remove _ssl_expire_time_seconds metric by identifier (#9706)
Signed-off-by: xiayu.lyt <xiayu.lyt@alibaba-inc.com>
This commit is contained in:
Tony Li
GitHub
parent
d808e38911
commit
b4cae70b52
5 changed files with 31 additions and 17 deletions
|
|
@ -253,9 +253,8 @@ func (n *NGINXController) syncIngress(interface{}) error {
|
|||
}
|
||||
|
||||
ri := utilingress.GetRemovedIngresses(n.runningConfig, pcfg)
|
||||
re := utilingress.GetRemovedHosts(n.runningConfig, pcfg)
|
||||
rc := utilingress.GetRemovedCertificateSerialNumbers(n.runningConfig, pcfg)
|
||||
n.metricCollector.RemoveMetrics(ri, re, rc)
|
||||
n.metricCollector.RemoveMetrics(ri, rc)
|
||||
|
||||
n.runningConfig = pcfg
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ import (
|
|||
var (
|
||||
operation = []string{"controller_namespace", "controller_class", "controller_pod"}
|
||||
ingressOperation = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress"}
|
||||
sslLabelHost = []string{"namespace", "class", "host", "secret_name"}
|
||||
sslLabelHost = []string{"namespace", "class", "host", "secret_name", "identifier"}
|
||||
sslInfoLabels = []string{"namespace", "class", "host", "secret_name", "identifier", "issuer_organization", "issuer_common_name", "serial_number", "public_key_algorithm"}
|
||||
orphanityLabels = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress", "type"}
|
||||
)
|
||||
|
|
@ -305,6 +305,7 @@ func (cm *Controller) SetSSLExpireTime(servers []*ingress.Server) {
|
|||
}
|
||||
labels["host"] = s.Hostname
|
||||
labels["secret_name"] = s.SSLCert.Name
|
||||
labels["identifier"] = s.SSLCert.Identifier()
|
||||
|
||||
cm.sslExpireTime.With(labels).Set(float64(s.SSLCert.ExpireTime.Unix()))
|
||||
}
|
||||
|
|
@ -337,9 +338,9 @@ func (cm *Controller) SetSSLInfo(servers []*ingress.Server) {
|
|||
}
|
||||
}
|
||||
|
||||
// RemoveMetrics removes metrics for hostnames not available anymore
|
||||
func (cm *Controller) RemoveMetrics(hosts, certificates []string, registry prometheus.Gatherer) {
|
||||
cm.removeSSLExpireMetrics(true, hosts, registry)
|
||||
// RemoveMetrics removes metrics for certificates not available anymore by identifier
|
||||
func (cm *Controller) RemoveMetrics(certificates []string, registry prometheus.Gatherer) {
|
||||
cm.removeSSLExpireMetrics(true, certificates, registry)
|
||||
cm.removeCertificatesMetrics(true, certificates, registry)
|
||||
}
|
||||
|
||||
|
|
@ -390,14 +391,14 @@ func (cm *Controller) removeCertificatesMetrics(onlyDefinedHosts bool, certifica
|
|||
}
|
||||
}
|
||||
|
||||
func (cm *Controller) removeSSLExpireMetrics(onlyDefinedHosts bool, hosts []string, registry prometheus.Gatherer) {
|
||||
func (cm *Controller) removeSSLExpireMetrics(onlyDefinedCerts bool, certificates []string, registry prometheus.Gatherer) {
|
||||
mfs, err := registry.Gather()
|
||||
if err != nil {
|
||||
klog.ErrorS(err, "Error gathering metrics")
|
||||
return
|
||||
}
|
||||
|
||||
toRemove := sets.NewString(hosts...)
|
||||
toRemove := sets.NewString(certificates...)
|
||||
|
||||
for _, mf := range mfs {
|
||||
metricName := mf.GetName()
|
||||
|
|
@ -414,19 +415,24 @@ func (cm *Controller) removeSSLExpireMetrics(onlyDefinedHosts bool, hosts []stri
|
|||
// remove labels that are constant
|
||||
deleteConstants(labels)
|
||||
|
||||
identifier, ok := labels["identifier"]
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
host, ok := labels["host"]
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
if onlyDefinedHosts && !toRemove.Has(host) {
|
||||
if onlyDefinedCerts && !toRemove.Has(identifier) {
|
||||
continue
|
||||
}
|
||||
|
||||
klog.V(2).InfoS("Removing prometheus metric", "gauge", metricName, "host", host)
|
||||
klog.V(2).InfoS("Removing prometheus metric", "gauge", metricName, "host", host, "identifier", identifier)
|
||||
removed := cm.sslExpireTime.Delete(labels)
|
||||
if !removed {
|
||||
klog.V(2).InfoS("metric removed", "metric", metricName, "host", host, "labels", labels)
|
||||
klog.V(2).InfoS("metric removed", "metric", metricName, "host", host, "identifier", identifier, "labels", labels)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,6 +88,15 @@ func TestControllerCounters(t *testing.T) {
|
|||
Hostname: "demo",
|
||||
SSLCert: &ingress.SSLCert{
|
||||
ExpireTime: t1,
|
||||
Certificate: &x509.Certificate{
|
||||
PublicKeyAlgorithm: x509.ECDSA,
|
||||
Issuer: pkix.Name{
|
||||
CommonName: "certificate issuer",
|
||||
SerialNumber: "abcd1234",
|
||||
Organization: []string{"issuer org"},
|
||||
},
|
||||
SerialNumber: big.NewInt(100),
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
@ -102,7 +111,7 @@ func TestControllerCounters(t *testing.T) {
|
|||
want: `
|
||||
# HELP nginx_ingress_controller_ssl_expire_time_seconds Number of seconds since 1970 to the SSL Certificate expire.\n An example to check if this certificate will expire in 10 days is: "nginx_ingress_controller_ssl_expire_time_seconds < (time() + (10 * 24 * 3600))"
|
||||
# TYPE nginx_ingress_controller_ssl_expire_time_seconds gauge
|
||||
nginx_ingress_controller_ssl_expire_time_seconds{class="nginx",host="demo",namespace="default",secret_name=""} 1.351807721e+09
|
||||
nginx_ingress_controller_ssl_expire_time_seconds{class="nginx",host="demo",identifier="abcd1234-100",namespace="default",secret_name=""} 1.351807721e+09
|
||||
`,
|
||||
metrics: []string{"nginx_ingress_controller_ssl_expire_time_seconds"},
|
||||
},
|
||||
|
|
@ -262,7 +271,7 @@ func TestRemoveMetrics(t *testing.T) {
|
|||
cm.SetSSLExpireTime(servers)
|
||||
cm.SetSSLInfo(servers)
|
||||
|
||||
cm.RemoveMetrics([]string{"demo"}, []string{"abcd1234-100"}, reg)
|
||||
cm.RemoveMetrics([]string{"abcd1234-100"}, reg)
|
||||
|
||||
if err := GatherAndCompare(cm, "", []string{"nginx_ingress_controller_ssl_expire_time_seconds"}, reg); err != nil {
|
||||
t.Errorf("unexpected collecting result:\n%s", err)
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ func (dc DummyCollector) IncCheckCount(string, string) {}
|
|||
func (dc DummyCollector) IncCheckErrorCount(string, string) {}
|
||||
|
||||
// RemoveMetrics dummy implementation
|
||||
func (dc DummyCollector) RemoveMetrics(_, _, _ []string) {}
|
||||
func (dc DummyCollector) RemoveMetrics(_, _ []string) {}
|
||||
|
||||
// Start dummy implementation
|
||||
func (dc DummyCollector) Start(_ string) {}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ type Collector interface {
|
|||
IncOrphanIngress(string, string, string)
|
||||
DecOrphanIngress(string, string, string)
|
||||
|
||||
RemoveMetrics(ingresses, endpoints, certificates []string)
|
||||
RemoveMetrics(ingresses, certificates []string)
|
||||
|
||||
SetSSLExpireTime([]*ingress.Server)
|
||||
SetSSLInfo(servers []*ingress.Server)
|
||||
|
|
@ -131,9 +131,9 @@ func (c *collector) IncReloadErrorCount() {
|
|||
c.ingressController.IncReloadErrorCount()
|
||||
}
|
||||
|
||||
func (c *collector) RemoveMetrics(ingresses, hosts, certificates []string) {
|
||||
func (c *collector) RemoveMetrics(ingresses, certificates []string) {
|
||||
c.socket.RemoveMetrics(ingresses, c.registry)
|
||||
c.ingressController.RemoveMetrics(hosts, certificates, c.registry)
|
||||
c.ingressController.RemoveMetrics(certificates, c.registry)
|
||||
}
|
||||
|
||||
func (c *collector) Start(admissionStatus string) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue