Add support for the number of networkpolicies per node (#834)

Signed-off-by: Yuki Tsuboi <ytsuboi@vmware.com>
antrea-io · Jun 19, 2020 · 2634d0d · 2634d0d
1 parent 0d1267c
commit 2634d0d
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 29 deletions.
diff --git a/pkg/agent/controller/networkpolicy/cache.go b/pkg/agent/controller/networkpolicy/cache.go
@@ -27,6 +27,7 @@ import (
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/klog"
 
+	"github.com/vmware-tanzu/antrea/pkg/agent/metrics"
 	"github.com/vmware-tanzu/antrea/pkg/apis/networking/v1beta1"
 )
 
@@ -563,6 +564,7 @@ func (c *ruleCache) AddNetworkPolicy(policy *v1beta1.NetworkPolicy) error {
 
 func (c *ruleCache) addNetworkPolicyLocked(policy *v1beta1.NetworkPolicy) error {
 	c.policyMap[string(policy.UID)] = &types.NamespacedName{policy.Namespace, policy.Name}
+	metrics.NetworkPolicyCount.Inc()
 	return c.UpdateNetworkPolicy(policy)
 }
 
@@ -576,21 +578,33 @@ func (c *ruleCache) UpdateNetworkPolicy(policy *v1beta1.NetworkPolicy) error {
 	}
 
 	for i := range policy.Rules {
-		rule := toRule(&policy.Rules[i], policy)
-		if _, exists := ruleByID[rule.ID]; exists {
+		r := toRule(&policy.Rules[i], policy)
+		if _, exists := ruleByID[r.ID]; exists {
 			// If rule already exists, remove it from the map so the ones left finally are orphaned.
-			klog.V(2).Infof("Rule %v was not changed", rule.ID)
-			delete(ruleByID, rule.ID)
+			klog.V(2).Infof("Rule %v was not changed", r.ID)
+			delete(ruleByID, r.ID)
 		} else {
 			// If rule doesn't exist, add it to cache, mark it as dirty.
-			c.rules.Add(rule)
-			c.dirtyRuleHandler(rule.ID)
+			c.rules.Add(r)
+			// Count up antrea_agent_ingress_networkpolicy_rule_count or antrea_agent_egress_networkpolicy_rule_count
+			if r.Direction == v1beta1.DirectionIn {
+				metrics.IngressNetworkPolicyRuleCount.Inc()
+			} else {
+				metrics.EgressNetworkPolicyRuleCount.Inc()
+			}
+			c.dirtyRuleHandler(r.ID)
 		}
 	}
 
 	// At this moment, the remaining rules are orphaned, remove them from store and mark them as dirty.
-	for ruleID, rule := range ruleByID {
-		c.rules.Delete(rule)
+	for ruleID, r := range ruleByID {
+		c.rules.Delete(r)
+		// Count down antrea_agent_ingress_networkpolicy_rule_count or antrea_agent_egress_networkpolicy_rule_count
+		if r.(*rule).Direction == v1beta1.DirectionIn {
+			metrics.IngressNetworkPolicyRuleCount.Dec()
+		} else {
+			metrics.EgressNetworkPolicyRuleCount.Dec()
+		}
 		c.dirtyRuleHandler(ruleID)
 	}
 	return nil
@@ -610,9 +624,16 @@ func (c *ruleCache) deleteNetworkPolicyLocked(uid string) error {
 	existingRules, _ := c.rules.ByIndex(policyIndex, uid)
 	for _, r := range existingRules {
 		ruleID := r.(*rule).ID
+		// Count down antrea_agent_ingress_networkpolicy_rule_count or antrea_agent_egress_networkpolicy_rule_count
+		if r.(*rule).Direction == v1beta1.DirectionIn {
+			metrics.IngressNetworkPolicyRuleCount.Dec()
+		} else {
+			metrics.EgressNetworkPolicyRuleCount.Dec()
+		}
 		c.rules.Delete(r)
 		c.dirtyRuleHandler(ruleID)
 	}
+	metrics.NetworkPolicyCount.Dec()
 	return nil
 }
 

diff --git a/pkg/agent/controller/networkpolicy/reconciler.go b/pkg/agent/controller/networkpolicy/reconciler.go
@@ -27,7 +27,6 @@ import (
 	"k8s.io/klog"
 
 	"github.com/vmware-tanzu/antrea/pkg/agent/interfacestore"
-	"github.com/vmware-tanzu/antrea/pkg/agent/metrics"
 	"github.com/vmware-tanzu/antrea/pkg/agent/openflow"
 	"github.com/vmware-tanzu/antrea/pkg/agent/types"
 	"github.com/vmware-tanzu/antrea/pkg/apis/networking/v1beta1"
@@ -255,13 +254,6 @@ func (r *reconciler) add(rule *CompletedRule) error {
 		lastRealized.ofIDs[svcHash] = ofID
 	}
 
-	// Count up antrea_agent_ingress_networkpolicy_rule_count or antrea_agent_egress_networkpolicy_rule_count
-	if rule.Direction == v1beta1.DirectionIn {
-		metrics.IngressNetworkPolicyCount.Inc()
-	} else if rule.Direction == v1beta1.DirectionOut {
-		metrics.EgressNetworkPolicyCount.Inc()
-	}
-
 	return nil
 }
 
