Skip to content
This repository was archived by the owner on May 7, 2026. It is now read-only.

Karpenter enterprise support#708

Merged
ruckgy merged 4 commits into
mainfrom
kent-enterprise-support
May 5, 2026
Merged

Karpenter enterprise support#708
ruckgy merged 4 commits into
mainfrom
kent-enterprise-support

Conversation

@ruckgy

@ruckgy ruckgy commented May 5, 2026

Copy link
Copy Markdown
Contributor

Kimchi Summary

What changed

Enhanced enable-reliability-stack.sh to support Karpenter Enterprise (kent) umbrella charts and fixed operator lifecycle detection. Improved Phase 3 data pipeline verification to reliably confirm end-to-end metrics flow using gauge metrics.

Why

Karpenter Enterprise deployments use a distinct kent.castai-kvisor values prefix and ship duplicate subcharts that cause strategic-merge collisions (orphaning volumeMounts). Some umbrella profiles also disable the kvisor agent/controller by default, requiring explicit enablement for reliability metrics. The previous operator detection logic could incorrectly classify a Phase 1–installed operator as external and disable it in Phase 2.

Key changes

  • enable-reliability-stack.sh: Added kent mode auto-detection selecting kent.castai-kvisor as the values prefix when kent.enabled=true and discriminator keys (agent/controller) are present
  • enable-reliability-stack.sh: Auto-injects --set autoscaler.castai-kvisor.enabled=false in kent mode to suppress the duplicate subchart that causes resource conflicts
  • enable-reliability-stack.sh: Added prerequisite check before Phase 2 that reads prior agent.enabled/controller.enabled values; explicitly enables both components and surfaces warnings (distinguishing helm vs parse failures) when values cannot be read
  • enable-reliability-stack.sh: Fixed operator ownership detection by capturing OPERATOR_PRE_EXISTING snapshot before Phase 1; Phase 2 now uses this to avoid disabling operators installed earlier in the same run
  • enable-reliability-stack.sh: Refactored Phase 3 pipeline verification to probe Bronze → Silver → mothership via ch_query helper; validates gauge metrics (not histograms) and distinguishes "ClickHouse unreachable" from "empty data" with specific error messages
  • docs/reliability-stack-installation.md: Updated manual install instructions to cover kent mode (kent.castai-kvisor prefix, disabling autoscaler copy) and revised Phase 3 verification description to match the new probe logic

Impact

  • Kent users: No longer need manual --values-prefix flags; script automatically routes settings to kent.castai-kvisor and disables the conflicting umbrella copy
  • Umbrella upgrades: Explicit agent.enabled=true and controller.enabled=true ensures reliability prerequisites are met even on profiles that default them to false
  • Debugging: Pipeline failures now indicate whether ClickHouse is unreachable or simply has no data, and operator teardown issues are prevented by the pre-existing snapshot logic

@kimchi-review

kimchi-review Bot commented May 5, 2026

Copy link
Copy Markdown

Kimchi Code Review

A review is being prepared and will be posted shortly.

Property Value
Commit d437710
Author @ruckgy
Files changed 2
Review status Pending
What to expect

Kimchi will analyze the changes in this pull request and post:

  • A summary of the overall changes
  • Inline comments on specific lines with findings categorized by issue type

The review typically completes within a few minutes. This comment will be updated once the review is ready.

Interact with Kimchi
  • @kimchi review — re-trigger a full review on the latest commit
  • @kimchi summary — regenerate the PR summary
  • @kimchi ignore — skip this PR (no review will be posted)
  • Reply to any inline comment to ask follow-up questions or request clarification
Configuration

Reviews are configured by your organization admin.
Review instructions, excluded directories, and severity thresholds can be adjusted per repository in the Kimchi dashboard.


Powered by Kimchi — AI-powered code review by CAST AI

Gyorgy Ruck and others added 2 commits May 5, 2026 16:08
Resolved conflicts in the install script and verification doc by combining
main's broader Phase 3 framework (component health checks for OBI container,
agent collector, controller, ClickHouse, migrate Job) with this branch's
data-pipeline probe (gauge-based Bronze → Silver → exporter cursor advance,
which catches a wedged pipeline that helm "deployed" status doesn't).

Kept on this branch:
- Kent prefix preference + audit log in find_kvisor_path
- OPERATOR_PRE_EXISTING snapshot to stop Phase 2 from disabling the operator
  Phase 1 just installed
- agent.enabled / controller.enabled prerequisite check + always-set in Phase 2
- Auto-injection of --set autoscaler.castai-kvisor.enabled=false in kent mode
- Gauge-based dataflow probe with cursor-advance check for export verification

Picked up from main:
- --open-ports / -v|--verbose / --cluster-id-configmap flags
- CSI driver health check + EBS IRSA guidance
- Phase 3a–3f: Agent DS + OBI container + agent collector + controller +
  ClickHouse pod + migrate Job checks (with VERIFY_FAILURES counter)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
#1 Replace stale "line ~841" reference in OPERATOR_PRE_EXISTING comment
   with a section anchor — line numbers rot when the script grows.

#2 Tighten kent fast-path shape check from {agent, controller, castai,
   enabled} to {agent, controller} only. Hoisted into a shared
   KVISOR_DISCRIMINATOR constant used by both fast-path and recursive
   walk so they stay in sync. 'castai' (cluster identity stub) and
   'enabled' (too generic) could otherwise route flags into a future
   minimal stub.

#3 ch_query() now distinguishes kubectl-exec failure from empty result.
   Captures stderr to a tempfile and surfaces the first error line on
   failure ("Bronze probe failed (last clickhouse error: …)") instead
   of the misleading "Bronze empty after 180s — check OBI logs". Also
   adds an upfront SELECT 1 reachability check + LIMIT 1 on probes to
   defend against schema drift returning multi-row results.

#4 Phase 2 prerequisite-state read now uses trap-based cleanup and
   separate HELM_ERR / PY_ERR tempfiles, so the warn message can say
   "helm error: …" or "values parse error: …" rather than head -1ing a
   file that mixed both sources. trap 'rm -f' EXIT plugs the leak path
   under set -e.

#5 Kent override comment generalized — drop the verbatim
   "containers[1].volumeMounts[0].name: Not found" quote (pinned to
   current kubectl wording AND a specific container index) for
   "volumeMounts[N].name: Not found validation errors".

#6 Add a "Two-step lookup" preamble above the find_kvisor_path comment
   and a docstring change so a reader of the recursive walk realises
   the kent fast-path short-circuits before it ever runs.

#7 Add debug() calls in the new code paths (OPERATOR_PRE_EXISTING
   snapshot, Phase 2 prereq read result, kent autoscaler-disable
   injection, probe stage transitions) so --verbose surfaces "why did
   the script choose X" for the kent-specific logic.

#8 Demote manual-verification steps 1–5 from ### to #### and add an
   intro paragraph under "### Manual Verification" so the heading
   isn't immediately followed by another heading at the same level.

Verified end-to-end against the kent test cluster:
- dry-run shows all expected info lines including the new debug output
- script syntax (bash -n) clean
- markdown heading hierarchy under '## Verification' is now well-formed

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@ruckgy ruckgy changed the title Kent enterprise support Karpenter enterprise support May 5, 2026
@ruckgy ruckgy merged commit be6eef5 into main May 5, 2026
5 of 6 checks passed
@ruckgy ruckgy deleted the kent-enterprise-support branch May 5, 2026 15:56
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants