Page MenuHomePhabricator
Create Task
Maniphest T264625

Deploy kube-state-metrics
Closed, ResolvedPublic
Actions

Description

We should include a kube-state-metrics deployment into each of our clusters to be able to collect metrics about the state of API objects. That would help us more easily gather information on things like deployments happening (T222826) or containers not being killed/restarted often (T256256).

For this we need to (at least):

As this will generate a lot of extra metrics, we should probably talk to o11y.

Details

Related Changes in Gerrit:
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

JMeybohm created this task.Oct 5 2020, 2:39 PM
JMeybohm triaged this task as Medium priority.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 5 2020, 2:39 PM
JMeybohm renamed this task from Deploy kube-state-meterics to Deploy kube-state-metrics.Oct 5 2020, 2:40 PM
JMeybohm added a project: serviceops.
JMeybohm added a parent task: T266216: Increase visibility of container/pod ressource exhaustion .Oct 22 2020, 8:42 AM
Jelto subscribed.Aug 31 2021, 1:10 PM
elukey subscribed.Feb 22 2022, 2:49 PM
jijiki moved this task from Incoming 🐫 to 🙈🙉🙊Backlog on the serviceops board.Sep 28 2022, 2:26 PM
jijiki moved this task from 🙈🙉🙊Backlog to ⎈Kubernetes on the serviceops board.Oct 12 2022, 9:03 PM
JMeybohm moved this task from ⎈Kubernetes to 🥋Good First Task on the serviceops board.Nov 11 2022, 1:58 PM
JMeybohm added subscribers: akosiaris, jijiki, ayounsi.Feb 6 2023, 4:13 PM
JMeybohm added a comment.Feb 6 2023, 4:15 PM

@akosiaris discovered recently (more or less by accident) that we're overcommitting CPU by quite a bit on wikikube clusters. With kube-state-metrics we should be able to make this more visible (or even alert on it).
This could be a nice task to do for people doing k8s training currently ;)

Clement_Goubert mentioned this in T343306: Wikikube CPU capacity issue.Aug 2 2023, 10:09 AM
Raine claimed this task.Aug 7 2023, 3:31 PM
Raine changed the task status from Open to In Progress.Aug 8 2023, 1:08 PM

Upstream chart evaluation started: see https://wikitech.wikimedia.org/wiki/Helm/Upstream_Charts/kube-state-metrics

Raine moved this task from 🥋Good First Task to Doing 😎 on the serviceops board.Aug 8 2023, 1:23 PM
Raine changed the task status from In Progress to Stalled.Sep 4 2023, 10:35 AM

on the back burner while I'm busy freaking out about the DC switchover (T345263)

JMeybohm mentioned this in T324959: Scrape controller-manager and scheduler metrics.Sep 20 2023, 10:17 AM
JMeybohm added a project: Prod-Kubernetes.Sep 20 2023, 4:56 PM
elukey updated the task description. (Show Details)Sep 29 2023, 12:43 PM
elukey added a comment.EditedOct 2 2023, 10:13 AM

From a quick check of https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-state-metrics the helm chart seems a good fit for our use case:

  • PSP policies can be enabled/disabled (since we'll have to depreacate them soon) and more in general, all features like autoscaling etc.. are if-guarded and not enabled by default. There seems to be no option/feature automatically enabled that we don't support.
  • Network policies seems sane, and we'll just need to allow kube-state-metrics pod to reach the Kube API, so very easy use case.
  • I don't see any weird permission to assign to the kube-state-metrics pod.
  • There seems to be an active community behind it (https://github.com/prometheus-community/helm-charts/commits/main/charts/kube-state-metrics).

I'd be in favor to start testing the helm chart, there may be some tweak needed but overall it looks good imho.

Raine changed the status of subtask T343801: Create kube-state-metrics docker image from Open to In Progress.Oct 10 2023, 2:51 PM
ayounsi unsubscribed.Oct 11 2023, 8:31 AM
Raine closed subtask T343801: Create kube-state-metrics docker image as Resolved.Oct 11 2023, 2:35 PM
Raine changed the task status from Stalled to In Progress.Oct 31 2023, 5:02 PM
gerritbot added a comment.Oct 31 2023, 6:11 PM

Change 970425 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/deployment-charts@master] Initial commit of kube-state-metrics chart from prometheus-community

https://gerrit.wikimedia.org/r/970425

gerritbot added a project: Patch-For-Review.Oct 31 2023, 6:11 PM
gerritbot added a comment.Nov 7 2023, 4:34 PM

Change 972400 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/deployment-charts@master] [WIP] add kube-state-metrics helmfile

https://gerrit.wikimedia.org/r/972400

gerritbot added a comment.Nov 8 2023, 4:49 PM

Change 970425 merged by jenkins-bot:

[operations/deployment-charts@master] Initial commit of kube-state-metrics chart from prometheus-community

https://gerrit.wikimedia.org/r/970425

gerritbot added a comment.Nov 8 2023, 4:50 PM

Change 972400 merged by jenkins-bot:

[operations/deployment-charts@master] Add WIP kube-state-metrics deployment to staging

https://gerrit.wikimedia.org/r/972400

Maintenance_bot removed a project: Patch-For-Review.Nov 8 2023, 5:11 PM
gerritbot added a comment.Nov 8 2023, 5:53 PM

Change 972869 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/deployment-charts@master] kube-state-metrics: bump chart version, add upstream version

https://gerrit.wikimedia.org/r/972869

gerritbot added a project: Patch-For-Review.Nov 8 2023, 5:53 PM
gerritbot added a comment.Nov 8 2023, 5:59 PM

Change 972869 merged by jenkins-bot:

[operations/deployment-charts@master] kube-state-metrics: bump chart version, add upstream version

https://gerrit.wikimedia.org/r/972869

Maintenance_bot removed a project: Patch-For-Review.Nov 8 2023, 6:10 PM
gerritbot added a comment.Nov 9 2023, 11:38 AM

Change 973134 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/deployment-charts@master] enable kube-state-metrics prototype in eqiad

https://gerrit.wikimedia.org/r/973134

gerritbot added a project: Patch-For-Review.Nov 9 2023, 11:38 AM
gerritbot added a comment.Nov 9 2023, 12:42 PM

Change 973134 merged by jenkins-bot:

[operations/deployment-charts@master] enable kube-state-metrics prototype in eqiad

https://gerrit.wikimedia.org/r/973134

Maintenance_bot removed a project: Patch-For-Review.Nov 9 2023, 1:10 PM
Raine added a comment.EditedNov 9 2023, 1:16 PM

A prototype deployment in eqiad with a pretty vanilla config:

  • generates <80k timeseries; so let's call it up to ~100k timeseries per cluster
  • uses <50mCPU and <120MB memory with (curl-simulated) metrics scraping on, so I believe that deploying a single replica is fine
Raine added a subscriber: fgiunchedi.Nov 9 2023, 1:40 PM

@fgiunchedi is adding up to 100k timeseries per k8s cluster OK?

fgiunchedi added a comment.Nov 9 2023, 2:07 PM
In T264625#9319210, @kamila wrote:

@fgiunchedi is adding up to 100k timeseries per k8s cluster OK?

Not sure off the bat, do you have a dump or a sample of the metrics? Will they be collected by Prometheus from a single (per-cluster) endpoint?

Raine added a comment.Nov 9 2023, 2:25 PM
In T264625#9319298, @fgiunchedi wrote:
In T264625#9319210, @kamila wrote:

@fgiunchedi is adding up to 100k timeseries per k8s cluster OK?

Not sure off the bat, do you have a dump or a sample of the metrics? Will they be collected by Prometheus from a single (per-cluster) endpoint?

I left a dump in kubernetes1008:~kamila/ksm-metrics-eqiad.txt (it's too big for paste, sorry; also I'm not 100% sure it's all public data right now, WIP).

Yes, we would like to use a single endpoint. If necessary, it can be sharded, but a single endpoint would be preferable.

fgiunchedi added a comment.Nov 9 2023, 2:48 PM
In T264625#9319374, @kamila wrote:
In T264625#9319298, @fgiunchedi wrote:
In T264625#9319210, @kamila wrote:

@fgiunchedi is adding up to 100k timeseries per k8s cluster OK?

Not sure off the bat, do you have a dump or a sample of the metrics? Will they be collected by Prometheus from a single (per-cluster) endpoint?

I left a dump in kubernetes1008:~kamila/ksm-metrics-eqiad.txt (it's too big for paste, sorry; also I'm not 100% sure it's all public data right now, WIP).

Yes, we would like to use a single endpoint. If necessary, it can be sharded, but a single endpoint would be preferable.

