Skip to content

Commit 442bad6

Browse files
committed
feat: heartbeat log includes counts for cidr and named port netpols
Signed-off-by: Hunter Gregory <[email protected]>
1 parent 441316a commit 442bad6

File tree

3 files changed

+79
-8
lines changed

3 files changed

+79
-8
lines changed

npm/metrics/ai-utils.go

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -100,13 +100,16 @@ func SendLog(operationID int, msg string, printLog bool) {
100100
}
101101

102102
func SendHeartbeatWithNumPolicies() {
103-
var message string
104103
numPolicies, err := GetNumPolicies()
105-
if err == nil {
106-
message = fmt.Sprintf("info: NPM heartbeat. Current num policies: %d", numPolicies)
104+
numPoliciesString := "unknown"
105+
if err != nil {
106+
klog.Warningf("warn: NPM hearbeat. Couldn't get number of policies for telemetry log: %s", err.Error())
107107
} else {
108-
message = fmt.Sprintf("warn: NPM hearbeat. Couldn't get number of policies for telemetry log: %v", err)
109-
klog.Warning(message)
108+
numPoliciesString = fmt.Sprint(numPolicies)
110109
}
110+
111+
cidrNetPols := GetCidrNetPols()
112+
namedPortNetPols := GetNamedPortNetPols()
113+
message := fmt.Sprintf("info: NPM hearbeat. Total policies: %s, CIDR policies: %d, NamedPort policies: %d", numPoliciesString, cidrNetPols, namedPortNetPols)
111114
SendLog(util.NpmID, message, DonotPrint)
112115
}

npm/pkg/controlplane/controllers/v2/networkPolicyController.go

Lines changed: 31 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -301,10 +301,14 @@ func (c *NetworkPolicyController) syncAddAndUpdateNetPol(netPolObj *networkingv1
301301
return metrics.NoOp, nil
302302
}
303303

304-
_, policyExisted := c.rawNpSpecMap[netpolKey]
304+
oldNetPolSpec, policyExisted := c.rawNpSpecMap[netpolKey]
305+
hadCIDR := false
306+
hadNamedPort := false
305307
var operationKind metrics.OperationKind
306308
if policyExisted {
307309
operationKind = metrics.UpdateOp
310+
hadCIDR = translation.HasCIDRBlock(oldNetPolSpec)
311+
hadNamedPort = translation.HasNamedPort(oldNetPolSpec)
308312
} else {
309313
operationKind = metrics.CreateOp
310314
}
@@ -320,9 +324,25 @@ func (c *NetworkPolicyController) syncAddAndUpdateNetPol(netPolObj *networkingv1
320324
return operationKind, fmt.Errorf("[syncAddAndUpdateNetPol] Error: failed to update translated NPMNetworkPolicy into Dataplane due to %w", err)
321325
}
322326

323-
if !policyExisted {
327+
if policyExisted {
328+
if hadCIDR && !translation.HasCIDRBlock(&netPolObj.Spec) {
329+
metrics.DecCidrNetPols()
330+
}
331+
332+
if hadNamedPort && !translation.HasNamedPort(&netPolObj.Spec) {
333+
metrics.DecNamedPortNetPols()
334+
}
335+
} else {
324336
// inc metric for NumPolicies only if it a new network policy
325337
metrics.IncNumPolicies()
338+
339+
if translation.HasCIDRBlock(&netPolObj.Spec) {
340+
metrics.IncCidrNetPols()
341+
}
342+
343+
if translation.HasNamedPort(&netPolObj.Spec) {
344+
metrics.IncNamedPortNetPols()
345+
}
326346
}
327347

328348
c.rawNpSpecMap[netpolKey] = &netPolObj.Spec
@@ -331,7 +351,7 @@ func (c *NetworkPolicyController) syncAddAndUpdateNetPol(netPolObj *networkingv1
331351

332352
// DeleteNetworkPolicy handles deleting network policy based on netPolKey.
333353
func (c *NetworkPolicyController) cleanUpNetworkPolicy(netPolKey string) error {
334-
_, cachedNetPolObjExists := c.rawNpSpecMap[netPolKey]
354+
cachedNetPolSpec, cachedNetPolObjExists := c.rawNpSpecMap[netPolKey]
335355
// if there is no applied network policy with the netPolKey, do not need to clean up process.
336356
if !cachedNetPolObjExists {
337357
return nil
@@ -342,6 +362,14 @@ func (c *NetworkPolicyController) cleanUpNetworkPolicy(netPolKey string) error {
342362
return fmt.Errorf("[cleanUpNetworkPolicy] Error: failed to remove policy due to %w", err)
343363
}
344364

365+
if translation.HasCIDRBlock(cachedNetPolSpec) {
366+
metrics.DecCidrNetPols()
367+
}
368+
369+
if translation.HasNamedPort(cachedNetPolSpec) {
370+
metrics.DecNamedPortNetPols()
371+
}
372+
345373
// Success to clean up ipset and iptables operations in kernel and delete the cached network policy from RawNpMap
346374
delete(c.rawNpSpecMap, netPolKey)
347375
metrics.DecNumPolicies()

npm/pkg/controlplane/translation/translatePolicy.go

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -684,3 +684,43 @@ func checkOnlyPortRuleExists(
684684
}
685685
return nil
686686
}
687+
688+
func HasCIDRBlock(netPolSpec *networkingv1.NetworkPolicySpec) bool {
689+
for _, ingress := range netPolSpec.Ingress {
690+
for _, from := range ingress.From {
691+
if from.IPBlock != nil && from.IPBlock.CIDR != "" {
692+
return true
693+
}
694+
}
695+
}
696+
697+
for _, egress := range netPolSpec.Egress {
698+
for _, to := range egress.To {
699+
if to.IPBlock != nil && to.IPBlock.CIDR != "" {
700+
return true
701+
}
702+
}
703+
}
704+
705+
return false
706+
}
707+
708+
func HasNamedPort(netPolObj *networkingv1.NetworkPolicySpec) bool {
709+
for _, ingress := range netPolObj.Ingress {
710+
for _, port := range ingress.Ports {
711+
if t, err := portType(port); err != nil && t == namedPortType {
712+
return true
713+
}
714+
}
715+
}
716+
717+
for _, egress := range netPolObj.Egress {
718+
for _, port := range egress.Ports {
719+
if t, err := portType(port); err != nil && t == namedPortType {
720+
return true
721+
}
722+
}
723+
}
724+
725+
return false
726+
}

0 commit comments

Comments
 (0)