Is this project still in use? Apparently incorrect chain names generated...

[howardjones]

Having got it running on AKS with K8s 1.20, I don't seem to get any metrics apart from the calico_accountant_dropped_scrape counter. Trying to build on my local system with current Go seems to get into all kinds of dependency issues with libcalico-go...

building with 1.11.5 completes, but I notice log lines like this (note spaces after cali-pi- and cali-po-)

I0603 15:42:33.947140  990195 calico.go:162] Storing policy id pw-st2tst12/knp.default.default-deny against chain names cali-pi-_56W2bfN5YTpdSlHPg1r, cali-po-_56W2bfN5YTpdSlHPg1r

[howardjones]

Huh. Apparently the default font in VS Code hides underscores! (I'd still like to know if there are any active users or plans to keep up with go etc though...)

[howardjones]

And still get

E0604 09:00:59.998823       1 iptables.go:189] Couldn't find workload for interface: azve3fdf6e0615
E0604 09:00:59.999080       1 iptables.go:189] Couldn't find workload for interface: azv1989b76671d
E0604 09:00:59.999097       1 iptables.go:189] Couldn't find workload for interface: azv1989b76671d

with AKS

[howardjones]

After adding a bit of logging to ikptables.go, it seems that ListWorkloadEndpoints() doesn't return the correct interface names. Right id, wrong prefix.

calico-accountant-95p2h calico-accountant I0604 11:09:19.585291       1 iptables.go:77] Found workload interface: cali36c0c97f6eb
calico-accountant-95p2h calico-accountant I0604 11:09:19.585320       1 iptables.go:77] Found workload interface: calia888cca8746
calico-accountant-95p2h calico-accountant I0604 11:09:19.585325       1 iptables.go:77] Found workload interface: calie2094fbbd81
calico-accountant-95p2h calico-accountant I0604 11:09:19.585335       1 iptables.go:77] Found workload interface: calidde5783c012
calico-accountant-95p2h calico-accountant I0604 11:09:19.585341       1 iptables.go:77] Found workload interface: caliedebbf46be0
calico-accountant-95p2h calico-accountant I0604 11:09:19.585346       1 iptables.go:77] Found workload interface: cali32f6afdf6fa
calico-accountant-95p2h calico-accountant I0604 11:09:19.585351       1 iptables.go:77] Found workload interface: calia07e8cb35e6
calico-accountant-95p2h calico-accountant I0604 11:09:19.585356       1 iptables.go:77] Found workload interface: caliac7aa11bfdc
calico-accountant-95p2h calico-accountant E0604 11:09:19.590673       1 iptables.go:190] Couldn't find workload for interface: azv36c0c97f6eb
calico-accountant-95p2h calico-accountant E0604 11:09:19.590694       1 iptables.go:190] Couldn't find workload for interface: azv36c0c97f6eb

[andreas-p]

Having got it running on AKS with K8s 1.20, I don't seem to get any metrics apart from the calico_accountant_dropped_scrape counter. Trying to build on my local system with current Go seems to get into all kinds of dependency issues with libcalico-go...

I had the same issue, only calico_accountant_dropped_scrape counter; the the reason was usage of the wrong iptables-save version: I'm using nft, so iptables-nft-save should be used. In my fork https://github.com/andreas-p/calico-accountant the version 0.1.8 is enhanced:

• support of global() NSselector
• Environment variable IPTABLES_SAVE=iptables-nft-save support can be set to make calico-accountant use the right version.