Thank you, I've summarised the top 20 metric names below, if there's anything that can be obviously dropped that'd be helpful, if not I think we should be fine to at least try it. ack re: single endpoint, should be fine too

$ grep -v '^#' ksm-metrics-eqiad.txt  | cut -d\{ -f1 | sort | uniq -c | sort -rn | head -20
   5558 kube_pod_container_resource_requests
   5312 kube_pod_container_resource_limits
   3985 kube_pod_status_reason
   3985 kube_pod_status_phase
   2779 kube_pod_container_status_waiting
   2779 kube_pod_container_status_terminated
   2779 kube_pod_container_status_running
   2779 kube_pod_container_status_restarts_total
   2779 kube_pod_container_status_ready
   2779 kube_pod_container_state_started
   2779 kube_pod_container_info
   2666 kube_pod_tolerations
   2391 kube_pod_status_scheduled
   2391 kube_pod_status_ready
   2391 kube_pod_status_qos_class
   1594 kube_pod_ips
    959 kube_secret_type
    959 kube_secret_metadata_resource_version
    959 kube_secret_info
    959 kube_secret_created
JMeybohm added a comment.Nov 11 2023, 12:03 PM

The kube_pod_ metrics are one of the main reasons for KSM, although I think we can reduce them a bit by dropping:

  • kube_pod_status_qos_class
  • kube_pod_tolerations
  • kube_pod_ips

Unfortunately that will require a custom scrape config as we can't disable those in KSM (they are all part of the Pod collector).

In KSM itself I would disable the following collectors (at least for wikikube):

  • CertificateSigningRequest
  • ConfigMap
  • Endpoint
  • HPA
  • Ingress
  • LimitRange
  • NetworkPolicy
  • PersistentVolume
  • PersistentVolumeClaim
  • ResourceQuota
  • Secret
  • Service
  • StorageClass
  • VolumeAttachment
gerritbot added a comment.Nov 13 2023, 12:24 PM

Change 973762 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/deployment-charts@master] kube-state-metrics: reduce number of metrics

https://gerrit.wikimedia.org/r/973762

gerritbot added a project: Patch-For-Review.Nov 13 2023, 12:24 PM
gerritbot added a comment.Nov 13 2023, 2:26 PM

Change 973762 merged by jenkins-bot:

[operations/deployment-charts@master] kube-state-metrics: reduce number of metrics

https://gerrit.wikimedia.org/r/973762

Maintenance_bot removed a project: Patch-For-Review.Nov 13 2023, 2:30 PM
Raine added a comment.Nov 13 2023, 4:55 PM

With @JMeybohm's suggestion (T264625#9324445) we are at around 60k timeseries.

fgiunchedi added a comment.Nov 14 2023, 9:36 AM
In T264625#9327330, @kamila wrote:

With @JMeybohm's suggestion (T264625#9324445) we are at around 60k timeseries.

Looks good to me, let's give it a try! Feel free to send reviews my way

gerritbot added a comment.Nov 14 2023, 10:46 AM

Change 974151 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/deployment-charts@master] kube-state-metrics: enable Prometheus scraping

https://gerrit.wikimedia.org/r/974151

gerritbot added a project: Patch-For-Review.Nov 14 2023, 10:46 AM
gerritbot added a comment.Nov 14 2023, 11:21 AM

Change 974158 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/deployment-charts@master] kube-state-metrics: DRY network policy

https://gerrit.wikimedia.org/r/974158

gerritbot added a comment.Nov 14 2023, 12:36 PM

Change 974151 merged by jenkins-bot:

[operations/deployment-charts@master] kube-state-metrics: enable Prometheus scraping

https://gerrit.wikimedia.org/r/974151

gerritbot added a comment.Nov 14 2023, 12:51 PM

Change 974171 had a related patch set uploaded (by Kamila Součková; author: Kamila Součková):

[operations/deployment-charts@master] kube-state-metrics: enable in codfw + staging-eqiad

https://gerrit.wikimedia.org/r/974171

gerritbot added a comment.Nov 14 2023, 2:37 PM

Change 974171 merged by jenkins-bot:

[operations/deployment-charts@master] kube-state-metrics: enable in codfw + staging-eqiad

https://gerrit.wikimedia.org/r/974171

JMeybohm added a comment.Nov 21 2023, 11:23 AM

KSM in staging-eqiad was in a half installed state (probably due to prematurely terminated helmfile/helm command):

