Notes

The network_programming_duration_seconds metric tracks how long it takes for a Pod or Service change to show up in the actual network rules (iptables/ipvs/nftables) on each node. Component Flow ┌─────────────────────────────────────────────────────────────────┐ │ Control Plane │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ 1. Pod becomes Ready (or Service changes) │ │ └─> Timestamp: T0 │ │ │ │ 2. Endpoints Controller detects change │ │ └─> Calculates trigger time from Pod condition │ │ └─> Sets annotation on EndpointSlice: │ │ endpoints.kubernetes.io/last-change-trigger-time = T0 │ │ │ └─────────────────────────────────────────────────────────────────┘ │ │ watch/update ▼ ┌─────────────────────────────────────────────────────────────────┐ │ Worker Node │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ 3. kube-proxy receives updated EndpointSlice │ │ └─> Extracts annotation timestamp: T0 │ │ └─> (EndpointsChangeTracker filters if T0 < trackerStartTime)│ │ │ │ 4. kube-proxy programs iptables/ipvs/nftables rules │ │ └─> Completes at timestamp: T1 │ │ │ │ 5. kube-proxy calculates and emits metric │ │ └─> network_programming_duration_seconds = T1 - T0 │ │ │ └─────────────────────────────────────────────────────────────────┘ Key Points: ...