AKO supports broadcasting Kubernetes events in order to enhance the observability and monitoring aspects of AKO as an ingress Controller.

Kubernetes events are stored objects that are generated by Controllers in response to various user actions. These events are stored in the Kubernetes store for 1 hour by default, but can be changed while configuring the kube-apiserver.

Avi Kubernetes Operator broadcasts events in order to:

  • To enhance debuggability.

  • Use events for better error reporting, for support and engineering team to report issue after analyzing event timeline.

  • Provide granular debugging on Ingress/Routes/SvcLB/Gateways and show their relationship with NSX Advanced Load Balancer virtual services, that AKO creates.

Control AKO event broadcasting using the enableEvents flag in the ConfigMap. By default, the Event broadcasting is enabled. However, this field can be disabled by updating the ConfigMap, which comes into effect without rebooting AKO.

Event Types

The events fired by AKO are segregated into two Event types:

  • Normal

    Normal events are expected responses to certain user actions, that confirm a successful workflow. These type of events do not require any further user intervention.

    A few examples of normal events are:

    20m         Normal    ValidatedUserInput   pod/ako-0   User input validation completed. 
    20m         Normal    StatusSync           pod/ako-0   Status syncing completed 
    33s         Normal   Synced               ingress/ingress1                                   Added virtualservice clusterName--Shared-L7-1 for bar.avi.com 
  • Warning

    Warning events are deviations from the normal workflow, and generally carry an Error message with it that tells more about what went wrong, and what needs to be fixed as part of it.

    A few examples of a Warning events are:

    23s         Warning   AKOShutdown          pod/ako-0   Invalid user input [No user input detected for vipNetworkList] 
    Note:

    Regardless of the enableEvents setting in the ConfigMap, Warning events are always broadcasted through AKO.

Event Categories

AKO broadcasted events can be categorized into three classes, and are described as follows:

  • Pod events

  • Ingress/Route/ServiceLB/Gateway events

  • AKO CRD Events

Pod events

AKO broadcasts pod events referencing the AKO Pod. Pod events primarily consist of checkpoints that the AKO pod goes through, starting from bootup to the time it is ready to sync objects to the NSX Advanced Load Balancer Controller. It also covers Warning type Events in case of any user input errors, and other issues that prevent a successful AKO bootup.

Ingress/Route/ServiceLB/Gateway events

These events are objects corresponding to which AKO creates virtual services in the NSX Advanced Load Balancer Controller, for instance Ingress, Openshift Routes, Services of type load balancer and Gateway objects. These objects directly correspond to one or more virtual services created in NSX Advanced Load Balancer through AKO, and also receive a VIP for the virtual service, which is updated in the status of the respective objects. The events related to these objects are primarily Normal events, that tell the user when and which virtual service was created corresponding to the object. For example,

  • Ingress

    Events:
      Type    Reason  Age              From                     Message
      ----    ------  ----             ----                     -------
      Normal  Synced  6s               avi-kubernetes-operator  Added virtualservice ako-clusterName--Shared-L7-6 for foo.avi.com
      Normal  Synced  4s               avi-kubernetes-operator  Added virtualservice ako-clusterName--bar.avi.com for bar.avi.com
    
  • Ingress in EVH mode

    Events:
      Type    Reason   Age                From                     Message
      ----    ------   ----               ----                     -------
      Normal  Synced   5s                 avi-kubernetes-operator  Added virtualservice ako-clusterName--ddd26961643229facf2b2d94d05e33519ed3fbfd for foo.avi.com
      Normal  Synced   5s                 avi-kubernetes-operator  Added virtualservice ako-clusterName--3aedd52095d8864d41be2264c181042b6fc58c28 for bar.avi.com
  • Service of Type LoadBalancer

    Events:
      Type    Reason   Age   From                     Message
      ----    ------   ----  ----                     -------
      Normal  Type     68s   service-controller       ClusterIP -> LoadBalancer
      Normal  Synced   64s   avi-kubernetes-operator  Added virtualservice ako-clusterName--default-avisvc-https for avisvc-https
      Normal  Type     2s    service-controller       LoadBalancer -> ClusterIP
      Normal  Removed  1s    avi-kubernetes-operator  Removed virtualservice for avisvc-https

Apart from the virtual services being created/removed corresponding to these objects, other Warning events can tell certain misconfigurations in the object, for instance, when an multiple Ingresses contain duplicate host paths.

Events:
  Type     Reason             Age              From                     Message
  ----     ------             ----             ----                     -------
  Warning  DuplicateHostPath  8s               avi-kubernetes-operator  Duplicate entries found for hostpath default/ingress1: foo.avi.com/path4 in ingresses: ["default/ingress1","default/ingress2"]

AKO CRD Events

These are events that are referenced to AKO CRDs, specifically the HostRule/HTTPRule CRDs. Once a CRD is created, the configurations mentioned in the CR are applied to a VS or a Pool. The CRD events tell, to which specific virtual service/pool, the HostRule/HTTPRule is applied. Example of a HostRule event is as follows:

Events:
  Type    Reason    Age   From                     Message
  ----    ------    ----  ----                     -------
  Normal  Attached  11s   avi-kubernetes-operator  Configuration applied to VirtualService ako-clusterName--3aedd52095d8864d41be2264c181042b6fc58c28

Helpful Commands

This section covers details around where to find the events, the commands that can be used, and how to filter AKO specific events. All Events created by AKO have a source specified as avi-kubernetes-operator, and reference a single object, based on the Event category discussed above. Check for Kubernetes events by using:

kubectl get events 

Although this command shows all the events generated by various other Controllers in the cluster, events can be filtered within a namespace, or by referenced object name and so on. These filtering mechanisms are native to Kubernetes and are not AKO-specific. For example, to see Events generated for AKO Pod, use the following command:

kubectl get events -n avi-system --field-selector involvedObject.name=ako-0 

Similarly for Ingresses use,

kubectl get events --field-selector involvedObject.name=ingress1

In addition to the kubectl get events command and the filters that come with it, you can also check the events for a particular object using the kubectl describe command. The describe command, very neatly aut-filters all the events corresponding to that object, and prints the output:

kubectl describe pod -n avi-system ako-0
kubectl describe ingress ingress1