kube-proxy: metric to track conntrack reconciliation latency

kube_proxy_conntrack_reconciler_sync_duration_seconds can be used to track the latency of conntrack flow reconciliation. Signed-off-by: Daman Arora <aroradaman@gmail.com>
2025-07-28 22:17:14 +00:00 · 2025-02-16 13:44:18 +05:30 · 2025-02-16 13:44:18 +05:30 · bdd83038e8
commit bdd83038e8
parent 4e7e14203d
2 changed files with 17 additions and 0 deletions
--- a/pkg/proxy/conntrack/cleanup.go
+++ b/pkg/proxy/conntrack/cleanup.go
@ -29,6 +29,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/klog/v2"
 	"k8s.io/kubernetes/pkg/proxy"
+	"k8s.io/kubernetes/pkg/proxy/metrics"
 	netutils "k8s.io/utils/net"
 )

@ -120,6 +121,7 @@ func CleanStaleEntries(ct Interface, ipFamily v1.IPFamily,
 	} else {
 		klog.V(4).InfoS("Finished reconciling conntrack entries", "ipFamily", ipFamily, "entriesDeleted", n, "took", time.Since(start))
 	}
+	metrics.ReconcileConntrackFlowsLatency.WithLabelValues(string(ipFamily)).Observe(metrics.SinceInSeconds(start))
 }

 // ipFamilyMap maps v1.IPFamily to the corresponding unix constant.
--- a/pkg/proxy/metrics/metrics.go
+++ b/pkg/proxy/metrics/metrics.go
@ -283,6 +283,18 @@ var (
 		"Number of packets accepted on nodeports of loopback interface",
 		nil, nil, metrics.ALPHA, "")
 	LocalhostNodePortAcceptedNFAcctCounter = "localhost_nps_accepted_pkts"
+
+	// ReconcileConntrackFlowsLatency is the latency of one round of kube-proxy conntrack flows reconciliation.
+	ReconcileConntrackFlowsLatency = metrics.NewHistogramVec(
+		&metrics.HistogramOpts{
+			Subsystem:      kubeProxySubsystem,
+			Name:           "conntrack_reconciler_sync_duration_seconds",
+			Help:           "ReconcileConntrackFlowsLatency latency in seconds",
+			Buckets:        metrics.ExponentialBuckets(0.001, 2, 15),
+			StabilityLevel: metrics.ALPHA,
+		},
+		[]string{"ip_family"},
+	)
 )

 var registerMetricsOnce sync.Once
@ -321,15 +333,18 @@ func RegisterMetrics(mode kubeproxyconfig.ProxyMode) {
 			legacyregistry.MustRegister(IPTablesPartialRestoreFailuresTotal)
 			legacyregistry.MustRegister(IPTablesRulesTotal)
 			legacyregistry.MustRegister(IPTablesRulesLastSync)
+			legacyregistry.MustRegister(ReconcileConntrackFlowsLatency)

 		case kubeproxyconfig.ProxyModeIPVS:
 			legacyregistry.MustRegister(IPTablesRestoreFailuresTotal)
+			legacyregistry.MustRegister(ReconcileConntrackFlowsLatency)

 		case kubeproxyconfig.ProxyModeNFTables:
 			legacyregistry.MustRegister(SyncFullProxyRulesLatency)
 			legacyregistry.MustRegister(SyncPartialProxyRulesLatency)
 			legacyregistry.MustRegister(NFTablesSyncFailuresTotal)
 			legacyregistry.MustRegister(NFTablesCleanupFailuresTotal)
+			legacyregistry.MustRegister(ReconcileConntrackFlowsLatency)

 		case kubeproxyconfig.ProxyModeKernelspace:
 			// currently no winkernel-specific metrics