AWS VPC CNI Add-on / aws-eks-nodeagent container using port 8080
kareem-rady opened this issue · 10 comments
The new VPC CNI add-on version "v1.14.0-eksbuild.3" and the addition of the new aws-eks-nodeagent container
it seems to have introduced a service listening on port 8080 on each worker node , Is there a way to control what port it listens on ?
could possible tie into issue #2524
@kareem-rady the node agent uses port 8080 for metrics, and it is configurable: https://github.com/aws/aws-network-policy-agent/blob/main/pkg/config/runtime_config.go#L17
btw, this issue/question belongs at https://github.com/aws/aws-network-policy-agent/issues
Thanks for your prompt response , what I am trying to do is override this value via the configuration values of the VPC CNI add-on. Do you know if this can be done ?
It might be worth raising this clearly in the changelog / AWS docs along with how to change the port. It breaks workloads with hostNetwork/hostPort that listen on tcp/8080.
@kareem-rady It looks like you can add --metrics-bind-addr=:9090 to the args of the aws-eks-nodeagent container to e.g. change the metrics listener to bind to port 9090. See here: https://github.com/aws/aws-network-policy-agent/blob/7e61c86bc5589e2f4866fd45a2b7c16737c88635/pkg/config/runtime_config.go#L17
It also seems to run fine if you just don't run that container (if you are not using network policy yet).
Maybe the default for this port could be a less-commonly-used one.
Thanks , yes that has been the issue for me it is breaking some of my existing workloads already listening on port 8080
I am using the VPC CNI addon and not deploying the chart manually myself otherwise would have been easier to pass on the additional arg to the node agent container
Was hoping there would be away to do it via the VPC CNI add-on configuration values:
https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables
Since this is now all packaged together there needs to be an easier way to control the configuration values for the node agent container as well
will try to raise it in the https://github.com/aws/aws-network-policy-agent/issues
to modify the configuration to default to a less commonly used port.
the VPC CNI add-on configuration schema includes a node for nodeAgent configuration would be good if there is a way to pass some configuration the node agent container
"NodeAgent": { "additionalProperties": false, "properties": { "enableCloudWatchLogs": { "format": "boolean", "type": "string" } },
@kareem-rady the metrics port is unfortunately not configurable from the managed addon, but we are working on making it so. In the meantime, configuration via the container command line args in the daemonset is the only solution.
@jbg I am adding this to the release notes for v1.14.0 now, and we are discussing whether it makes sense to change the default here
@jdn5126 Thanks and appreciate you looking into this.
I have the same issue with vpc-cni and node-local-dns. Please make metrics port configurable in the same way as enableNetworkPolicy flag.
Closing the issue as we made the metrics port configurable in release v1.14.1. By default it now binds to port 8162, 8163
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.