From 8a5801996b801126a203e23b30b35c2b616909f1 Mon Sep 17 00:00:00 2001
From: Dan Winship <danwinship@redhat.com>
Date: Sat, 9 Jul 2022 06:46:48 -0400
Subject: [PATCH] proxy/iptables: belatedly simplify local traffic policy
 metrics

We figure out early on whether we're going to end up outputting no
endpoints, so update the metrics then.

(Also remove a redundant feature gate check; svcInfo already checks
the ServiceInternalTrafficPolicy feature gate itself and so
svcInfo.InternalPolicyLocal() will always return false if the gate is
not enabled.)
---
 pkg/proxy/iptables/proxier.go | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go
index 6b759ece813..aea8d91c94d 100644
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@@ -38,11 +38,9 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/client-go/tools/events"
 	utilsysctl "k8s.io/component-helpers/node/util/sysctl"
 	"k8s.io/klog/v2"
-	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/kubernetes/pkg/proxy"
 	"k8s.io/kubernetes/pkg/proxy/healthcheck"
 	"k8s.io/kubernetes/pkg/proxy/metaproxier"
@@ -1082,6 +1080,7 @@ func (proxier *Proxier) syncProxyRules() {
 				// external traffic may still be accepted.
 				internalTrafficFilterTarget = "DROP"
 				internalTrafficFilterComment = fmt.Sprintf(`"%s has no local endpoints"`, svcPortNameString)
+				serviceNoLocalEndpointsTotalInternal++
 			}
 			if !hasExternalEndpoints {
 				// The externalTrafficPolicy is "Local" but there are no
@@ -1090,6 +1089,7 @@ func (proxier *Proxier) syncProxyRules() {
 				// the cluster may still be accepted.
 				externalTrafficFilterTarget = "DROP"
 				externalTrafficFilterComment = fmt.Sprintf(`"%s has no local endpoints"`, svcPortNameString)
+				serviceNoLocalEndpointsTotalExternal++
 			}
 		}
 
@@ -1367,17 +1367,8 @@ func (proxier *Proxier) syncProxyRules() {
 		}
 
 		if svcInfo.UsesLocalEndpoints() {
-			if len(localEndpoints) != 0 {
-				// Write rules jumping from localPolicyChain to localEndpointChains
-				proxier.writeServiceToEndpointRules(svcPortNameString, svcInfo, localPolicyChain, localEndpoints, args)
-			} else if hasEndpoints {
-				if svcInfo.InternalPolicyLocal() && utilfeature.DefaultFeatureGate.Enabled(features.ServiceInternalTrafficPolicy) {
-					serviceNoLocalEndpointsTotalInternal++
-				}
-				if svcInfo.ExternalPolicyLocal() {
-					serviceNoLocalEndpointsTotalExternal++
-				}
-			}
+			// Write rules jumping from localPolicyChain to localEndpointChains
+			proxier.writeServiceToEndpointRules(svcPortNameString, svcInfo, localPolicyChain, localEndpoints, args)
 		}
 	}