Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Healthcheck path for K8s #2

Open
woojuini opened this issue Jan 6, 2025 · 4 comments
Open

Healthcheck path for K8s #2

woojuini opened this issue Jan 6, 2025 · 4 comments
Assignees
@Nedomas

Comments

@woojuini
Copy link

woojuini commented Jan 6, 2025

Thank you for creating such a great tool.

I want to deploy SSE services to K8S using Supergateway.
Can you please provide a simple path to pass healthcheck

It would be great to add a module like the one below to expose prometheus metrics as well.
https://github.com/siimon/prom-client
@Nedomas
Copy link
Member

Nedomas commented Jan 6, 2025

Hey @woojuini,

if I understand this right, you could just use something like https://github.com/Flux159/mcp-server-kubernetes and run it via SSE by using Supergateway like npx -y supergateway --stdio "npx mcp-server-kubernetes". Then it should be available on port 8000.

Saw there’s also another k8s mcp available but not sure how relevant: https://github.com/TaichiHo/k8s-interactive-mcp

Let me know if I answered your question.

@Nedomas Nedomas self-assigned this Jan 6, 2025
@woojuini
Copy link
Author

woojuini commented Jan 7, 2025
edited
Loading

Thanks for Answer!!

I'm not referring to the MCP that connects to the K8S.

I'm talking about deploying SSE services to K8S.
To deploy to k8s with deployment type, you need healthcheck paths for readinessProbe, livenessProbe.

In addition, you need to provide a metrics endpoint to monitor the performance of the deployed app using prometheus.

I made the following changes to it and used it as a local module and successfully deployed it.

$ git diff package.json
@@ -21,7 +21,8 @@
     "@modelcontextprotocol/sdk": "latest",
     "body-parser": "^1.20.2",
     "express": "^4.18.2",
-    "yargs": "^17.7.2"
+    "yargs": "^17.7.2",
+    "prom-client": "^14.2.0"
   },



$ git diff src/index.ts
+import { collectDefaultMetrics, register } from 'prom-client'

@@ -74,6 +75,22 @@ async function main() {
     return bodyParser.json()(req, res, next)
   })

+  // --------------------- Prom-client setup ---------------------
+  // Collect default metrics and expose them on /metrics route
+  collectDefaultMetrics()
+
+  app.get('/metrics', async (req, res) => {
+    res.set('Content-Type', register.contentType)
+    res.send(await register.metrics())
+  })
+
+  // Healthcheck endpoint
+  app.get('/health', (req, res) => {
+    res.status(200).send('OK')
+  })
+  // -------------------------------------------------------------
+
+
   app.get('/sse', async (req, res) => {
     console.log(`[supergateway] New SSE connection from ${req.ip}`)

then
https://testdomain/health
ok

https://testdomain/metrics
process_cpu_user_seconds_total 20.589028
...

@Nedomas
Copy link
Member

Nedomas commented Jan 8, 2025

hey @woojuini , thanks for the explanation! I’d be interested in supporting k8s deployments, just wondering if you’ve seen any patterns how cli-based servers could add k8s healthchecks without adding additional bloat for people who don’t use k8s (esp since this involves installing additional package, exposing endpoints etc).

I’d guess for some people these kinds of additonal exposed metadata endpoints that they don’t use might increase the security risk profile etc.

Wondering if it’s possible to create an adapter or maybe even a "wrapper" for this wrapper, which adds these additional endpoints. Have you seen anything like this in the wild?

@woojuini
Copy link
Author

woojuini commented Jan 9, 2025
edited
Loading

I'm not sure if I'm understanding this correctly, but I don't think I've ever seen it.

As you can see, adding modules like the one below is pretty much basic when deploying a web service in a cloud environment.
https://www.baeldung.com/spring-boot-actuators
https://www.npmjs.com/package/express-actuator
https://github.com/prometheus-net/prometheus-net
https://github.com/prometheus/client_python

If you're concerned about security with an exposed metrics endpoint
In a k8s environment, you can enable metrics endpoint by default and enforce it by restricting specific paths on LB(ingress) in the following way

'''

  • apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
    annotations:
    alb.ingress.kubernetes.io/actions.response-404: |
    {"Type":"fixed-response","FixedResponseConfig":{"ContentType":"text/plain","StatusCode":"404"}}
    ...
    spec:
    ingressClassName: alb
    rules:
    • host: testdomain.com
      http:
      paths:
      • backend:
        service:
        name: �service-using-supergateway
        port:
        number: 3000
      • backend:
        service:
        name: response-404
        port:
        name: use-annotation
        path: /metrics
        pathType: ImplementationSpecific

'''

With the above setup, testdomain.com is accessible from the outside,
but access to testdomain.com/metrics returns a 404.
Of course, inside k8s, we're accessing an internal domain (e.g. service-using-supergateway in the above setup),
so there's no problem collecting /metrics.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Nedomas Nedomas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Nedomas @woojuini