Understanding Konvoy addon dependencies
Overview/Background
When deploying Konvoy, addons are a integral part of the cluster's functionality. When deploying or troubleshooting addons, it is important to understand how the addons interact and specific addons have, and/or fulfill, dependencies.If an addon's dependency is not successfully deployed, the addon relying on the dependency will not successfully deploy either.
These dependencies are determined by each addon's .spec.requires.
For example, the cert-manager addon is a dependency of traefik. If we take a look at the traefik ClusterAddon object, we observe the following .spec.requires:
- matchLabels:
kubeaddons.mesosphere.io/name: cert-manager
As indicated by the key matchLabels, the addon looks for its dependencies via labels on objects.Therefore, If we then view the .metadata.labels of the cert-manager ClusterAddon object, we observe the following label:
kubeaddons.mesosphere.io/name: cert-managerIn this example, without the cert-manager addon being deployed, the traefik addon will not deploy.
In addition to being helpful for understanding why an addon will not deploy, understanding these concepts will also help you troubleshoot why an addon may not be working properly, as a dependency addon may not be healthy and could cause issues.
| Addon | Dependencies |
|---|---|
| awsebscsiprovisioner | kubeaddons.mesosphere.io/name: defaultstorageclass-protection |
| awsebsprovisioner | kubeaddons.mesosphere.io/name: defaultstorageclass-protection |
| defaultstorageclass-protection | kubeaddons.mesosphere.io/name: cert-manager |
| dex | kubeaddons.mesosphere.io/provides: ingresscontroller |
| dex-k8s-authenticator | kubeaddons.mesosphere.io/name: dex kubeaddons.mesosphere.io/provides: ingresscontroller |
| elasticsearch-curator | kubeaddons.mesosphere.io/name: elasticsearch |
| elasticsearchexporter | kubeaddons.mesosphere.io/name: elasticsearch |
| flagger | kubeaddons.mesosphere.io/name: istio |
| fluentbit | kubeaddons.mesosphere.io/name: elasticsearch |
| gatekeeper | kubeaddons.mesosphere.io/name: cert-manager |
| gcpdisk-csi-driver | kubeaddons.mesosphere.io/name: defaultstorageclass-protection |
| gcpdiskprovisioner | kubeaddons.mesosphere.io/name: defaultstorageclass-protection kubeaddons.mesosphere.io/name: gcpdisk-csi-driver |
| istio | kubeaddons.mesosphere.io/name: cert-manager |
| kibana | kubeaddons.mesosphere.io/name: elasticsearch |
| kube-oidc-proxy | kubeaddons.mesosphere.io/provides: ingresscontroller kubeaddons.mesosphere.io/name: cert-manager kubeaddons.mesosphere.io/name: dex |
| localvolumeprovisioner | kubeaddons.mesosphere.io/name: defaultstorageclass-protection |
| prometheusadapter | kubeaddons.mesosphere.io/name: prometheus |
| traefik | kubeaddons.mesosphere.io/name: cert-manager |
| traefik-forward-auth | kubeaddons.mesosphere.io/name: dex kubeaddons.mesosphere.io/provides: ingresscontroller |
| velero | kubeaddons.mesosphere.io/provides: ingresscontroller |
Some dependency labels in the list above have a label key of "kubeaddons.mesosphere.io/provides". In general, there are multiple addons that can have these labels.
| kubeaddons.mesosphere.io/provides value | Addon(s) |
|---|---|
| storageclass | awsebsprovisioner azurediskprovisioner awsebscsiprovisioner gcpdiskprovisioner localvolumeprovisioner |
| nvidia | nvidia |
| csi-driver | azuredisk-csi-driver gcpdisk-csi-driver |
| loadbalancer | metallb |
| ingresscontroller | traefik |