fix: too much information for the Policy Rule Execution Latency metric (#5208)

* remove general_rule_latency_type Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_request_operation Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_namespace Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove resource_kind Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2025-03-31 03:45:17 +00:00 · 2022-11-04 14:31:23 +08:00 · 2022-11-04 14:31:23 +08:00 · da84b777bc
commit da84b777bc
parent b3c5a9c741
5 changed files with 12 additions and 23 deletions
--- a/pkg/metrics/common_types.go
+++ b/pkg/metrics/common_types.go
@ -27,6 +27,7 @@ const (
 	Validate      RuleType = "validate"
 	Mutate        RuleType = "mutate"
 	Generate      RuleType = "generate"
+	ImageVerify   RuleType = "imageVerify"
 	EmptyRuleType RuleType = "-"
 )

--- a/pkg/metrics/metrics.go
+++ b/pkg/metrics/metrics.go
@ -51,7 +51,7 @@ type MetricsConfigManager interface {
 	RecordPolicyChanges(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, policyChangeType string)
 	RecordPolicyRuleInfo(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleType RuleType, status string, metricValue float64)
 	RecordAdmissionRequests(resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation)
-	RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, generalRuleLatencyType string, ruleExecutionLatency float64)
+	RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string, ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, ruleExecutionLatency float64)
 	RecordAdmissionReviewDuration(resourceKind string, resourceNamespace string, resourceRequestOperation string, admissionRequestLatency float64)
 	RecordClientQueries(clientQueryOperation ClientQueryOperation, clientType ClientType, resourceKind string, resourceNamespace string)
 }
@ -308,8 +308,7 @@ func (m *MetricsConfig) RecordAdmissionRequests(resourceKind string, resourceNam
 }

 func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode PolicyValidationMode, policyType PolicyType, policyBackgroundMode PolicyBackgroundMode, policyNamespace string, policyName string,
-	resourceKind string, resourceNamespace string, resourceRequestOperation ResourceRequestOperation, ruleName string, ruleResult RuleResult, ruleType RuleType,
-	ruleExecutionCause RuleExecutionCause, generalRuleLatencyType string, ruleExecutionLatency float64,
+	ruleName string, ruleResult RuleResult, ruleType RuleType, ruleExecutionCause RuleExecutionCause, ruleExecutionLatency float64,
 ) {
 	ctx := context.Background()

@ -319,14 +318,10 @@ func (m *MetricsConfig) RecordPolicyExecutionDuration(policyValidationMode Polic
 		attribute.String("policy_background_mode", string(policyBackgroundMode)),
 		attribute.String("policy_namespace", policyNamespace),
 		attribute.String("policy_name", policyName),
-		attribute.String("resource_kind", resourceKind),
-		attribute.String("resource_namespace", resourceNamespace),
-		attribute.String("resource_request_operation", string(resourceRequestOperation)),
 		attribute.String("rule_name", ruleName),
 		attribute.String("rule_result", string(ruleResult)),
 		attribute.String("rule_type", string(ruleType)),
 		attribute.String("rule_execution_cause", string(ruleExecutionCause)),
-		attribute.String("general_rule_latency_type", generalRuleLatencyType),
 	}

 	m.policyExecutionDurationMetric.Record(ctx, ruleExecutionLatency, commonLabels...)
--- a/pkg/metrics/policyexecutionduration/policyExecutionDuration.go
+++ b/pkg/metrics/policyexecutionduration/policyExecutionDuration.go
@ -15,21 +15,17 @@ func registerPolicyExecutionDurationMetric(
 	policyType metrics.PolicyType,
 	policyBackgroundMode metrics.PolicyBackgroundMode,
 	policyNamespace, policyName string,
-	resourceKind, resourceNamespace string,
-	resourceRequestOperation metrics.ResourceRequestOperation,
+	resourceNamespace string,
 	ruleName string,
 	ruleResult metrics.RuleResult,
 	ruleType metrics.RuleType,
 	ruleExecutionCause metrics.RuleExecutionCause,
-	generateRuleLatencyType string,
 	ruleExecutionLatency float64,
 ) error {
 	if policyType == metrics.Cluster {
 		policyNamespace = "-"
 	}
-	if ruleType != metrics.Generate || generateRuleLatencyType == "" {
-		generateRuleLatencyType = "-"
-	}
+
 	includeNamespaces, excludeNamespaces := m.Config.GetIncludeNamespaces(), m.Config.GetExcludeNamespaces()
 	if (resourceNamespace != "" && resourceNamespace != "-") && utils.ContainsString(excludeNamespaces, resourceNamespace) {
 		m.Log.V(2).Info(fmt.Sprintf("Skipping the registration of kyverno_policy_execution_duration_seconds metric as the operation belongs to the namespace '%s' which is one of 'namespaces.exclude' %+v in values.yaml", resourceNamespace, excludeNamespaces))
@ -40,20 +36,19 @@ func registerPolicyExecutionDurationMetric(
 		return nil
 	}

