Merge pull request #201181 from tomkerkhove/tomkerkhove/keda/troubleshooting

Maggiemouse1 · web-flow · commit 4d0fff4321ca · 2022-06-13T09:28:57.000+01:00
feat: Introduce troubleshooting guide for KEDA
diff --git a/articles/aks/TOC.yml b/articles/aks/TOC.yml
@@ -477,6 +477,8 @@
           href: keda-deploy-add-on-cli.md
         - name: Kubernetes Event-driven Autoscaler (KEDA) integrations
           href: keda-integrations.md
+        - name: Troubleshoot Kubernetes Event-driven Autoscaler (KEDA)
+          href: keda-troubleshoot.md
     - name: Use Web Application Routing (preview)
       href: web-app-routing.md
     - name: Use cluster extensions
diff --git a/articles/aks/keda-about.md b/articles/aks/keda-about.md
@@ -31,7 +31,7 @@ Learn more about how KEDA works in the [official KEDA documentation][keda-archit
 
 ## Installation and version
 
-KEDA can be added to your Azure Kubernetes Service (AKS) cluster by enabling the KEDA add-on using an [ARM template][keda-arm].
+KEDA can be added to your Azure Kubernetes Service (AKS) cluster by enabling the KEDA add-on using an [ARM template][keda-arm] or [Azure CLI][keda-cli].
 
 The KEDA add-on provides a fully supported installation of KEDA that is integrated with AKS.
 
@@ -63,11 +63,15 @@ For general KEDA questions, we recommend [visiting the FAQ overview][keda-faq].
 ## Next steps
 
 * [Enable the KEDA add-on with an ARM template][keda-arm]
+* [Enable the KEDA add-on with the Azure CLI][keda-cli]
+* [Troubleshoot KEDA add-on problems][keda-troubleshoot]
 * [Autoscale a .NET Core worker processing Azure Service Bus Queue messages][keda-sample]
 
 <!-- LINKS - internal -->
 [keda-azure-cli]: keda-deploy-addon-az-cli.md
+[keda-cli]: keda-deploy-add-on-cli.md
 [keda-arm]: keda-deploy-add-on-arm.md
+[keda-troubleshoot]: keda-troubleshoot.md
 
 <!-- LINKS - external -->
 [keda]: https://keda.sh/
diff --git a/articles/aks/keda-deploy-add-on-arm.md b/articles/aks/keda-deploy-add-on-arm.md
@@ -20,6 +20,7 @@ This article shows you how to deploy the Kubernetes Event-driven Autoscaling (KE
 
 - An Azure subscription. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free).
 - [Azure CLI installed](/cli/azure/install-azure-cli).
+- Firewall rules are configured to allow access to the Kubernetes API server. ([learn more][aks-firewall-requirements])
 
 ### Register the `AKS-KedaPreview` feature flag
 
@@ -137,34 +138,20 @@ To remove the resource group, and all related resources, use the [Az PowerShell
 az group delete --name MyResourceGroup
 ```
 
-### Enabling add-on on clusters with self-managed open-source KEDA installations
-
-While Kubernetes only allows one metric server to be installed, you can in theory install KEDA multiple times. However, it isn't recommended given only one installation will work.
-
-When the KEDA add-on is installed in an AKS cluster, the previous installation of open-source KEDA will be overridden and the add-on will take over.
-
-This means that the customization and configuration of the self-installed KEDA deployment will get lost and no longer be applied.
-
-While there's a possibility that the existing autoscaling will keep on working, there's a risk given it will be configured differently and won't support features such as managed identity.
-
-It's recommended to uninstall existing KEDA installations before enabling the KEDA add-on given the installation will succeed without any error.
-
-Following error will be thrown in the operator logs but the installation of KEDA add-on will be completed. 
-
-Error logged in now-suppressed non-participating KEDA operator pod:
-the error logged inside the already installed KEDA operator logs.
-E0520 11:51:24.868081 1 leaderelection.go:330] error retrieving resource lock default/operator.keda.sh: config maps "operator.keda.sh" is forbidden: User "system:serviceaccount:default:keda-operator" can't get resource "config maps" in API group "" in the namespace "default"
-
 ## Next steps
 
-This article showed you how to install the KEDA add-on on an AKS cluster, and then verify that it's installed and running. With the KEDA add-on installed on your cluster, you can [deploy a sample application][keda-sample] to start scaling apps
+This article showed you how to install the KEDA add-on on an AKS cluster, and then verify that it's installed and running. With the KEDA add-on installed on your cluster, you can [deploy a sample application][keda-sample] to start scaling apps.
+
+You can troubleshoot troubleshoot KEDA add-on problems in [this article][keda-troubleshoot].
 
 <!-- LINKS - internal -->
 [az-aks-create]: /cli/azure/aks#az-aks-create
 [az aks install-cli]: /cli/azure/aks#az-aks-install-cli
 [az aks get-credentials]: /cli/azure/aks#az-aks-get-credentials
 [az aks update]: /cli/azure/aks#az-aks-update
 [az-group-delete]: /cli/azure/group#az-group-delete
+[keda-troubleshoot]: keda-troubleshoot.md
+[aks-firewall-requirements]: limit-egress-traffic.md#azure-global-required-network-rules
 
 <!-- LINKS - external -->
 [kubectl]: https://kubernetes.io/docs/user-guide/kubectl
diff --git a/articles/aks/keda-deploy-add-on-cli.md b/articles/aks/keda-deploy-add-on-cli.md
@@ -21,13 +21,14 @@ This article shows you how to install the Kubernetes Event-driven Autoscaling (K
 
 - An Azure subscription. If you don't have an Azure subscription, you can create a [free account](https://azure.microsoft.com/free).
 - [Azure CLI installed](/cli/azure/install-azure-cli).
+- Firewall rules are configured to allow access to the Kubernetes API server. ([learn more][aks-firewall-requirements])
 
 ### Install the extension `aks-preview` 
  
 Install the `aks-preview` extension in the AKS cluster to make sure you have the latest version of AKS extension before installing KEDA add-on.
 
 ```azurecli
-- az extension add --upgrade --name aks-preview
+az extension add --upgrade --name aks-preview
 ```
 
 ### Register the `AKS-KedaPreview` feature flag
@@ -161,32 +162,18 @@ az aks update \
   --disable-keda 
 ```
 
-### Enabling add-on on clusters with self-managed open-source KEDA installations
-
-While Kubernetes only allows one metric server to be installed, you can in theory install KEDA multiple times. However, it isn't recommended given only one installation will work.
-
-When the KEDA add-on is installed in an AKS cluster, the previous installation of open-source KEDA will be overridden and the add-on will take over.
-
-This means that the customization and configuration of the self-installed KEDA deployment will get lost and no longer be applied.
-
-While there's a possibility that the existing autoscaling will keep on working, there's a risk given it will be configured differently and won't support features such as managed identity.
-
-It's recommended to uninstall existing KEDA installations before enabling the KEDA add-on given the installation will succeed without any error.
-
-Following error will be thrown in the operator logs but the installation of KEDA add-on will be completed. 
-
-Error logged in now-suppressed non-participating KEDA operator pod:
-the error logged inside the already installed KEDA operator logs.
-E0520 11:51:24.868081 1 leaderelection.go:330] error retrieving resource lock default/operator.keda.sh: config maps "operator.keda.sh" is forbidden: User "system:serviceaccount:default:keda-operator" can't get resource "config maps" in API group "" in the namespace "default"
-
 ## Next steps
 This article showed you how to install the KEDA add-on on an AKS cluster using Azure CLI. The steps to verify that KEDA add-on is installed and running are included. With the KEDA add-on installed on your cluster, you can [deploy a sample application][keda-sample] to start scaling apps.
 
+You can troubleshoot troubleshoot KEDA add-on problems in [this article][keda-troubleshoot].
+
 [az-aks-create]: /cli/azure/aks#az-aks-create
 [az aks install-cli]: /cli/azure/aks#az-aks-install-cli
 [az aks get-credentials]: /cli/azure/aks#az-aks-get-credentials
 [az aks update]: /cli/azure/aks#az-aks-update
 [az-group-delete]: /cli/azure/group#az-group-delete
+[keda-troubleshoot]: keda-troubleshoot.md
+[aks-firewall-requirements]: limit-egress-traffic.md#azure-global-required-network-rules
 
 [kubectl]: https://kubernetes.io/docs/user-guide/kubectl
 [keda]: https://keda.sh/
diff --git a/articles/aks/keda-integrations.md b/articles/aks/keda-integrations.md
@@ -48,11 +48,15 @@ However, these external scalers aren't supported as part of the add-on and rely
 ## Next steps
 
 * [Enable the KEDA add-on with an ARM template][keda-arm]
+* [Enable the KEDA add-on with the Azure CLI][keda-cli]
+* [Troubleshoot KEDA add-on problems][keda-troubleshoot]
 * [Autoscale a .NET Core worker processing Azure Service Bus Queue message][keda-sample]
 
 <!-- LINKS - internal -->
 [aks-support-policy]: support-policies.md
+[keda-cli]: keda-deploy-add-on-cli.md
 [keda-arm]: keda-deploy-add-on-arm.md
+[keda-troubleshoot]: keda-troubleshoot.md
 
 <!-- LINKS - external -->
 [keda-scalers]: https://keda.sh/docs/latest/scalers/
diff --git a/articles/aks/keda-troubleshoot.md b/articles/aks/keda-troubleshoot.md
@@ -0,0 +1,103 @@
+---
+title: Troubleshooting Kubernetes Event-driven Autoscaling (KEDA) add-on
+description: How to troubleshoot Kubernetes Event-driven Autoscaling add-on
+services: container-service
+ms.topic: article
+ms.date: 8/26/2021
+ms.author: tomkerkhove
+---
+
+# Kubernetes Event-driven Autoscaling (KEDA) AKS add-on Troubleshooting Guides
+
+When you deploy the KEDA AKS add-on, you could possibly experience problems associated with configuration of the application autoscaler.
+
+The following guide will assist you on how to troubleshoot errors and resolve common problems with the add-on, in addition to the official KEDA [FAQ][keda-faq] & [troubleshooting guide][keda-troubleshooting].
+
+## Verifying and Troubleshooting KEDA components
+
+### Check available KEDA version
+
+You can check the available KEDA version by using the `kubectl` command:
+
+```azurecli-interactive
+kubectl get crd/scaledobjects.keda.sh -o custom-columns='APP:.metadata.labels.app\.kubernetes\.io/version'
+```
+
+An overview will be provided with the installed KEDA version:
+
+```Output
+APP
+2.7.0
+```
+
+### Ensuring the cluster firewall is configured correctly
+
+It might happen that KEDA isn't scaling applications because it can't start up.
+
+When checking the operator logs, you might find errors similar to the following:
+
+```output
+1.6545953013458195e+09 ERROR Failed to get API Group-Resources {"error": "Get \"https://10.0.0.1:443/api?timeout=32s\": EOF"}
+sigs.k8s.io/controller-runtime/pkg/cluster.New
+/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.2/pkg/cluster/cluster.go:160
+sigs.k8s.io/controller-runtime/pkg/manager.New
+/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.2/pkg/manager/manager.go:313
+main.main
+/workspace/main.go:87
+runtime.main
+/usr/local/go/src/runtime/proc.go:255
+1.6545953013459463e+09 ERROR setup unable to start manager {"error": "Get \"https://10.0.0.1:443/api?timeout=32s\": EOF"}
+main.main
+/workspace/main.go:97
+runtime.main
+/usr/local/go/src/runtime/proc.go:255
+```
+
+While in the metric server you might notice that it's not able to start up:
+
+```output
+I0607 09:53:05.297924 1 main.go:147] keda_metrics_adapter "msg"="KEDA Version: 2.7.1"
+I0607 09:53:05.297979 1 main.go:148] keda_metrics_adapter "msg"="KEDA Commit: "
+I0607 09:53:05.297996 1 main.go:149] keda_metrics_adapter "msg"="Go Version: go1.17.9"
+I0607 09:53:05.298006 1 main.go:150] keda_metrics_adapter "msg"="Go OS/Arch: linux/amd64"
+E0607 09:53:15.344324 1 logr.go:279] keda_metrics_adapter "msg"="Failed to get API Group-Resources" "error"="Get \"https://10.0.0.1:443/api?timeout=32s\": EOF"
+E0607 09:53:15.344360 1 main.go:104] keda_metrics_adapter "msg"="failed to setup manager" "error"="Get \"https://10.0.0.1:443/api?timeout=32s\": EOF"
+E0607 09:53:15.344378 1 main.go:209] keda_metrics_adapter "msg"="making provider" "error"="Get \"https://10.0.0.1:443/api?timeout=32s\": EOF"
+E0607 09:53:15.344399 1 main.go:168] keda_metrics_adapter "msg"="unable to run external metrics adapter" "error"="Get \"https://10.0.0.1:443/api?timeout=32s\": EOF"
+```
+
+This most likely means that the KEDA add-on isn't able to start up due to a misconfigured firewall.
+
+In order to make sure it runs correctly, make sure to configure the firewall to meet [the requirements][aks-firewall-requirements].
+
+### Enabling add-on on clusters with self-managed open-source KEDA installations
+
+While Kubernetes only allows one metric server to be installed, you can in theory install KEDA multiple times. However, it isn't recommended given only one installation will work.
+
+When the KEDA add-on is installed in an AKS cluster, the previous installation of open-source KEDA will be overridden and the add-on will take over.
+
+This means that the customization and configuration of the self-installed KEDA deployment will get lost and no longer be applied.
+
+While there's a possibility that the existing autoscaling will keep on working, it introduces a risk given it will be configured differently and won't support features such as managed identity.
+
+It's recommended to uninstall existing KEDA installations before enabling the KEDA add-on given the installation will succeed without any error.
+
+In order to determine which metrics adapter is being used by KEDA, use the `kubectl` command:
+
+```azurecli-interactive
+kubectl get APIService/v1beta1.external.metrics.k8s.io -o custom-columns='NAME:.spec.service.name,NAMESPACE:.spec.service.namespace'
+```
+
+An overview will be provided showing the service and namespace that Kubernetes will use to get metrics:
+
+```Output
+NAME                              NAMESPACE
+keda-operator-metrics-apiserver   kube-system
+```
+
+> [!WARNING]
+> If the namespace is not `kube-system`, then the AKS add-on is being ignored and another metric server is being used.
+
+[aks-firewall-requirements]: limit-egress-traffic.md#azure-global-required-network-rules
+[keda-troubleshooting]: https://keda.sh/docs/latest/troubleshooting/
+[keda-faq]: https://keda.sh/docs/latest/faq/