@@ -438,13 +430,6 @@ func (r *reconciler) Forget(ruleID string) error {
 		delete(lastRealized.ofIDs, svcHash)
 	}
 
-	// Decrement antrea_agent_ingress_networkpolicy_rule_count or antrea_agent_egress_networkpolicy_rule_count
-	if lastRealized.Direction == v1beta1.DirectionIn {
-		metrics.IngressNetworkPolicyCount.Dec()
-	} else if lastRealized.Direction == v1beta1.DirectionOut {
-		metrics.EgressNetworkPolicyCount.Dec()
-	}
-
 	r.lastRealizeds.Delete(ruleID)
 	return nil
 }

diff --git a/pkg/agent/controller/networkpolicy/reconciler_test.go b/pkg/agent/controller/networkpolicy/reconciler_test.go
@@ -83,14 +83,14 @@ func TestReconcilerForget(t *testing.T) {
 		},
 		{
 			"known-single-ofrule",
-			map[string]*lastRealized{"foo": {ofIDs: map[servicesHash]uint32{servicesHash1: 8}, CompletedRule: &CompletedRule{rule: &rule{Direction: v1beta1.DirectionIn}}}},
+			map[string]*lastRealized{"foo": {ofIDs: map[servicesHash]uint32{servicesHash1: 8}}},
 			"foo",
 			[]uint32{8},
 			false,
 		},
 		{
 			"known-multiple-ofrule",
-			map[string]*lastRealized{"foo": {ofIDs: map[servicesHash]uint32{servicesHash1: 8, servicesHash2: 9}, CompletedRule: &CompletedRule{rule: &rule{Direction: v1beta1.DirectionOut}}}},
+			map[string]*lastRealized{"foo": {ofIDs: map[servicesHash]uint32{servicesHash1: 8, servicesHash2: 9}}},
 			"foo",
 			[]uint32{8, 9},
 			false,

diff --git a/pkg/agent/metrics/prometheus.go b/pkg/agent/metrics/prometheus.go
@@ -23,15 +23,15 @@ import (
 )
 
 var (
-	EgressNetworkPolicyCount = metrics.NewGauge(
+	EgressNetworkPolicyRuleCount = metrics.NewGauge(
 		&metrics.GaugeOpts{
 			Name:           "antrea_agent_egress_networkpolicy_rule_count",
 			Help:           "Number of egress networkpolicy rules on local node which are managed by the Antrea Agent.",
 			StabilityLevel: metrics.STABLE,
 		},
 	)
 
-	IngressNetworkPolicyCount = metrics.NewGauge(
+	IngressNetworkPolicyRuleCount = metrics.NewGauge(
 		&metrics.GaugeOpts{
 			Name:           "antrea_agent_ingress_networkpolicy_rule_count",
 			Help:           "Number of ingress networkpolicy rules on local node which are managed by the Antrea Agent.",
@@ -47,6 +47,14 @@ var (
 		},
 	)
 
+	NetworkPolicyCount = metrics.NewGauge(
+		&metrics.GaugeOpts{
+			Name:           "antrea_agent_networkpolicy_count",
+			Help:           "Number of networkpolicies on local node which are managed by the Antrea Agent.",
+			StabilityLevel: metrics.STABLE,
+		},
+	)
+
 	OVSTotalFlowCount = metrics.NewGauge(&metrics.GaugeOpts{
 		Name:           "antrea_agent_ovs_total_flow_count",
 		Help:           "Total flow count of all OVS flow tables.",
@@ -86,14 +94,18 @@ func InitializePrometheusMetrics() {
 	// and will not measure anything unless the collector is first registered.
 	gaugeHost.Set(1)
 
-	if err := legacyregistry.Register(EgressNetworkPolicyCount); err != nil {
+	if err := legacyregistry.Register(EgressNetworkPolicyRuleCount); err != nil {
 		klog.Error("Failed to register antrea_agent_egress_networkpolicy_rule_count with Prometheus")
 	}
 
-	if err := legacyregistry.Register(IngressNetworkPolicyCount); err != nil {
+	if err := legacyregistry.Register(IngressNetworkPolicyRuleCount); err != nil {
 		klog.Error("Failed to register antrea_agent_ingress_networkpolicy_rule_count with Prometheus")
 	}
 
+	if err := legacyregistry.Register(NetworkPolicyCount); err != nil {
+		klog.Error("Failed to register antrea_agent_networkpolicy_count with Prometheus")
+	}
+
 	if err := legacyregistry.Register(OVSTotalFlowCount); err != nil {
 		klog.Error("Failed to register antrea_agent_ovs_total_flow_count with Prometheus")
 	}

diff --git a/test/e2e/prometheus_test.go b/test/e2e/prometheus_test.go
@@ -37,6 +37,7 @@ var antreaAgentMetrics = []string{
 	"antrea_agent_egress_networkpolicy_rule_count",
 	"antrea_agent_ingress_networkpolicy_rule_count",
 	"antrea_agent_local_pod_count",
+	"antrea_agent_networkpolicy_count",
 	"antrea_agent_ovs_total_flow_count",
 	"antrea_agent_ovs_flow_count",
 	"antrea_agent_runtime_info",