Prometheus iptables rules metric only counts programmed rules. - Githubissues

projectcalico / calico

Cloud native networking and network security

https://docs.tigera.io/calico/latest/about/

Apache License 2.0

6.04k stars 1.35k forks source link

Prometheus iptables rules metric only counts programmed rules. #9374

Closed aaaaaaaalex closed 3 days ago

aaaaaaaalex commented 1 month ago

Description

Related issues/PRs

Todos

[ ] Tests
[ ] Documentation
[ ] Release note

Release Note

The `felix_iptables_rules` Prometheus metric now only counts rules within referenced Iptables chains, no longer counts candidate rules.

Reminder for the reviewer

Make sure that this PR has the correct labels and milestone set.

Every PR needs one docs-* label.

docs-pr-required: This change requires a change to the documentation that has not been completed yet.
docs-completed: This change has all necessary documentation completed.
docs-not-required: This change has no user-facing impact and requires no docs.

Every PR needs one release-note-* label.

release-note-required: This PR has user-facing changes. Most PRs should have this label.
release-note-not-required: This PR has no user-facing changes.

Other optional labels:

cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.

aaaaaaaalex commented 1 week ago

@fasaxc done away with the "settled" business now, instead checking for a particular IPTables chain to determine when the dataplane got programmed at start-of-day, and then using "Eventually" calls to wait until additional changes occur.