Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MicroK8s addon enabled checks can give false positives for unrelated resources/files that contain the check_status value #4245

Closed
testA113 opened this issue Oct 10, 2023 · 2 comments
Closed

MicroK8s addon enabled checks can give false positives for unrelated resources/files that contain the check_status value #4245

testA113 opened this issue Oct 10, 2023 · 2 comments

Comments

@testA113
Copy link

testA113 commented Oct 10, 2023
edited
Loading

Note

This issue is raised as part of issue 165 logged in the community addons repo. I've made this issue here because the fix could require updating the is_enabled function mentioned here.

Summary

I'm working at Portainer, and we came across a bug relating to the way that our addon is detected...
Given I have community addons enabled
When I install the portainer-agent (not the portainer server) in my MicroK8s cluster using a manifest file like this
And I run microk8s status, then currently Portainer shows up as an enabled addon
image

What Should Happen Instead?

The portainer addon should not be detected as enabled.

Reproduction Steps

  1. Enable community addons microk8s enable community
  2. Install the portainer agent from a manifest microk8s kubectl apply -f https://downloads.portainer.io/ee2-18/portainer-agent-k8s-nodeport.yaml
  3. Run microk8s status to check the enabled addons

Can you suggest a fix?

The current Portainer addon check_status, pod/portainer is matching for both pod/portainer-agent-xxx and pod/portainer-xxx causing Portainer to be detected as enabled when the agent is installed, as well as the server.
I propose to introduce an optional regex_check_status field, that when specified, does a more exact regex search (in the is_enabled util function) for matching files or kube resources, as well as updating the portainer section of addons.yaml to use this new regex_check_status. In issue 165 I suggested other fixes, but this seems like the best one while also enhancing MicroK8s.

Are you interested in contributing with a fix?

yes
@testA113 testA113 mentioned this issue Oct 10, 2023
Closed
3 tasks
@testA113
Copy link
Author

Closing this PR as it's no longer an issue with canonical/microk8s-community-addons#166 merged

@ben-z
Copy link

ben-z commented Sep 14, 2024
edited
Loading

Can we reopen this? The same issue exists with many other addons (pod/coredns) in my case.

This logic to search for substring in all namespaces is too error prone:

microk8s/scripts/wrappers/common/utils.py

Lines 553 to 579 in ee4558a

def is_enabled(addon, item):
if addon in item:
return True
else:
filepath = os.path.expandvars(addon)
return os.path.isfile(filepath)
def get_status(available_addons, isReady):
enabled = []
disabled = []
if isReady:
# 'all' does not include ingress
kube_output = kubectl_get("all,ingress")
cluster_output = kubectl_get_clusterroles()
kube_output = kube_output + cluster_output
for addon in available_addons:
found = False
for row in kube_output.split("\n"):
if is_enabled(addon["check_status"], row):
enabled.append(addon)
found = True
break
if not found:
disabled.append(addon)
return enabled, disabled

Perhaps we can add a namespace option to each addon. The namespaces appear to be hard-coded in the addons anyway.

cc @ktsakalozos perhaps you have better context/suggestions for this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enhance is_enabled to allow regex matches
2 participants
@ben-z @testA113