diff --git a/pkg/metrics/common_types.go b/pkg/metrics/common_types.go index 975b66b987..7e725e2710 100644 --- a/pkg/metrics/common_types.go +++ b/pkg/metrics/common_types.go @@ -27,6 +27,7 @@ const ( Validate RuleType = "validate" Mutate RuleType = "mutate" Generate RuleType = "generate" + ImageVerify RuleType = "imageVerify" EmptyRuleType RuleType = "-" ) diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go index 304ad65cd3..7a29c3ba4f 100644 --- a/pkg/metrics/metrics.go +++ b/pkg/metrics/metrics.go @@ -51,7 +51,7 @@ type MetricsConfigManager interface { RecordPolicyChanges(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, policyChangeType string) RecordPolicyRuleInfo(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleType RuleType, status string, metricValue float64) RecordAdmissionRequests(resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation) - RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, generalRuleLatencyType string, ruleExecutionLatency float64) + RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, ruleExecutionLatency float64) RecordAdmissionReviewDuration(resourceKind string, resourceNamespace string, resourceRequestOperation string, admissionRequestLatency float64) RecordClientQueries(clientQueryOperation ClientQueryOperation, clientType ClientType, resourceKind string, resourceNamespace string) } @@ -308,8 +308,7 @@ func (m *MetricsConfig) RecordAdmissionRequests(resourceKind string, resourceNam } func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, - resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType, - ruleExecutionCause RuleExecutionCause, generalRuleLatencyType string, ruleExecutionLatency float64, + ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, ruleExecutionLatency float64, ) { ctx := context.Background() @@ -319,14 +318,10 @@ func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode Polic attribute.String("policy_background_mode", string(policyBackgroundMode)), attribute.String("policy_namespace", policyNamespace), attribute.String("policy_name", policyName), - attribute.String("resource_kind", resourceKind), - attribute.String("resource_namespace", resourceNamespace), - attribute.String("resource_request_operation", string(resourceRequestOperation)), attribute.String("rule_name", ruleName), attribute.String("rule_result", string(ruleResult)), attribute.String("rule_type", string(ruleType)), attribute.String("rule_execution_cause", string(ruleExecutionCause)), - attribute.String("general_rule_latency_type", generalRuleLatencyType), } m.policyExecutionDurationMetric.Record(ctx, ruleExecutionLatency, commonLabels...) diff --git a/pkg/metrics/policyexecutionduration/policyExecutionDuration.go b/pkg/metrics/policyexecutionduration/policyExecutionDuration.go index 5cca7a066f..7b2d480cee 100644 --- a/pkg/metrics/policyexecutionduration/policyExecutionDuration.go +++ b/pkg/metrics/policyexecutionduration/policyExecutionDuration.go @@ -15,21 +15,17 @@ func registerPolicyExecutionDurationMetric( policyType metrics.PolicyType, policyBackgroundMode metrics.PolicyBackgroundMode, policyNamespace, policyName string, - resourceKind, resourceNamespace string, - resourceRequestOperation metrics.ResourceRequestOperation, + resourceNamespace string, ruleName string, ruleResult metrics.RuleResult, ruleType metrics.RuleType, ruleExecutionCause metrics.RuleExecutionCause, - generateRuleLatencyType string, ruleExecutionLatency float64, ) error { if policyType == metrics.Cluster { policyNamespace = "-" } - if ruleType != metrics.Generate || generateRuleLatencyType == "" { - generateRuleLatencyType = "-" - } + includeNamespaces, excludeNamespaces := m.Config.GetIncludeNamespaces(), m.Config.GetExcludeNamespaces() if (resourceNamespace != "" && resourceNamespace != "-") && utils.ContainsString(excludeNamespaces, resourceNamespace) { m.Log.V(2).Info(fmt.Sprintf("Skipping the registration of kyverno_policy_execution_duration_seconds metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces)) @@ -40,20 +36,19 @@ func registerPolicyExecutionDurationMetric( return nil } - m.RecordPolicyExecutionDuration(policyValidationMode, policyType, policyBackgroundMode, policyNamespace, policyName, resourceKind, resourceNamespace, resourceRequestOperation, ruleName, ruleResult, ruleType, ruleExecutionCause, generateRuleLatencyType, ruleExecutionLatency) + m.RecordPolicyExecutionDuration(policyValidationMode, policyType, policyBackgroundMode, policyNamespace, policyName, ruleName, ruleResult, ruleType, ruleExecutionCause, ruleExecutionLatency) return nil } // policy - policy related data // engineResponse - resource and rule related data -func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, generateRuleLatencyType string, resourceRequestOperation metrics.ResourceRequestOperation) error { +func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error { name, namespace, policyType, backgroundMode, validationMode, err := metrics.GetPolicyInfos(policy) if err != nil { return err } resourceSpec := engineResponse.PolicyResponse.Resource - resourceKind := resourceSpec.Kind resourceNamespace := resourceSpec.Namespace ruleResponses := engineResponse.PolicyResponse.Rules for _, rule := range ruleResponses { @@ -81,13 +76,11 @@ func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInte policyType, backgroundMode, namespace, name, - resourceKind, resourceNamespace, - resourceRequestOperation, + resourceNamespace, ruleName, ruleResult, ruleType, executionCause, - generateRuleLatencyType, ruleExecutionLatencyInSeconds, ); err != nil { return err diff --git a/pkg/policy/existing.go b/pkg/policy/existing.go index 5d12d71dc3..c673b1fe9e 100644 --- a/pkg/policy/existing.go +++ b/pkg/policy/existing.go @@ -68,7 +68,7 @@ func (pc *PolicyController) registerPolicyResultsMetricValidation(logger logr.Lo } func (pc *PolicyController) registerPolicyExecutionDurationMetricValidate(logger logr.Logger, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) { - if err := policyExecutionDuration.ProcessEngineResponse(pc.metricsConfig, policy, engineResponse, metrics.BackgroundScan, "", metrics.ResourceCreated); err != nil { + if err := policyExecutionDuration.ProcessEngineResponse(pc.metricsConfig, policy, engineResponse, metrics.BackgroundScan, metrics.ResourceCreated); err != nil { logger.Error(err, "error occurred while registering kyverno_policy_execution_duration_seconds metrics for the above policy", "name", policy.GetName()) } } diff --git a/pkg/webhooks/utils/metrics.go b/pkg/webhooks/utils/metrics.go index 7f19b41225..9d2d36beb2 100644 --- a/pkg/webhooks/utils/metrics.go +++ b/pkg/webhooks/utils/metrics.go @@ -92,18 +92,18 @@ func RegisterPolicyResultsMetricGeneration(logger logr.Logger, metricsConfig *me func RegisterPolicyExecutionDurationMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) { registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error { - return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op) + return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op) }) } func RegisterPolicyExecutionDurationMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) { registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error { - return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op) + return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op) }) } func RegisterPolicyExecutionDurationMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) { registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error { - return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op) + return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op) }) }