-	m.RecordPolicyExecutionDuration(policyValidationMode, policyType, policyBackgroundMode, policyNamespace, policyName, resourceKind, resourceNamespace, resourceRequestOperation, ruleName, ruleResult, ruleType, ruleExecutionCause, generateRuleLatencyType, ruleExecutionLatency)
+	m.RecordPolicyExecutionDuration(policyValidationMode, policyType, policyBackgroundMode, policyNamespace, policyName, ruleName, ruleResult, ruleType, ruleExecutionCause, ruleExecutionLatency)

 	return nil
 }

 // policy - policy related data
 // engineResponse - resource and rule related data
-func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, generateRuleLatencyType string, resourceRequestOperation metrics.ResourceRequestOperation) error {
+func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, resourceRequestOperation metrics.ResourceRequestOperation) error {
 	name, namespace, policyType, backgroundMode, validationMode, err := metrics.GetPolicyInfos(policy)
 	if err != nil {
 		return err
 	}
 	resourceSpec := engineResponse.PolicyResponse.Resource
-	resourceKind := resourceSpec.Kind
 	resourceNamespace := resourceSpec.Namespace
 	ruleResponses := engineResponse.PolicyResponse.Rules
 	for _, rule := range ruleResponses {
@ -81,13 +76,11 @@ func ProcessEngineResponse(m *metrics.MetricsConfig, policy kyvernov1.PolicyInte
 			policyType,
 			backgroundMode,
 			namespace, name,
-			resourceKind, resourceNamespace,
-			resourceRequestOperation,
+			resourceNamespace,
 			ruleName,
 			ruleResult,
 			ruleType,
 			executionCause,
-			generateRuleLatencyType,
 			ruleExecutionLatencyInSeconds,
 		); err != nil {
 			return err
--- a/pkg/policy/existing.go
+++ b/pkg/policy/existing.go
@ -68,7 +68,7 @@ func (pc *PolicyController) registerPolicyResultsMetricValidation(logger logr.Lo
 }

 func (pc *PolicyController) registerPolicyExecutionDurationMetricValidate(logger logr.Logger, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
-	if err := policyExecutionDuration.ProcessEngineResponse(pc.metricsConfig, policy, engineResponse, metrics.BackgroundScan, "", metrics.ResourceCreated); err != nil {
+	if err := policyExecutionDuration.ProcessEngineResponse(pc.metricsConfig, policy, engineResponse, metrics.BackgroundScan, metrics.ResourceCreated); err != nil {
 		logger.Error(err, "error occurred while registering kyverno_policy_execution_duration_seconds metrics for the above policy", "name", policy.GetName())
 	}
 }
--- a/pkg/webhooks/utils/metrics.go
+++ b/pkg/webhooks/utils/metrics.go
@ -92,18 +92,18 @@ func RegisterPolicyResultsMetricGeneration(logger logr.Logger, metricsConfig *me

 func RegisterPolicyExecutionDurationMetricMutate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
 	registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
-		return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op)
+		return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op)
 	})
 }

 func RegisterPolicyExecutionDurationMetricValidate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
 	registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
-		return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op)
+		return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op)
 	})
 }

 func RegisterPolicyExecutionDurationMetricGenerate(logger logr.Logger, metricsConfig *metrics.MetricsConfig, requestOperation string, policy kyvernov1.PolicyInterface, engineResponse response.EngineResponse) {
 	registerMetric(logger, "kyverno_policy_execution_duration_seconds", requestOperation, func(op metrics.ResourceRequestOperation) error {
-		return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, "", op)
+		return policyExecutionDuration.ProcessEngineResponse(metricsConfig, policy, engineResponse, metrics.AdmissionRequest, op)
 	})
 }