Currently katalog-sync supports only tags. It would be great if it would support consul metadata as well.

https://www.consul.io/docs/agent/services.html

In k8s 1.14 ReadinessGates were added as a way for external services to influence the ready state of pods. This would remove the need for the katalog-sync-sidecar and move that ready-sync state to a more-standard spec configuration.

This would (high-level) require katalog-sync-daemon to maintain a condition (e.g. katalog-sync.wish.com/sync-readiness) on the pods it watches

Hello,

I have not found any parameters or settings that would allow for specifying ACL tokens for registering the service. Is there a plan to add it?

Hey, I'm encountering a high CPU edge case for katalog-sync. By high CPU i mean it uses all available CPU assigned to it in a resource limit.

Scenario:

• MyPod does not have a readiness gate
• MyPod starts with a failing readiness check

If MyPod starts with a passing readiness check, then later fails - it does not trigger high CPU on katalog-sync

After some digging, it looks like the daemon method waitPod is being called (https://github.com/wish/katalog-sync/blob/master/pkg/daemon/daemon.go#L329) continuously, expecting the Service to be ready - which in my scenario it is not.

Workaround that we've been using:
At L329 - add in an if statement.

				if p.OutstandingReadinessGate {
					go d.waitPod(p)
				}

The if condition is used a couple of times in a method of the pod struct already (e.g. https://github.com/wish/katalog-sync/blob/master/pkg/daemon/struct.go#L313)

Is this a viable way of solving the high CPU?
Also, im wondering what about a back off in the for loop, or a limit to the numbner of times it runs?

Thanks

sth like:
'katalog-sync.wish.com/service': '{"name": "foo", "port": 1234, "meta": "...", "tags": "..."}'

That's cleaner(one annotation for each service) and easy to expand to include new parameters.

time="2020-03-11T10:45:36Z" level=error msg="error registering with katalog-sync-daemon: Unknown rpc error: code = Unknown desc = Unable to find pod with katalog-sync annotation (katalog-sync.wish.com/service-names): /api/v1/namespaces/default/pods/hw-7c88d77f6-99c2m"

deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
name: hw
labels:
app: hw
annotations:
katalog-sync.wish.com/sidecar: "katalog-sync-sidecar"
katalog-sync.wish.com/service-names: "hw"
katalog-sync.wish.com/service-port: '8080'
spec:
replicas: 1
selector:
matchLabels:
app: hw
template:
metadata:
labels:
app: hw
annotations:
"katalog-sync.wish.com/sidecar": "katalog-sync-sidecar"
"katalog-sync.wish.com/service-names": "hw"
"katalog-sync.wish.com/service-port": '8080'
#katalog-sync.wish.com/service-port-servicename: '12345'
#katalog-sync.wish.com/service-meta: 'a:1,b:2'
#katalog-sync.wish.com/service-meta-servicename: 'b:1,c:2'
#katalog-sync.wish.com/service-tags: a,b
"katalog-sync.wish.com/sync-interval": 2s
spec:
terminationGracePeriodSeconds: 1
containers:
- name: hw
image: "... IMAGE ..."
imagePullPolicy: Always
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: "/live"
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
readinessProbe:
httpGet:
path: "/ready"
port: 8080
periodSeconds: 5
- command:
- "/bin/katalog-sync-sidecar"
args:
- "--katalog-sync-daemon=$(HOST_IP):8501"
- "--namespace=$(MY_POD_NAMESPACE)"
- "--pod-name=$(MY_POD_NAME)"
- "--container-name=katalog-sync-sidecar"
- "--bind-address=:8888"
env:
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
image: "... IMAGE ..."
imagePullPolicy: Always
name: katalog-sync-sidecar
readinessProbe:
httpGet:
path: "/ready"
port: 8080
initialDelaySeconds: 1
periodSeconds: 5

i'm trying to use this and i'm having several problems, so this is a question/bug/feature request ticket. I can create different issues for each bug/feature request, but lets first find what is a bug or missing feature or bad user.

The first one is that i can only register in consul a deployment/pods, when trying to register a service, nothing show up in consul... so does this support services registration? can it be added?

This is what i'm trying to do:

apiVersion: v1
kind: Service
metadata:
  name: thumbor
  namespace: thumbor-dev
  labels:
    run: thumbor
  annotations:
    katalog-sync.wish.com/service-names: thumbor-nodeport
spec:
  selector:
    app: thumbor
  type: NodePort
  ports:
    - port: 9900
      nodePort: 31111

The second problem is that, using pod registration, in consul dns the pods show with the internal kubernetes ip, This is ok for internal kubernetes access, but i need to use this from outside kubernetes, i need the NodeIP and NodePort ... as nodeport is managed by service, this is probably the above request... or i'm missing something?

With a daemonset, using hostPort, i get the correct IP and ports, so this part works fine

thanks for the help

Hi

since kubernetes/kubeadm#732, the port 10255 is deprecated and at least in aws it doesn't exist anymore:
awslabs/amazon-eks-ami#128

Addjng this seem to mostly solve this:

--kubelet-api=https://localhost:10250/pods
--kubelet-api-insecure-skip-verify

but that returns this error in the log:

level=error msg="Error fetching state from k8s: invalid character 'F' looking for beginning of value"

and doesn't look like katalog-sync is sending the services to consul

I was wondering if you have already considered to use an init container instead of a sidecar one to ensure consul registration before a pod is marked "ready".
If you already run a pool of sidecars will save a bit of resources.

as it is today the sidecar code can't be used as init container, because it also manages the deregister call.

Any thoughts?

Today katalog-sync has annotations on the pods to be synced to consul. It would be nice to support similar annotations on a Service object as well. To implement this we'd need to watch all services with the annotation and sync any local pods that are endpoints of that given service.