[NPM] Decoupling resource cache maps from NSmap (#820)

* first pass at decoupling resource maps

* First pass on decoupling resource maps

* Adding telemetry capabilities to resource CRUD events

* Initializing new maps in nprMgr for tests

* Initializing new maps in nprMgr for tests

* Adding artifact for Npm logs

* Addressing comments

* Addressing comments

Author: vakalapa

.pipelines/npm/npm-conformance-tests.yaml

@@ -179,7 +179,10 @@ jobs:
       mkdir -p $(System.DefaultWorkingDirectory)/npmLogs
       for npm in $npmPodList; do kubectl logs -n kube-system $npm > $(System.DefaultWorkingDirectory)/npmLogs/$npm ;done
     displayName: "Gather NPM Logs"
+    condition: always()
   - publish: $(System.DefaultWorkingDirectory)/npmLogs
+    condition: always()
+    artifact: NpmLogs
 
 - job: Clean_up
   displayName: "Cleanup"

npm/http/server/server_test.go

@@ -15,13 +15,9 @@ import (
 func TestGetNpmMgrHandler(t *testing.T) {
 	assert := assert.New(t)
 	npMgr := &npm.NetworkPolicyManager{
-		NsMap: map[string]*npm.Namespace{
-			"test": &npm.Namespace{
-				PodMap: map[string]*npm.NpmPod{
-					"": &npm.NpmPod{
-						Name: "testpod",
-					},
-				},
+		PodMap: map[string]*npm.NpmPod{
+			"": &npm.NpmPod{
+				Name: "testpod",
 			},
 		},
 	}

npm/namespace.go

@@ -8,19 +8,16 @@ import (
 	"github.com/Azure/azure-container-networking/log"
 	"github.com/Azure/azure-container-networking/npm/ipsm"
 	"github.com/Azure/azure-container-networking/npm/iptm"
+	"github.com/Azure/azure-container-networking/npm/metrics"
 	"github.com/Azure/azure-container-networking/npm/util"
 
 	corev1 "k8s.io/api/core/v1"
-	networkingv1 "k8s.io/api/networking/v1"
 )
 
 type Namespace struct {
 	name            string
 	LabelsMap       map[string]string // NameSpace labels
 	SetMap          map[string]string
-	PodMap          map[string]*NpmPod // Key is PodUID
-	rawNpMap        map[string]*networkingv1.NetworkPolicy
-	ProcessedNpMap  map[string]*networkingv1.NetworkPolicy
 	IpsMgr          *ipsm.IpsetManager
 	iptMgr          *iptm.IptablesManager
 	resourceVersion uint64 // NameSpace ResourceVersion
@@ -29,14 +26,11 @@ type Namespace struct {
 // newNS constructs a new namespace object.
 func newNs(name string) (*Namespace, error) {
 	ns := &Namespace{
-		name:           name,
-		LabelsMap:      make(map[string]string),
-		SetMap:         make(map[string]string),
-		PodMap:         make(map[string]*NpmPod),
-		rawNpMap:       make(map[string]*networkingv1.NetworkPolicy),
-		ProcessedNpMap: make(map[string]*networkingv1.NetworkPolicy),
-		IpsMgr:         ipsm.NewIpsetManager(),
-		iptMgr:         iptm.NewIptablesManager(),
+		name:      name,
+		LabelsMap: make(map[string]string),
+		SetMap:    make(map[string]string),
+		IpsMgr:    ipsm.NewIpsetManager(),
+		iptMgr:    iptm.NewIptablesManager(),
 		// resource version is converted to uint64
 		// so make sure it is initialized to "0"
 		resourceVersion: 0,
@@ -63,28 +57,6 @@ func isInvalidNamespaceUpdate(oldNsObj, newNsObj *corev1.Namespace) (isInvalidUp
 	return
 }
 
-func (ns *Namespace) policyExists(npObj *networkingv1.NetworkPolicy) bool {
-	np, exists := ns.rawNpMap[npObj.ObjectMeta.Name]
-	if !exists {
-		return false
-	}
-
-	if !util.CompareResourceVersions(np.ObjectMeta.ResourceVersion, npObj.ObjectMeta.ResourceVersion) {
-		log.Logf("Cached Network Policy has larger ResourceVersion number than new Obj. Name: %s Cached RV: %d New RV: %d\n",
-			npObj.ObjectMeta.Name,
-			np.ObjectMeta.ResourceVersion,
-			npObj.ObjectMeta.ResourceVersion,
-		)
-		return true
-	}
-
-	if isSamePolicy(np, npObj) {
-		return true
-	}
-
-	return false
-}
-
 // InitAllNsList syncs all-namespace ipset list.
 func (npMgr *NetworkPolicyManager) InitAllNsList() error {
 	allNs := npMgr.NsMap[util.KubeAllNamespacesFlag]
@@ -94,7 +66,7 @@ func (npMgr *NetworkPolicyManager) InitAllNsList() error {
 		}
 
 		if err := allNs.IpsMgr.AddToList(util.KubeAllNamespacesFlag, ns); err != nil {
-			log.Errorf("Error: failed to add namespace set %s to ipset list %s", ns, util.KubeAllNamespacesFlag)
+			metrics.SendErrorLogAndMetric(util.NSID, "[InitAllNsList] Error: failed to add namespace set %s to ipset list %s with err: %v", ns, util.KubeAllNamespacesFlag, err)
 			return err
 		}
 	}
@@ -111,7 +83,7 @@ func (npMgr *NetworkPolicyManager) UninitAllNsList() error {
 		}
 
 		if err := allNs.IpsMgr.DeleteFromList(util.KubeAllNamespacesFlag, ns); err != nil {
-			log.Errorf("Error: failed to delete namespace set %s from list %s", ns, util.KubeAllNamespacesFlag)
+			metrics.SendErrorLogAndMetric(util.NSID, "[UninitAllNsList] Error: failed to delete namespace set %s from list %s with err: %v", ns, util.KubeAllNamespacesFlag, err)
 			return err
 		}
 	}
@@ -129,12 +101,12 @@ func (npMgr *NetworkPolicyManager) AddNamespace(nsObj *corev1.Namespace) error {
 	ipsMgr := npMgr.NsMap[util.KubeAllNamespacesFlag].IpsMgr
 	// Create ipset for the namespace.
 	if err = ipsMgr.CreateSet(nsName, append([]string{util.IpsetNetHashFlag})); err != nil {
-		log.Errorf("Error: failed to create ipset for namespace %s.", nsName)
+		metrics.SendErrorLogAndMetric(util.NSID, "[AddNamespace] Error: failed to create ipset for namespace %s with err: %v", nsName, err)
 		return err
 	}
 
 	if err = ipsMgr.AddToList(util.KubeAllNamespacesFlag, nsName); err != nil {
-		log.Errorf("Error: failed to add %s to all-namespace ipset list.", nsName)
+		metrics.SendErrorLogAndMetric(util.NSID, "[AddNamespace] Error: failed to add %s to all-namespace ipset list with err: %v", nsName, err)
 		return err
 	}
 
@@ -144,21 +116,21 @@ func (npMgr *NetworkPolicyManager) AddNamespace(nsObj *corev1.Namespace) error {
 		labelKey := util.GetNSNameWithPrefix(nsLabelKey)
 		log.Logf("Adding namespace %s to ipset list %s", nsName, labelKey)
 		if err = ipsMgr.AddToList(labelKey, nsName); err != nil {
-			log.Errorf("Error: failed to add namespace %s to ipset list %s", nsName, labelKey)
+			metrics.SendErrorLogAndMetric(util.NSID, "[AddNamespace] Error: failed to add namespace %s to ipset list %s with err: %v", nsName, labelKey, err)
 			return err
 		}
 
 		label := util.GetNSNameWithPrefix(nsLabelKey + ":" + nsLabelVal)
 		log.Logf("Adding namespace %s to ipset list %s", nsName, label)
 		if err = ipsMgr.AddToList(label, nsName); err != nil {
-			log.Errorf("Error: failed to add namespace %s to ipset list %s", nsName, label)
+			metrics.SendErrorLogAndMetric(util.NSID, "[AddNamespace] Error: failed to add namespace %s to ipset list %s with err: %v", nsName, label, err)
 			return err
 		}
 	}
 
 	ns, err := newNs(nsName)
 	if err != nil {
-		log.Errorf("Error: failed to create namespace %s", nsName)
+		metrics.SendErrorLogAndMetric(util.NSID, "[AddNamespace] Error: failed to create namespace %s with err: %v", nsName, err)
 	}
 	setResourceVersion(ns, nsObj.GetObjectMeta().GetResourceVersion())
 
@@ -223,8 +195,8 @@ func (npMgr *NetworkPolicyManager) UpdateNamespace(oldNsObj *corev1.Namespace, n
 	//if no change in labels then return
 	if reflect.DeepEqual(curNsObj.LabelsMap, newNsLabel) {
 		log.Logf(
-			"NAMESPACE UPDATING:\n nothing to delete or add. old namespace: [%s/%v]\n cache namespace: [%s/%v] new namespace: [%s/%v]",
-			oldNsNs, oldNsLabel, curNsObj.name, curNsObj.LabelsMap, newNsNs, newNsLabel,
+			"NAMESPACE UPDATING: nothing to delete or add. namespace: [%s/%v]",
+			newNsNs, newNsLabel,
 		)
 		return nil
 	}
@@ -238,7 +210,7 @@ func (npMgr *NetworkPolicyManager) UpdateNamespace(oldNsObj *corev1.Namespace, n
 		labelKey := util.GetNSNameWithPrefix(nsLabelVal)
 		log.Logf("Deleting namespace %s from ipset list %s", oldNsNs, labelKey)
 		if err = ipsMgr.DeleteFromList(labelKey, oldNsNs); err != nil {
-			log.Errorf("Error: failed to delete namespace %s from ipset list %s", oldNsNs, labelKey)
+			metrics.SendErrorLogAndMetric(util.NSID, "[UpdateNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", oldNsNs, labelKey, err)
 			return err
 		}
 	}
@@ -248,7 +220,7 @@ func (npMgr *NetworkPolicyManager) UpdateNamespace(oldNsObj *corev1.Namespace, n
 		labelKey := util.GetNSNameWithPrefix(nsLabelVal)
 		log.Logf("Adding namespace %s to ipset list %s", oldNsNs, labelKey)
 		if err = ipsMgr.AddToList(labelKey, oldNsNs); err != nil {
-			log.Errorf("Error: failed to add namespace %s to ipset list %s", oldNsNs, labelKey)
+			metrics.SendErrorLogAndMetric(util.NSID, "[UpdateNamespace] Error: failed to add namespace %s to ipset list %s with err: %v", oldNsNs, labelKey, err)
 			return err
 		}
 	}
@@ -281,27 +253,27 @@ func (npMgr *NetworkPolicyManager) DeleteNamespace(nsObj *corev1.Namespace) erro
 		labelKey := util.GetNSNameWithPrefix(nsLabelKey)
 		log.Logf("Deleting namespace %s from ipset list %s", nsName, labelKey)
 		if err = ipsMgr.DeleteFromList(labelKey, nsName); err != nil {
-			log.Errorf("Error: failed to delete namespace %s from ipset list %s", nsName, labelKey)
+			metrics.SendErrorLogAndMetric(util.NSID, "[DeleteNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", nsName, labelKey, err)
 			return err
 		}
 
 		label := util.GetNSNameWithPrefix(nsLabelKey + ":" + nsLabelVal)
 		log.Logf("Deleting namespace %s from ipset list %s", nsName, label)
 		if err = ipsMgr.DeleteFromList(label, nsName); err != nil {
-			log.Errorf("Error: failed to delete namespace %s from ipset list %s", nsName, label)
+			metrics.SendErrorLogAndMetric(util.NSID, "[DeleteNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", nsName, label, err)
 			return err
 		}
 	}
 
 	// Delete the namespace from all-namespace ipset list.
 	if err = ipsMgr.DeleteFromList(util.KubeAllNamespacesFlag, nsName); err != nil {
-		log.Errorf("Error: failed to delete namespace %s from ipset list %s", nsName, util.KubeAllNamespacesFlag)
+		metrics.SendErrorLogAndMetric(util.NSID, "[DeleteNamespace] Error: failed to delete namespace %s from ipset list %s with err: %v", nsName, util.KubeAllNamespacesFlag, err)
 		return err
 	}
 
 	// Delete ipset for the namespace.
 	if err = ipsMgr.DeleteSet(nsName); err != nil {
-		log.Errorf("Error: failed to delete ipset for namespace %s.", nsName)
+		metrics.SendErrorLogAndMetric(util.NSID, "[DeleteNamespace] Error: failed to delete ipset for namespace %s with err: %v", nsName, err)
 		return err
 	}
 

npm/namespace_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/Azure/azure-container-networking/npm/ipsm"
 	"github.com/Azure/azure-container-networking/npm/util"
 	corev1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -48,6 +49,9 @@ func TestAllNsList(t *testing.T) {
 func TestAddNamespace(t *testing.T) {
 	npMgr := &NetworkPolicyManager{
 		NsMap:            make(map[string]*Namespace),
+		PodMap:           make(map[string]*NpmPod),
+		RawNpMap:         make(map[string]*networkingv1.NetworkPolicy),
+		ProcessedNpMap:   make(map[string]*networkingv1.NetworkPolicy),
 		TelemetryEnabled: false,
 	}
 
@@ -87,6 +91,9 @@ func TestAddNamespace(t *testing.T) {
 func TestUpdateNamespace(t *testing.T) {
 	npMgr := &NetworkPolicyManager{
 		NsMap:            make(map[string]*Namespace),
+		PodMap:           make(map[string]*NpmPod),
+		RawNpMap:         make(map[string]*networkingv1.NetworkPolicy),
+		ProcessedNpMap:   make(map[string]*networkingv1.NetworkPolicy),
 		TelemetryEnabled: false,
 	}
 
@@ -139,6 +146,9 @@ func TestUpdateNamespace(t *testing.T) {
 func TestAddNamespaceLabel(t *testing.T) {
 	npMgr := &NetworkPolicyManager{
 		NsMap:            make(map[string]*Namespace),
+		PodMap:           make(map[string]*NpmPod),
+		RawNpMap:         make(map[string]*networkingv1.NetworkPolicy),
+		ProcessedNpMap:   make(map[string]*networkingv1.NetworkPolicy),
 		TelemetryEnabled: false,
 	}
 
@@ -200,6 +210,9 @@ func TestAddNamespaceLabel(t *testing.T) {
 func TestDeleteandUpdateNamespaceLabel(t *testing.T) {
 	npMgr := &NetworkPolicyManager{
 		NsMap:            make(map[string]*Namespace),
+		PodMap:           make(map[string]*NpmPod),
+		RawNpMap:         make(map[string]*networkingv1.NetworkPolicy),
+		ProcessedNpMap:   make(map[string]*networkingv1.NetworkPolicy),
 		TelemetryEnabled: false,
 	}
 
@@ -261,6 +274,9 @@ func TestDeleteandUpdateNamespaceLabel(t *testing.T) {
 func TestDeleteNamespace(t *testing.T) {
 	npMgr := &NetworkPolicyManager{
 		NsMap:            make(map[string]*Namespace),
+		PodMap:           make(map[string]*NpmPod),
+		RawNpMap:         make(map[string]*networkingv1.NetworkPolicy),
+		ProcessedNpMap:   make(map[string]*networkingv1.NetworkPolicy),
 		TelemetryEnabled: false,
 	}
 

npm/npm.go

@@ -50,6 +50,9 @@ type NetworkPolicyManager struct {
 
 	NodeName                     string
 	NsMap                        map[string]*Namespace
+	PodMap                       map[string]*NpmPod                     // Key is ns-<nsname>/<podname>/<poduuid>
+	RawNpMap                     map[string]*networkingv1.NetworkPolicy // Key is ns-<nsname>/<policyname>
+	ProcessedNpMap               map[string]*networkingv1.NetworkPolicy // Key is ns-<nsname>/<podSelectorHash>
 	isAzureNpmChainCreated       bool
 	isSafeToCleanUpAzureNpmChain bool
 
@@ -120,10 +123,8 @@ func (npMgr *NetworkPolicyManager) SendClusterMetrics() {
 		podCount.Value = 0
 		//Reducing one to remove all-namespaces ns obj
 		nsCount.Value = float64(len(npMgr.NsMap) - 1)
-		for _, ns := range npMgr.NsMap {
-			nwPolicyCount.Value += float64(len(ns.rawNpMap))
-			podCount.Value += float64(len(ns.PodMap))
-		}
+		nwPolicyCount.Value += float64(len(npMgr.RawNpMap))
+		podCount.Value += float64(len(npMgr.PodMap))
 		npMgr.Unlock()
 
 		metrics.SendMetric(podCount)
@@ -232,6 +233,9 @@ func NewNetworkPolicyManager(clientset *kubernetes.Clientset, informerFactory in
 		npInformer:                   npInformer,
 		NodeName:                     os.Getenv("HOSTNAME"),
 		NsMap:                        make(map[string]*Namespace),
+		PodMap:                       make(map[string]*NpmPod),
+		RawNpMap:                     make(map[string]*networkingv1.NetworkPolicy),
+		ProcessedNpMap:               make(map[string]*networkingv1.NetworkPolicy),
 		isAzureNpmChainCreated:       false,
 		isSafeToCleanUpAzureNpmChain: false,
 		clusterState: telemetry.ClusterState{