Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

metrics: Expose xfrm stats in prometheus #18553

Merged
merged 1 commit into from
Jan 25, 2022
Merged

metrics: Expose xfrm stats in prometheus #18553

merged 1 commit into from
Jan 25, 2022

Conversation

sayboras
Copy link
Member

@sayboras sayboras commented Jan 20, 2022
edited
Loading

Description

This commit is to expose xfrm stats via prometheus metrics if IPSec is
enabled.

Fixes: #14725
Signed-off-by: Tam Mach tam.mach@isovalent.com

Testing

Testing was done locally with kind clusters, please find below details:

ip sec is NOT enabled 
root@kind-control-plane:/home/cilium# cilium metrics list -p ipsec
Metric   Labels   Value
ip sec is enabled 

root@kind-worker:/home/cilium# cilium metrics list -p ipsec

cilium_ipsec_xfrm_error   error="acquire" type="inbound"               0.000000
cilium_ipsec_xfrm_error   error="bundle_check" type="outbound"         0.000000
cilium_ipsec_xfrm_error   error="bundle_generation" type="outbound"    0.000000
cilium_ipsec_xfrm_error   error="forward_header" type="inbound"        0.000000
cilium_ipsec_xfrm_error   error="header" type="inbound"                0.000000
cilium_ipsec_xfrm_error   error="no_buffer" type="inbound"             0.000000
cilium_ipsec_xfrm_error   error="no_policy" type="inbound"             0.000000
cilium_ipsec_xfrm_error   error="no_state" type="inbound"              0.000000
cilium_ipsec_xfrm_error   error="no_state" type="outbound"             0.000000
cilium_ipsec_xfrm_error   error="other" type="inbound"                 0.000000
cilium_ipsec_xfrm_error   error="other" type="outbound"                0.000000
cilium_ipsec_xfrm_error   error="policy" type="inbound"                0.000000
cilium_ipsec_xfrm_error   error="policy" type="outbound"               0.000000
cilium_ipsec_xfrm_error   error="policy_blocked" type="inbound"        0.000000
cilium_ipsec_xfrm_error   error="policy_blocked" type="outbound"       0.000000
cilium_ipsec_xfrm_error   error="policy_dead" type="outbound"          0.000000
cilium_ipsec_xfrm_error   error="state_expired" type="inbound"         0.000000
cilium_ipsec_xfrm_error   error="state_expired" type="outbound"        0.000000
cilium_ipsec_xfrm_error   error="state_invalid" type="inbound"         0.000000
cilium_ipsec_xfrm_error   error="state_invalid" type="outbound"        0.000000
cilium_ipsec_xfrm_error   error="state_mismatched" type="inbound"      0.000000
cilium_ipsec_xfrm_error   error="state_mode" type="inbound"            0.000000
cilium_ipsec_xfrm_error   error="state_mode" type="outbound"           0.000000
cilium_ipsec_xfrm_error   error="state_protocol" type="inbound"        0.000000
cilium_ipsec_xfrm_error   error="state_protocol" type="outbound"       0.000000
cilium_ipsec_xfrm_error   error="state_sequence" type="inbound"        0.000000
cilium_ipsec_xfrm_error   error="state_sequence" type="outbound"       0.000000
cilium_ipsec_xfrm_error   error="template_mismatched" type="inbound"   0.000000

root@kind-control-plane:/home/cilium# cat /proc/net/xfrm_stat 
XfrmInError                     0
XfrmInBufferError               0
XfrmInHdrError                  0
XfrmInNoStates                  0
XfrmInStateProtoError           0
XfrmInStateModeError            0
XfrmInStateSeqError             0
XfrmInStateExpired              0
XfrmInStateMismatch             0
XfrmInStateInvalid              0
XfrmInTmplMismatch              0
XfrmInNoPols                    0
XfrmInPolBlock                  0
XfrmInPolError                  0
XfrmOutError                    0
XfrmOutBundleGenError           0
XfrmOutBundleCheckError         0
XfrmOutNoStates                 0
XfrmOutStateProtoError          0
XfrmOutStateModeError           0
XfrmOutStateSeqError            0
XfrmOutStateExpired             0
XfrmOutPolBlock                 0
XfrmOutPolDead                  0
XfrmOutPolError                 0
XfrmFwdHdrError                 0
XfrmOutStateInvalid             0
XfrmAcquireError                0


metrics: Expose xfrm stats in prometheus metrics

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 20, 2022
@sayboras sayboras added area/metrics Impacts statistics / metrics gathering, eg via Prometheus. release-note/minor This PR changes functionality that users may find relevant to operating Cilium. labels Jan 20, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 20, 2022
@sayboras sayboras marked this pull request as ready for review January 20, 2022 13:12
@sayboras sayboras requested review from a team and joamaki January 20, 2022 13:12
@sayboras
Copy link
Member Author

sayboras commented Jan 21, 2022
edited by maintainer-s-little-helper bot
Loading

/test

Job 'Cilium-PR-K8s-1.23-kernel-net-next' failed and has not been observed before, so may be related to your PR:

Click to show.

Test Name

K8sUpdates Tests upgrade and downgrade from a Cilium stable image to master

Failure Output

FAIL: terminating containers are not deleted after timeout

If it is a flake, comment /mlh new-flake Cilium-PR-K8s-1.23-kernel-net-next so I can create a new GitHub issue to track it.

@sayboras
Copy link
Member Author

sayboras commented Jan 21, 2022
edited by maintainer-s-little-helper bot
Loading

/mlh new-flake Cilium-PR-K8s-1.23-kernel-net-next

👍 created #18566

pchaigno
pchaigno approved these changes Jan 21, 2022
View reviewed changes
Copy link
Member

@pchaigno pchaigno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking care of this! 🙏 🎉

Ok on IPsec-specific bits 👍 I'm too unfamiliar with Prometheus to approve the rest.

pkg/datapath/linux/node.go Show resolved Hide resolved
@pchaigno pchaigno requested review from a team and aanm and removed request for a team January 21, 2022 11:23
aanm
aanm requested changes Jan 21, 2022
View reviewed changes
pkg/datapath/linux/ipsec/xfrm_collector.go Show resolved Hide resolved
pkg/datapath/linux/ipsec/xfrm_collector.go Outdated Show resolved Hide resolved
@sayboras sayboras requested a review from a team as a code owner January 23, 2022 10:42
@sayboras sayboras requested a review from aanm January 23, 2022 10:49
@sayboras sayboras requested a review from a team as a code owner January 24, 2022 07:53
@sayboras sayboras requested a review from qmonnet January 24, 2022 07:53
aanm
aanm approved these changes Jan 25, 2022
View reviewed changes
Copy link
Member

@aanm aanm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@pchaigno
Copy link
Member

The code changes are only covered in the new unit test, which is passing. Smoke tests are also passing and reviews are in. Marking ready to merge.

@pchaigno pchaigno added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. needs-backport/1.10 labels Jan 25, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.11.2 Jan 25, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.10.8 Jan 25, 2022
@kkourt kkourt merged commit 7818a5f into cilium:master Jan 25, 2022
christarazi
christarazi approved these changes Jan 25, 2022
View reviewed changes
Copy link
Member

@christarazi christarazi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@sayboras sayboras deleted the tam/ipsec-metrics branch January 25, 2022 21:11
@kkourt kkourt mentioned this pull request Jan 26, 2022
Merged
@glibsm glibsm added backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. and removed backport-pending/1.11 labels Jan 30, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport done to v1.11 in 1.11.2 Jan 30, 2022
@glibsm glibsm mentioned this pull request Jan 31, 2022
Merged
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Needs backport from master to Backport pending to v1.10 in 1.10.8 Jan 31, 2022
@joestringer joestringer moved this from Backport pending to v1.10 to Backport done to v1.10 in 1.10.8 Feb 23, 2022
This was referenced Feb 23, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joamaki joamaki joamaki approved these changes

@pchaigno pchaigno pchaigno approved these changes

@christarazi christarazi christarazi approved these changes

@aanm aanm aanm approved these changes

@qmonnet qmonnet qmonnet approved these changes

@michi-covalent michi-covalent michi-covalent approved these changes

Assignees
No one assigned
Labels
area/metrics Impacts statistics / metrics gathering, eg via Prometheus. backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/minor This PR changes functionality that users may find relevant to operating Cilium.
Projects
No open projects
1.10.8
Backport done to v1.10
1.11.2
Backport done to v1.11
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Expose xfrm stats as Prometheus metrics for IPSec
9 participants
@sayboras @pchaigno @joamaki @christarazi @aanm @qmonnet @michi-covalent @glibsm @kkourt