVERSION.

[linki]

@CyberDem0n Thanks.

It now looks at the ETCDVERSION env variable and only adds the -listen-metrics-urls flag when the version is greater than or equal to v3.3.x

[aermakov-zalando]

etcdversion = [int(x) for x in etcdversion.split('.')]

You could also use tuples which are immutable (tuple(int(x) for x in etcdversion.split('.'))), but don't forget to change the comparison to match.

[linki]

Thanks, I changed it.

[aermakov-zalando]

Not sure if this is worth it TBH. If they decide to do a 3.3.1.2, this will suddenly break instead of continuing. I'd just check that the length is >= 2, or even drop the check altogether.

[aermakov-zalando]

etcdversion >= [3, 3]

[szuecs]

@CyberDem0n can we get this merged?

[szuecs]

👍

[CyberDem0n]

There is still one corner case left, it breaks upgrade from 3.2 to 3.3 :(
During the upgrade first it starts the old binary in order to get data, than it stops it and starts the new binary.
Current change will try to apply -listen-metrics-urls to the old binary and fail if the old version is 3.2

In order to solve it, let's introduce one more argument to this method, run_old and pass its value from https://github.com/linki/stups-etcd-cluster/blob/0a914150be28b93ff77b56747b0cf09a010138dc/etcd.py#L474:

    return self.me.etcd_arguments(self.DATA_DIR, peers, cluster_state, self.run_old)

And the line 270 has to be changed to:

    etcdversion = os.environ.get('ETCDVERSION_PREV' if run_old else 'ETCDVERSION')

[CyberDem0n]

-    def etcd_arguments(self, data_dir, initial_cluster, cluster_state, run_old)):
+    def etcd_arguments(self, data_dir, initial_cluster, cluster_state, run_old):

this is the reason why tests are failing

[linki]

damn, sorry about that.

[CyberDem0n]

👍

[linki]

@CyberDem0n let me quickly test on our cluster that it still works as expected before merging.

[linki]

@CyberDem0n ok, works with 3.3.

[CyberDem0n]

I need a second 👍

[linki]

@CyberDem0n Did it work for you as well?

[CyberDem0n]

I didn't tried. In order to build image it needs to be merged and we need a second approval for that

[mikkeloscar]

👍