(HelmReleaseBadStatus) firing: Helm release kube-system/kube-state-metrics on k8s-staging@eqiad in state pending-install - https://wikitech.wikimedia.org/wiki/Kubernetes/Deployments#Rolling_back_in_an_emergency - https://grafana.wikimedia.org/d/UT4GtK3nz?var-site=eqiad&var-cluster=k8s-staging&var-namespace=kube-system - https://alerts.wikimedia.org/?q=alertname%3DHelmReleaseBadStatus
# helm -n kube-system history kube-state-metrics                                                                                      
REVISION        UPDATED                         STATUS          CHART                           APP VERSION     DESCRIPTION                                       
1               Tue Nov 14 14:52:55 2023        pending-install kube-state-metrics-5.10.2                       Initial install underway

I did the easy thing:

helm -n kube-system delete kube-state-metrics 
helmfile -e staging-eqiad -i apply --context 5
Raine added a comment.Nov 21 2023, 4:33 PM
In T264625#9348475, @JMeybohm wrote:

KSM in staging-eqiad was in a half installed state (probably due to prematurely terminated helmfile/helm command): [...]

Huh, strange, thank you.

Other than that, it has been running in staging and main for a week and it looks good. OK to deploy it in the other clusters (ml-*, dse, aux) too?

fgiunchedi added a comment.Nov 22 2023, 8:33 AM
In T264625#9349971, @kamila wrote:
In T264625#9348475, @JMeybohm wrote:

KSM in staging-eqiad was in a half installed state (probably due to prematurely terminated helmfile/helm command): [...]

Huh, strange, thank you.

Other than that, it has been running in staging and main for a week and it looks good. OK to deploy it in the other clusters (ml-*, dse, aux) too?

+1 on my end

JMeybohm added a comment.Nov 22 2023, 12:32 PM
In T264625#9349971, @kamila wrote:
In T264625#9348475, @JMeybohm wrote:

KSM in staging-eqiad was in a half installed state (probably due to prematurely terminated helmfile/helm command): [...]

Huh, strange, thank you.

Other than that, it has been running in staging and main for a week and it looks good. OK to deploy it in the other clusters (ml-*, dse, aux) too?

I'd leave that to the cluster "owners" to decide (and do) tbh. You may announce the availability on the Kubernetes SIG mailinglist https://www.mediawiki.org/wiki/Kubernetes_SIG (I've also put it on the agenda four the next SIG meeting next week).

gerritbot added a comment.Nov 28 2023, 7:31 PM

Change 978129 had a related patch set uploaded (by CDanis; author: Chris Danis):

[operations/deployment-charts@master] [aux-k8s-eqiad] add kube-state-metrics

https://gerrit.wikimedia.org/r/978129

gerritbot added a comment.Nov 29 2023, 12:24 PM

Change 978504 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/deployment-charts@master] Deploy kube-state-metrics to the dse-k8s cluster

https://gerrit.wikimedia.org/r/978504

gerritbot added a comment.Dec 4 2023, 12:15 PM

Change 978504 merged by jenkins-bot:

[operations/deployment-charts@master] Deploy kube-state-metrics to the dse-k8s cluster

https://gerrit.wikimedia.org/r/978504

gerritbot added a comment.Dec 4 2023, 12:28 PM

Change 979930 had a related patch set uploaded (by Elukey; author: Elukey):

[operations/deployment-charts@master] admin_ng: deploy kube-state-metrics on all ml clusters

https://gerrit.wikimedia.org/r/979930

gerritbot added a comment.Dec 4 2023, 1:46 PM

Change 979930 merged by Elukey:

[operations/deployment-charts@master] admin_ng: deploy kube-state-metrics on all ml clusters

https://gerrit.wikimedia.org/r/979930

Raine closed this task as Resolved.Dec 5 2023, 10:54 AM

KSM is deployed in other clusters and appears to work, so I'm closing this :-)

gerritbot added a comment.Dec 18 2023, 11:53 AM

Change 974158 merged by jenkins-bot:

[operations/deployment-charts@master] kube-state-metrics: DRY network policy

https://gerrit.wikimedia.org/r/974158

gerritbot added a comment.Feb 9 2024, 6:34 PM

Change 978129 merged by jenkins-bot:

[operations/deployment-charts@master] [aux-k8s-eqiad] add kube-state-metrics

https://gerrit.wikimedia.org/r/978129

Maintenance_bot removed a project: Patch-For-Review.Feb 9 2024, 7:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits