mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
fix: too much information for the Policy Rule Execution Latency metric (#5208)
* remove general_rule_latency_type Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_request_operation Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_kind Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
shuting
GitHub
parent
b3c5a9c741
commit
da84b777bc
5 changed files with 12 additions and 23 deletions
|
|
@ -27,6 +27,7 @@ const (
|
||||||
Validate RuleType = "validate"
|
Validate RuleType = "validate"
|
||||||
Mutate RuleType = "mutate"
|
Mutate RuleType = "mutate"
|
||||||
Generate RuleType = "generate"
|
Generate RuleType = "generate"
|
||||||
|
ImageVerify RuleType = "imageVerify"
|
||||||
EmptyRuleType RuleType = "-"
|
EmptyRuleType RuleType = "-"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ type MetricsConfigManager interface {
|
||||||
RecordPolicyChanges(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, policyChangeType string)
|
RecordPolicyChanges(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, policyChangeType string)
|
||||||
RecordPolicyRuleInfo(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleType RuleType, status string, metricValue float64)
|
RecordPolicyRuleInfo(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleType RuleType, status string, metricValue float64)
|
||||||
RecordAdmissionRequests(resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation)
|
RecordAdmissionRequests(resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation)
|
||||||
RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, generalRuleLatencyType string, ruleExecutionLatency float64)
|
RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, ruleExecutionLatency float64)
|
||||||
RecordAdmissionReviewDuration(resourceKind string, resourceNamespace string, resourceRequestOperation string, admissionRequestLatency float64)
|
RecordAdmissionReviewDuration(resourceKind string, resourceNamespace string, resourceRequestOperation string, admissionRequestLatency float64)
|
||||||
RecordClientQueries(clientQueryOperation ClientQueryOperation, clientType ClientType, resourceKind string, resourceNamespace string)
|
RecordClientQueries(clientQueryOperation ClientQueryOperation, clientType ClientType, resourceKind string, resourceNamespace string)
|
||||||
}
|
}
|
||||||
|
|
@ -308,8 +308,7 @@ func (m *MetricsConfig) RecordAdmissionRequests(resourceKind string, resourceNam
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string,
|
func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string,
|
||||||
resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType,
|
ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, ruleExecutionLatency float64,
|
||||||
ruleExecutionCause RuleExecutionCause, generalRuleLatencyType string, ruleExecutionLatency float64,
|
|
||||||
) {
|
) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
|
|
@ -319,14 +318,10 @@ func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode Polic
|
||||||
attribute.String("policy_background_mode", string(policyBackgroundMode)),
|
attribute.String("policy_background_mode", string(policyBackgroundMode)),
|
||||||
attribute.String("policy_namespace", policyNamespace),
|
attribute.String("policy_namespace", policyNamespace),
|
||||||
attribute.String("policy_name", policyName),
|
attribute.String("policy_name", policyName),
|
||||||
attribute.String("resource_kind", resourceKind),
|
|
||||||
attribute.String("resource_namespace", resourceNamespace),
|
|
||||||
attribute.String("resource_request_operation", string(resourceRequestOperation)),
|
|
||||||
attribute.String("rule_name", ruleName),
|
attribute.String("rule_name", ruleName),
|
||||||
attribute.String("rule_result", string(ruleResult)),
|
attribute.String("rule_result", string(ruleResult)),
|
||||||
attribute.String("rule_type", string(ruleType)),
|
attribute.String("rule_type", string(ruleType)),
|
||||||
attribute.String("rule_execution_cause", string(ruleExecutionCause)),
|
attribute.String("rule_execution_cause", string(ruleExecutionCause)),
|
||||||
attribute.String("general_rule_latency_type", generalRuleLatencyType),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
m.policyExecutionDurationMetric.Record(ctx, ruleExecutionLatency, commonLabels...)
|
m.policyExecutionDurationMetric.Record(ctx, ruleExecutionLatency, commonLabels...)
|
||||||
|
|
|
||||||
|
|
@ -15,21 +15,17 @@ func registerPolicyExecutionDurationMetric(
|
||||||
policyType metrics.PolicyType,
|
policyType metrics.PolicyType,
|
||||||
policyBackgroundMode metrics.PolicyBackgroundMode,
|
policyBackgroundMode metrics.PolicyBackgroundMode,
|
||||||
policyNamespace, policyName string,
|
policyNamespace, policyName string,
|
||||||
resourceKind, resourceNamespace string,
|
resourceNamespace string,
|
||||||
resourceRequestOperation metrics.ResourceRequestOperation,
|
|
||||||
ruleName string,
|
ruleName string,
|
||||||
ruleResult metrics.RuleResult,
|
ruleResult metrics.RuleResult,
|
||||||
ruleType metrics.RuleType,
|
ruleType metrics.RuleType,
|
||||||
ruleExecutionCause metrics.RuleExecutionCause,
|
ruleExecutionCause metrics.RuleExecutionCause,
|
||||||
generateRuleLatencyType string,
|
|
||||||
ruleExecutionLatency float64,
|
ruleExecutionLatency float64,
|
||||||
) error {
|
) error {
|
||||||
if policyType == metrics.Cluster {
|
if policyType == metrics.Cluster {
|
||||||
policyNamespace = "-"
|
policyNamespace = "-"
|
||||||
}
|
}
|
||||||
if ruleType != metrics.Generate || generateRuleLatencyType == "" {
|
|
||||||
generateRuleLatencyType = "-"
|
|
||||||
}
|
|
||||||
includeNamespaces, excludeNamespaces := m.Config.GetIncludeNamespaces(), m.Config.GetExcludeNamespaces()
|
includeNamespaces, excludeNamespaces := m.Config.GetIncludeNamespaces(), m.Config.GetExcludeNamespaces()
|
||||||
if (resourceNamespace != "" && resourceNamespace != "-") && utils.ContainsString(excludeNamespaces, resourceNamespace) {
|
if (resourceNamespace != "" && resourceNamespace != "-") && utils.ContainsString(excludeNamespaces, resourceNamespace) {
|
||||||
m.Log.V(2).Info(fmt.Sprintf("Skipping the registration of kyverno_policy_execution_duration_seconds metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces))
|
m.Log.V(2).Info(fmt.Sprintf("Skipping the registration of kyverno_policy_execution_duration_seconds metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces))
|
||||||
|
|
@ -40,20 +36,19 @@ func registerPolicyExecutionDurationMetric(
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
m.RecordPolicyExecutionDuration(policyValidationMode, policyType, policyBackgroundMode, policyNamespace, policyName, resourceKind, resourceNamespace, resourceRequestOperation, ruleName, ruleResult, ruleType, ruleExecutionCause, generateRuleLatencyType, ruleExecutionLatency)
|
m.RecordPolicyExecutionDuration(policyValidationMode, policyType, policyBackgroundMode, policyNamespace, policyName, ruleName, ruleResult, ruleType, ruleExecutionCause, ruleExecutionLatency)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// policy - policy related data
|
// policy - policy related data
|
||||||
// engineResponse - resource and rule related data
|
// engineResponse - resource and rule related data
|
||||||
func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, generateRuleLatencyType string, resourceRequestOperation metrics.ResourceRequestOperation) error {
|
func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error {
|
||||||
name, namespace, policyType, backgroundMode, validationMode, err := metrics.GetPolicyInfos(policy)
|
name, namespace, policyType, backgroundMode, validationMode, err := metrics.GetPolicyInfos(policy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
resourceSpec := engineResponse.PolicyResponse.Resource
|
resourceSpec := engineResponse.PolicyResponse.Resource
|
||||||
resourceKind := resourceSpec.Kind
|
|
||||||
resourceNamespace := resourceSpec.Namespace
|
resourceNamespace := resourceSpec.Namespace
|
||||||
ruleResponses := engineResponse.PolicyResponse.Rules
|
ruleResponses := engineResponse.PolicyResponse.Rules
|
||||||
for _, rule := range ruleResponses {
|
for _, rule := range ruleResponses {
|
||||||
|
|
@ -81,13 +76,11 @@ func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInte
|
||||||
policyType,
|
policyType,
|
||||||
backgroundMode,
|
backgroundMode,
|
||||||
namespace, name,
|
namespace, name,
|
||||||
resourceKind, resourceNamespace,
|
resourceNamespace,
|
||||||
resourceRequestOperation,
|
|
||||||
ruleName,
|
ruleName,
|
||||||
ruleResult,
|
ruleResult,
|
||||||
ruleType,
|
ruleType,
|
||||||
executionCause,
|
executionCause,
|
||||||
generateRuleLatencyType,
|
|
||||||
ruleExecutionLatencyInSeconds,
|
ruleExecutionLatencyInSeconds,
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
||||||
|
|
@ -68,7 +68,7 @@ func (pc *PolicyController) registerPolicyResultsMetricValidation(logger logr.Lo
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *PolicyController) registerPolicyExecutionDurationMetricValidate(logger logr.Logger, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
|
func (pc *PolicyController) registerPolicyExecutionDurationMetricValidate(logger logr.Logger, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
|
||||||
if err := policyExecutionDuration.ProcessEngineResponse(pc.metricsConfig, policy, engineResponse, metrics.BackgroundScan, "", metrics.ResourceCreated); err != nil {
|
if err := policyExecutionDuration.ProcessEngineResponse(pc.metricsConfig, policy, engineResponse, metrics.BackgroundScan, metrics.ResourceCreated); err != nil {
|
||||||
logger.Error(err, "error occurred while registering kyverno_policy_execution_duration_seconds metrics for the above policy", "name", policy.GetName())
|
logger.Error(err, "error occurred while registering kyverno_policy_execution_duration_seconds metrics for the above policy", "name", policy.GetName())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -92,18 +92,18 @@ func RegisterPolicyResultsMetricGeneration(logger logr.Logger, metricsConfig *me
|
||||||
|
|
||||||
func RegisterPolicyExecutionDurationMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
|
func RegisterPolicyExecutionDurationMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
|
||||||
registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
|
registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
|
||||||
return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op)
|
return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func RegisterPolicyExecutionDurationMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
|
func RegisterPolicyExecutionDurationMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
|
||||||
registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
|
registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
|
||||||
return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op)
|
return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func RegisterPolicyExecutionDurationMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
|
func RegisterPolicyExecutionDurationMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
|
||||||
registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
|
registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
|
||||||
return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op)
|
return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue