mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 03:11:40 +00:00
proxy/iptables: Fix sync_proxy_rules_iptables_total metric
It was counting the number of lines including the "COMMIT" line at the end, so it was off by one.
This commit is contained in:
parent
1d8966f4f9
commit
08680192fb
@ -1596,6 +1596,11 @@ func (proxier *Proxier) syncProxyRules() {
|
||||
"-j", "ACCEPT",
|
||||
)
|
||||
|
||||
numberFilterIptablesRules := utilproxy.CountBytesLines(proxier.filterRules.Bytes())
|
||||
metrics.IptablesRulesTotal.WithLabelValues(string(utiliptables.TableFilter)).Set(float64(numberFilterIptablesRules))
|
||||
numberNatIptablesRules := utilproxy.CountBytesLines(proxier.natRules.Bytes())
|
||||
metrics.IptablesRulesTotal.WithLabelValues(string(utiliptables.TableNAT)).Set(float64(numberNatIptablesRules))
|
||||
|
||||
// Write the end-of-table markers.
|
||||
utilproxy.WriteLine(proxier.filterRules, "COMMIT")
|
||||
utilproxy.WriteLine(proxier.natRules, "COMMIT")
|
||||
@ -1608,11 +1613,6 @@ func (proxier *Proxier) syncProxyRules() {
|
||||
proxier.iptablesData.Write(proxier.natChains.Bytes())
|
||||
proxier.iptablesData.Write(proxier.natRules.Bytes())
|
||||
|
||||
numberFilterIptablesRules := utilproxy.CountBytesLines(proxier.filterRules.Bytes())
|
||||
metrics.IptablesRulesTotal.WithLabelValues(string(utiliptables.TableFilter)).Set(float64(numberFilterIptablesRules))
|
||||
numberNatIptablesRules := utilproxy.CountBytesLines(proxier.natRules.Bytes())
|
||||
metrics.IptablesRulesTotal.WithLabelValues(string(utiliptables.TableNAT)).Set(float64(numberNatIptablesRules))
|
||||
|
||||
klog.V(5).InfoS("Restoring iptables", "rules", proxier.iptablesData.Bytes())
|
||||
err = proxier.iptables.RestoreAll(proxier.iptablesData.Bytes(), utiliptables.NoFlushTables, utiliptables.RestoreCounters)
|
||||
if err != nil {
|
||||
|
@ -913,9 +913,9 @@ COMMIT
|
||||
if err != nil {
|
||||
t.Errorf("failed to get %s value, err: %v", metrics.IptablesRulesTotal.Name, err)
|
||||
}
|
||||
// 43 here is test specific and corresponds to one more than the number of -A lines after `*nat` in `expected`.
|
||||
if nNatRules != 43.0 {
|
||||
t.Fatalf("Wrong number of nat rules: expected 43 received %f", nNatRules)
|
||||
// 42 here is test specific and corresponds to one more than the number of -A lines after `*nat` in `expected`.
|
||||
if nNatRules != 42.0 {
|
||||
t.Fatalf("Wrong number of nat rules: expected 42 received %f", nNatRules)
|
||||
}
|
||||
}
|
||||
|
||||
@ -3308,10 +3308,9 @@ func TestProxierMetricsIptablesTotalRules(t *testing.T) {
|
||||
// -A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT
|
||||
// -A KUBE-FORWARD -m comment --comment "kubernetes forwarding conntrack pod source rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
// -A KUBE-FORWARD -m comment --comment "kubernetes forwarding conntrack pod destination rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
// COMMIT
|
||||
|
||||
if nFilterRules != 7.0 {
|
||||
t.Fatalf("Wrong number of filter rule: expected 7 received %f", nFilterRules)
|
||||
if nFilterRules != 6.0 {
|
||||
t.Fatalf("Wrong number of filter rule: expected 6 received %f", nFilterRules)
|
||||
}
|
||||
|
||||
nNatRules, err := testutil.GetGaugeMetricValue(metrics.IptablesRulesTotal.WithLabelValues(string(utiliptables.TableNAT)))
|
||||
@ -3319,14 +3318,13 @@ func TestProxierMetricsIptablesTotalRules(t *testing.T) {
|
||||
t.Errorf("failed to get %s value, err: %v", metrics.IptablesRulesTotal.Name, err)
|
||||
}
|
||||
|
||||
// rules -A KUBE-POSTROUTING -m mark ! --mark 0x4000/0x4000 -j RETURN
|
||||
// -A KUBE-POSTROUTING -m mark ! --mark 0x4000/0x4000 -j RETURN
|
||||
// -A KUBE-POSTROUTING -j MARK --xor-mark 0x4000
|
||||
// -A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -j MASQUERADE
|
||||
// -A KUBE-MARK-MASQ -j MARK --or-mark 0x4000
|
||||
// -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
|
||||
// COMMIT
|
||||
if nNatRules != 6.0 {
|
||||
t.Fatalf("Wrong number of nat rules: expected 6 received %f", nNatRules)
|
||||
if nNatRules != 5.0 {
|
||||
t.Fatalf("Wrong number of nat rules: expected 5 received %f", nNatRules)
|
||||
}
|
||||
|
||||
populateEndpointSlices(fp,
|
||||
@ -3355,9 +3353,8 @@ func TestProxierMetricsIptablesTotalRules(t *testing.T) {
|
||||
// -A KUBE-FORWARD -m comment --comment "kubernetes forwarding rules" -m mark --mark 0x4000/0x4000 -j ACCEPT
|
||||
// -A KUBE-FORWARD -m comment --comment "kubernetes forwarding conntrack pod source rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
// -A KUBE-FORWARD -m comment --comment "kubernetes forwarding conntrack pod destination rule" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
// COMMIT
|
||||
if nFilterRules != 5.0 {
|
||||
t.Fatalf("Wrong number of filter rule: expected 5 received %f", nFilterRules)
|
||||
if nFilterRules != 4.0 {
|
||||
t.Fatalf("Wrong number of filter rule: expected 4 received %f", nFilterRules)
|
||||
}
|
||||
nNatRules, err = testutil.GetGaugeMetricValue(metrics.IptablesRulesTotal.WithLabelValues(string(utiliptables.TableNAT)))
|
||||
if err != nil {
|
||||
@ -3378,9 +3375,8 @@ func TestProxierMetricsIptablesTotalRules(t *testing.T) {
|
||||
// -A KUBE-SEP-OUFLBLJVR33W4FIZ -m comment --comment ns1/svc1:p80 -s 10.0.0.5/32 -j KUBE-MARK-MASQ
|
||||
// -A KUBE-SEP-OUFLBLJVR33W4FIZ -m comment --comment ns1/svc1:p80 -m udp -p udp -j DNAT --to-destination 10.0.0.5:80
|
||||
// -A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
|
||||
// COMMIT
|
||||
if nNatRules != 16.0 {
|
||||
t.Fatalf("Wrong number of nat rules: expected 16 received %f", nNatRules)
|
||||
if nNatRules != 15.0 {
|
||||
t.Fatalf("Wrong number of nat rules: expected 15 received %f", nNatRules)
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user