[ffapi] Renaming Metrics Server to Monitoring and Allowing Additional Routes #167
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… Routes Signed-off-by: hfuss <hayden.fuss@kaleido.io>
onelapahead
commented
Feb 15, 2025
| ConfMetricsServerEnabled = "enabled" | ||
| ConfMetricsServerPath = "/metrics" | ||
| ConfMonitoringServerEnabled = "enabled" | ||
| ConfMonitoringServerMetricsPath = "metricsPath" |
Contributor
Author
There was a problem hiding this comment.
This was just flat out bug
peterbroadhurst
approved these changes
Feb 17, 2025
Contributor
peterbroadhurst
left a comment
peterbroadhurst
left a comment
There was a problem hiding this comment.
Thanks for the clear justification.
You're correct this will generate some churn in upstream components (FFTM, FireFly core, etc.), but the ability to register additional endpoints for monitoring seems very useful and I agree having metrics forced as the same would be confusing.
This was referenced Feb 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
NOTE: this a breaking change in the
APIServerOptionsstruct. Clients will have to used the renamedMonitoringConfigoption rather thanMetricsConfig. However, bc its up to the client to have assembled their config sections/subsections and names however they wish, this does not mean they have to rename a section called saymetricstomonitoring. Meaning their configuration files can remain backwards compatible.Often, the metrics server has been enabled with an internal, non-TLS port so that it can be easily monitoring by Prometheus servers.
Meanwhile, servers often need to provide health or liveness/readiness endpoints for probes when running within containerized environments like Kubernetes.
The framework incentivizes putting those health routes on the core API server, but this has two disadvantages:
With 1., we've encountered issues like kubelet probes'
httpGetnot supporting (m)TLS connections. If one works around that using anexecprobe and saycurl, we've observed this to have performance implications on kubelet and the underlying worker host.With 2., the health routes can available on
Ingress's lacking path-aware filtering which can lead to information leaks.Instead, we want to make the
metricsmonitoring server more multi-purpose by allowing additional routes to be defined on it. This means clients can move their health routes off of their core API servers, and onto the monitoring server - allowing for less external security risk and giving the user control over whether they want different internal security for their container probes.