[kube-proxy:nftables] Add partialSync mode to only transact changed

objects. Change the order of operations to stop current iteration if no changes to the service chains are needed. Bump syncProxy frequency to 1 hour. In a test kind cluster creation of 10K services, 2 endpoints each, takes ~25m before the fix and ~9min after. Maximum memory usage during creation is ~650MiB and 260MiB respectively. Another important metric is the time it takes to create 1 new service when 10K svc already exist. It used to take ~8m before the fix, with partialSync it takes ~141ms. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
2024-06-05 20:22:54 +02:00
parent dc13e42f56
commit 3ccf5b8a55
3 changed files with 224 additions and 71 deletions
--- a/pkg/proxy/metrics/metrics.go
+++ b/pkg/proxy/metrics/metrics.go
@@ -316,6 +316,8 @@ func RegisterMetrics(mode kubeproxyconfig.ProxyMode) {
 			legacyregistry.MustRegister(IPTablesRestoreFailuresTotal)

 		case kubeproxyconfig.ProxyModeNFTables:
+			legacyregistry.MustRegister(SyncFullProxyRulesLatency)
+			legacyregistry.MustRegister(SyncPartialProxyRulesLatency)
 			legacyregistry.MustRegister(NFTablesSyncFailuresTotal)
 			legacyregistry.MustRegister(NFTablesCleanupFailuresTotal)