remove _ssl_expire_time_seconds metric by identifier (#9706)
Signed-off-by: xiayu.lyt <xiayu.lyt@alibaba-inc.com>
This commit is contained in:
Tony Li
GitHub
parent
d808e38911
commit
b4cae70b52
5 changed files with 31 additions and 17 deletions
|
|
@ -253,9 +253,8 @@ func (n *NGINXController) syncIngress(interface{}) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
ri := utilingress.GetRemovedIngresses(n.runningConfig, pcfg)
|
ri := utilingress.GetRemovedIngresses(n.runningConfig, pcfg)
|
||||||
re := utilingress.GetRemovedHosts(n.runningConfig, pcfg)
|
|
||||||
rc := utilingress.GetRemovedCertificateSerialNumbers(n.runningConfig, pcfg)
|
rc := utilingress.GetRemovedCertificateSerialNumbers(n.runningConfig, pcfg)
|
||||||
n.metricCollector.RemoveMetrics(ri, re, rc)
|
n.metricCollector.RemoveMetrics(ri, rc)
|
||||||
|
|
||||||
n.runningConfig = pcfg
|
n.runningConfig = pcfg
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ import (
|
||||||
var (
|
var (
|
||||||
operation = []string{"controller_namespace", "controller_class", "controller_pod"}
|
operation = []string{"controller_namespace", "controller_class", "controller_pod"}
|
||||||
ingressOperation = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress"}
|
ingressOperation = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress"}
|
||||||
sslLabelHost = []string{"namespace", "class", "host", "secret_name"}
|
sslLabelHost = []string{"namespace", "class", "host", "secret_name", "identifier"}
|
||||||
sslInfoLabels = []string{"namespace", "class", "host", "secret_name", "identifier", "issuer_organization", "issuer_common_name", "serial_number", "public_key_algorithm"}
|
sslInfoLabels = []string{"namespace", "class", "host", "secret_name", "identifier", "issuer_organization", "issuer_common_name", "serial_number", "public_key_algorithm"}
|
||||||
orphanityLabels = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress", "type"}
|
orphanityLabels = []string{"controller_namespace", "controller_class", "controller_pod", "namespace", "ingress", "type"}
|
||||||
)
|
)
|
||||||
|
|
@ -305,6 +305,7 @@ func (cm *Controller) SetSSLExpireTime(servers []*ingress.Server) {
|
||||||
}
|
}
|
||||||
labels["host"] = s.Hostname
|
labels["host"] = s.Hostname
|
||||||
labels["secret_name"] = s.SSLCert.Name
|
labels["secret_name"] = s.SSLCert.Name
|
||||||
|
labels["identifier"] = s.SSLCert.Identifier()
|
||||||
|
|
||||||
cm.sslExpireTime.With(labels).Set(float64(s.SSLCert.ExpireTime.Unix()))
|
cm.sslExpireTime.With(labels).Set(float64(s.SSLCert.ExpireTime.Unix()))
|
||||||
}
|
}
|
||||||
|
|
@ -337,9 +338,9 @@ func (cm *Controller) SetSSLInfo(servers []*ingress.Server) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveMetrics removes metrics for hostnames not available anymore
|
// RemoveMetrics removes metrics for certificates not available anymore by identifier
|
||||||
func (cm *Controller) RemoveMetrics(hosts, certificates []string, registry prometheus.Gatherer) {
|
func (cm *Controller) RemoveMetrics(certificates []string, registry prometheus.Gatherer) {
|
||||||
cm.removeSSLExpireMetrics(true, hosts, registry)
|
cm.removeSSLExpireMetrics(true, certificates, registry)
|
||||||
cm.removeCertificatesMetrics(true, certificates, registry)
|
cm.removeCertificatesMetrics(true, certificates, registry)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -390,14 +391,14 @@ func (cm *Controller) removeCertificatesMetrics(onlyDefinedHosts bool, certifica
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cm *Controller) removeSSLExpireMetrics(onlyDefinedHosts bool, hosts []string, registry prometheus.Gatherer) {
|
func (cm *Controller) removeSSLExpireMetrics(onlyDefinedCerts bool, certificates []string, registry prometheus.Gatherer) {
|
||||||
mfs, err := registry.Gather()
|
mfs, err := registry.Gather()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.ErrorS(err, "Error gathering metrics")
|
klog.ErrorS(err, "Error gathering metrics")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
toRemove := sets.NewString(hosts...)
|
toRemove := sets.NewString(certificates...)
|
||||||
|
|
||||||
for _, mf := range mfs {
|
for _, mf := range mfs {
|
||||||
metricName := mf.GetName()
|
metricName := mf.GetName()
|
||||||
|
|
@ -414,19 +415,24 @@ func (cm *Controller) removeSSLExpireMetrics(onlyDefinedHosts bool, hosts []stri
|
||||||
// remove labels that are constant
|
// remove labels that are constant
|
||||||
deleteConstants(labels)
|
deleteConstants(labels)
|
||||||
|
|
||||||
|
identifier, ok := labels["identifier"]
|
||||||
|
if !ok {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
host, ok := labels["host"]
|
host, ok := labels["host"]
|
||||||
if !ok {
|
if !ok {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if onlyDefinedHosts && !toRemove.Has(host) {
|
if onlyDefinedCerts && !toRemove.Has(identifier) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
klog.V(2).InfoS("Removing prometheus metric", "gauge", metricName, "host", host)
|
klog.V(2).InfoS("Removing prometheus metric", "gauge", metricName, "host", host, "identifier", identifier)
|
||||||
removed := cm.sslExpireTime.Delete(labels)
|
removed := cm.sslExpireTime.Delete(labels)
|
||||||
if !removed {
|
if !removed {
|
||||||
klog.V(2).InfoS("metric removed", "metric", metricName, "host", host, "labels", labels)
|
klog.V(2).InfoS("metric removed", "metric", metricName, "host", host, "identifier", identifier, "labels", labels)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -88,6 +88,15 @@ func TestControllerCounters(t *testing.T) {
|
||||||
Hostname: "demo",
|
Hostname: "demo",
|
||||||
SSLCert: &ingress.SSLCert{
|
SSLCert: &ingress.SSLCert{
|
||||||
ExpireTime: t1,
|
ExpireTime: t1,
|
||||||
|
Certificate: &x509.Certificate{
|
||||||
|
PublicKeyAlgorithm: x509.ECDSA,
|
||||||
|
Issuer: pkix.Name{
|
||||||
|
CommonName: "certificate issuer",
|
||||||
|
SerialNumber: "abcd1234",
|
||||||
|
Organization: []string{"issuer org"},
|
||||||
|
},
|
||||||
|
SerialNumber: big.NewInt(100),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -102,7 +111,7 @@ func TestControllerCounters(t *testing.T) {
|
||||||
want: `
|
want: `
|
||||||
# HELP nginx_ingress_controller_ssl_expire_time_seconds Number of seconds since 1970 to the SSL Certificate expire.\n An example to check if this certificate will expire in 10 days is: "nginx_ingress_controller_ssl_expire_time_seconds < (time() + (10 * 24 * 3600))"
|
# HELP nginx_ingress_controller_ssl_expire_time_seconds Number of seconds since 1970 to the SSL Certificate expire.\n An example to check if this certificate will expire in 10 days is: "nginx_ingress_controller_ssl_expire_time_seconds < (time() + (10 * 24 * 3600))"
|
||||||
# TYPE nginx_ingress_controller_ssl_expire_time_seconds gauge
|
# TYPE nginx_ingress_controller_ssl_expire_time_seconds gauge
|
||||||
nginx_ingress_controller_ssl_expire_time_seconds{class="nginx",host="demo",namespace="default",secret_name=""} 1.351807721e+09
|
nginx_ingress_controller_ssl_expire_time_seconds{class="nginx",host="demo",identifier="abcd1234-100",namespace="default",secret_name=""} 1.351807721e+09
|
||||||
`,
|
`,
|
||||||
metrics: []string{"nginx_ingress_controller_ssl_expire_time_seconds"},
|
metrics: []string{"nginx_ingress_controller_ssl_expire_time_seconds"},
|
||||||
},
|
},
|
||||||
|
|
@ -262,7 +271,7 @@ func TestRemoveMetrics(t *testing.T) {
|
||||||
cm.SetSSLExpireTime(servers)
|
cm.SetSSLExpireTime(servers)
|
||||||
cm.SetSSLInfo(servers)
|
cm.SetSSLInfo(servers)
|
||||||
|
|
||||||
cm.RemoveMetrics([]string{"demo"}, []string{"abcd1234-100"}, reg)
|
cm.RemoveMetrics([]string{"abcd1234-100"}, reg)
|
||||||
|
|
||||||
if err := GatherAndCompare(cm, "", []string{"nginx_ingress_controller_ssl_expire_time_seconds"}, reg); err != nil {
|
if err := GatherAndCompare(cm, "", []string{"nginx_ingress_controller_ssl_expire_time_seconds"}, reg); err != nil {
|
||||||
t.Errorf("unexpected collecting result:\n%s", err)
|
t.Errorf("unexpected collecting result:\n%s", err)
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ func (dc DummyCollector) IncCheckCount(string, string) {}
|
||||||
func (dc DummyCollector) IncCheckErrorCount(string, string) {}
|
func (dc DummyCollector) IncCheckErrorCount(string, string) {}
|
||||||
|
|
||||||
// RemoveMetrics dummy implementation
|
// RemoveMetrics dummy implementation
|
||||||
func (dc DummyCollector) RemoveMetrics(_, _, _ []string) {}
|
func (dc DummyCollector) RemoveMetrics(_, _ []string) {}
|
||||||
|
|
||||||
// Start dummy implementation
|
// Start dummy implementation
|
||||||
func (dc DummyCollector) Start(_ string) {}
|
func (dc DummyCollector) Start(_ string) {}
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ type Collector interface {
|
||||||
IncOrphanIngress(string, string, string)
|
IncOrphanIngress(string, string, string)
|
||||||
DecOrphanIngress(string, string, string)
|
DecOrphanIngress(string, string, string)
|
||||||
|
|
||||||
RemoveMetrics(ingresses, endpoints, certificates []string)
|
RemoveMetrics(ingresses, certificates []string)
|
||||||
|
|
||||||
SetSSLExpireTime([]*ingress.Server)
|
SetSSLExpireTime([]*ingress.Server)
|
||||||
SetSSLInfo(servers []*ingress.Server)
|
SetSSLInfo(servers []*ingress.Server)
|
||||||
|
|
@ -131,9 +131,9 @@ func (c *collector) IncReloadErrorCount() {
|
||||||
c.ingressController.IncReloadErrorCount()
|
c.ingressController.IncReloadErrorCount()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *collector) RemoveMetrics(ingresses, hosts, certificates []string) {
|
func (c *collector) RemoveMetrics(ingresses, certificates []string) {
|
||||||
c.socket.RemoveMetrics(ingresses, c.registry)
|
c.socket.RemoveMetrics(ingresses, c.registry)
|
||||||
c.ingressController.RemoveMetrics(hosts, certificates, c.registry)
|
c.ingressController.RemoveMetrics(certificates, c.registry)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *collector) Start(admissionStatus string) {
|
func (c *collector) Start(admissionStatus string) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue