Skip to content

Commit 10c4fbc

Browse files
committed
Add script to detect degraded HNS policies and validate endpoint references.
Signed-off-by: Prince Pereira <ppereira@microsoft.com>
1 parent de2211a commit 10c4fbc

3 files changed

Lines changed: 111 additions & 0 deletions

File tree

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
This script checks whether any load balancer policies are in a degraded state. When a policy is degraded (indicated by a state value of 4), kube-proxy may be unable to delete it, potentially leading to an infinite loop. Before confirming a policy as degraded, the script also verifies that its referenced endpoints are valid.
2+
3+
To run the script, open a PowerShell window and run the following command:
4+
PS> .\findDegradedPolicy.ps1
5+
6+
Or, we can run the scripts under hostprocess daemonset containers using findDegradedPolicy.yaml
Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
$timeToWait = 10 # seconds
2+
$degradedPoliciesNotFound = $true
3+
4+
Write-Host "Checking for degraded policies ..."
5+
6+
while ($degradedPoliciesNotFound) {
7+
$degradedPolicies = (Get-HnsPolicyList | where State -Eq 4)
8+
foreach ($policy in $degradedPolicies) {
9+
$policyId = $policy.ID
10+
Write-Host "Degraded policy found: $policyId"
11+
$errorCount = (Get-Content C:\k\kubeproxy.err.log | sls "The endpoint was not found" | sls $policyId).Count
12+
if ($errorCount -eq 0) {
13+
Write-Host "No errors found for policy $policyId in kubeproxy.err.log" -ForegroundColor Green
14+
continue
15+
} else {
16+
Write-Host "Errors found for policy $policyId in kubeproxy.err.log: $errorCount" -ForegroundColor Red
17+
}
18+
$refEPS = $policy.References
19+
foreach ($refEP in $refEPS) {
20+
$epIdArray = $refEP.Split("/")
21+
if ($epIdArray.Count -eq 3) {
22+
$epId = $epIdArray[2]
23+
$ep = Get-HnsEndpoint | where ID -Eq $epId
24+
if ($ep -eq $null) {
25+
Write-Host "Invalid endpoint found: $epId" -ForegroundColor Red
26+
$degradedPoliciesNotFound = $false
27+
}
28+
}
29+
}
30+
}
31+
if ($degradedPoliciesNotFound) {
32+
Write-Host "No degraded policies with invalid endpoints found. Waiting for $timeToWait seconds before checking again." -ForegroundColor Yellow
33+
Start-Sleep -Seconds $timeToWait
34+
} else {
35+
Write-Host "Degraded policies and corresponding invalid endpoints found." -ForegroundColor Red
36+
}
37+
}
38+
39+
$svcMap = @{}
40+
41+
$entries = (Get-Content C:\k\kubeproxy.err.log | sls "hcnCreateLoadBalancer failed in Win32" -Context 1,0 | findstr serviceName)
42+
if ($entries.Count -gt 0) {
43+
foreach ($entry in $entries) {
44+
$svc = ($e -split "serviceName=")[1]
45+
if ($svcMap.ContainsKey($svc)) {
46+
$svcMap[$svc] += 1
47+
} else {
48+
$svcMap[$svc] = 1
49+
}
50+
}
51+
} else {
52+
Write-Host "No entries found in kubeproxy.err.log indicating hcnCreateLoadBalancer failure." -ForegroundColor Green
53+
}
54+
55+
foreach ($svc in $svcMap.Keys) {
56+
Write-Host "Service $svc has $($svcMap[$svc]) hcnCreateLoadBalancer failures." -ForegroundColor Yellow
57+
}
58+
59+
while($true) {
60+
Start-Sleep -Seconds 300
61+
}
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
apiVersion: apps/v1
2+
kind: DaemonSet
3+
metadata:
4+
name: finddegradedpolicy
5+
labels:
6+
app: finddegradedpolicy
7+
spec:
8+
selector:
9+
matchLabels:
10+
name: finddegradedpolicy
11+
template:
12+
metadata:
13+
labels:
14+
name: finddegradedpolicy
15+
spec:
16+
securityContext:
17+
windowsOptions:
18+
hostProcess: true
19+
runAsUserName: "NT AUTHORITY\\SYSTEM"
20+
hostNetwork: true
21+
containers:
22+
- name: finddegradedpolicy
23+
image: mcr.microsoft.com/dotnet/framework/samples:aspnetapp
24+
command:
25+
- powershell.exe
26+
- -command
27+
- |
28+
$timeToWait=10;$degradedPoliciesNotFound=$true;Write-Host "Checking for degraded policies ...";while($degradedPoliciesNotFound){$degradedPolicies=(Get-HnsPolicyList|where State -eq 4);foreach($policy in $degradedPolicies){$policyId=$policy.ID;Write-Host "Degraded policy found: $policyId";$errorCount=(Get-Content C:\k\kubeproxy.err.log|sls "The endpoint was not found"|sls $policyId).Count;if($errorCount -eq 0){Write-Host "No errors found for policy $policyId in kubeproxy.err.log" -ForegroundColor Green;continue}else{Write-Host "Errors found for policy $policyId in kubeproxy.err.log: $errorCount" -ForegroundColor Red};$refEPS=$policy.References;foreach($refEP in $refEPS){$epIdArray=$refEP.Split("/");if($epIdArray.Count -eq 3){$epId=$epIdArray[2];$ep=Get-HnsEndpoint|where ID -eq $epId;if($ep -eq $null){Write-Host "Invalid endpoint found: $epId" -ForegroundColor Red;$degradedPoliciesNotFound=$false}}}};if($degradedPoliciesNotFound){Write-Host "No degraded policies with invalid endpoints found. Waiting for $timeToWait seconds before checking again." -ForegroundColor Yellow;Start-Sleep -Seconds $timeToWait}else{Write-Host "Degraded policies and corresponding invalid endpoints found." -ForegroundColor Red}};$svcMap=@{};$entries=(Get-Content C:\k\kubeproxy.err.log|sls "hcnCreateLoadBalancer failed in Win32" -Context 1,0|findstr serviceName);if($entries.Count -gt 0){foreach($entry in $entries){$svc=($entry -split "serviceName=")[1];if($svcMap.ContainsKey($svc)){$svcMap[$svc]+=1}else{$svcMap[$svc]=1}}}else{Write-Host "No entries found in kubeproxy.err.log indicating hcnCreateLoadBalancer failure." -ForegroundColor Green};foreach($svc in $svcMap.Keys){Write-Host "Service $svc has $($svcMap[$svc]) hcnCreateLoadBalancer failures." -ForegroundColor Yellow};while($true){Start-Sleep -Seconds 300}
29+
30+
31+
imagePullPolicy: IfNotPresent
32+
volumeMounts:
33+
- name: kube-path
34+
mountPath: C:\k
35+
volumes:
36+
- name: kube-path
37+
hostPath:
38+
path: C:\k
39+
nodeSelector:
40+
kubernetes.azure.com/os-sku: Windows2022
41+
tolerations:
42+
- effect: NoSchedule
43+
key: ipv6pilot
44+
operator: Exists

0 commit comments

Comments
 (0)