mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
feat: use a dedicated policy metrics controller (#4818)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
parent
ecb0ad32ec
commit
ebe86473fc
5 changed files with 101 additions and 36 deletions
|
@ -24,6 +24,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/config"
|
"github.com/kyverno/kyverno/pkg/config"
|
||||||
"github.com/kyverno/kyverno/pkg/controllers/certmanager"
|
"github.com/kyverno/kyverno/pkg/controllers/certmanager"
|
||||||
configcontroller "github.com/kyverno/kyverno/pkg/controllers/config"
|
configcontroller "github.com/kyverno/kyverno/pkg/controllers/config"
|
||||||
|
policymetricscontroller "github.com/kyverno/kyverno/pkg/controllers/metrics/policy"
|
||||||
policycachecontroller "github.com/kyverno/kyverno/pkg/controllers/policycache"
|
policycachecontroller "github.com/kyverno/kyverno/pkg/controllers/policycache"
|
||||||
admissionreportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/admission"
|
admissionreportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/admission"
|
||||||
aggregatereportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/aggregate"
|
aggregatereportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/aggregate"
|
||||||
|
@ -589,6 +590,12 @@ func main() {
|
||||||
maxQueuedEvents,
|
maxQueuedEvents,
|
||||||
logging.WithName("EventGenerator"),
|
logging.WithName("EventGenerator"),
|
||||||
)
|
)
|
||||||
|
// This controller only subscribe to events, nothing is returned...
|
||||||
|
policymetricscontroller.NewController(
|
||||||
|
metricsConfig,
|
||||||
|
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||||
|
kyvernoInformer.Kyverno().V1().Policies(),
|
||||||
|
)
|
||||||
// create non leader controllers
|
// create non leader controllers
|
||||||
nonLeaderControllers, nonLeaderBootstrap := createNonLeaderControllers(
|
nonLeaderControllers, nonLeaderBootstrap := createNonLeaderControllers(
|
||||||
kubeInformer,
|
kubeInformer,
|
||||||
|
|
81
pkg/controllers/metrics/policy/controller.go
Normal file
81
pkg/controllers/metrics/policy/controller.go
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
package policy
|
||||||
|
|
||||||
|
import (
|
||||||
|
kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||||
|
kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
||||||
|
"github.com/kyverno/kyverno/pkg/metrics"
|
||||||
|
controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
|
||||||
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
|
)
|
||||||
|
|
||||||
|
type controller struct {
|
||||||
|
// config
|
||||||
|
metricsConfig *metrics.MetricsConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: this is a very strange controller, it only processes events, this should be changed to a real controller
|
||||||
|
// but this is difficult as we currently can't remove existing metrics. To be reviewed when we implement a more
|
||||||
|
// solid metrics system.
|
||||||
|
func NewController(metricsConfig *metrics.MetricsConfig, cpolInformer kyvernov1informers.ClusterPolicyInformer, polInformer kyvernov1informers.PolicyInformer) {
|
||||||
|
c := controller{
|
||||||
|
metricsConfig: metricsConfig,
|
||||||
|
}
|
||||||
|
controllerutils.AddEventHandlers(cpolInformer.Informer(), c.addPolicy, c.updatePolicy, c.deletePolicy)
|
||||||
|
controllerutils.AddEventHandlers(polInformer.Informer(), c.addNsPolicy, c.updateNsPolicy, c.deleteNsPolicy)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *controller) addPolicy(obj interface{}) {
|
||||||
|
p := obj.(*kyvernov1.ClusterPolicy)
|
||||||
|
// register kyverno_policy_rule_info_total metric concurrently
|
||||||
|
go c.registerPolicyRuleInfoMetricAddPolicy(logger, p)
|
||||||
|
// register kyverno_policy_changes_total metric concurrently
|
||||||
|
go c.registerPolicyChangesMetricAddPolicy(logger, p)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *controller) updatePolicy(old, cur interface{}) {
|
||||||
|
oldP, curP := old.(*kyvernov1.ClusterPolicy), cur.(*kyvernov1.ClusterPolicy)
|
||||||
|
// register kyverno_policy_rule_info_total metric concurrently
|
||||||
|
go c.registerPolicyRuleInfoMetricUpdatePolicy(logger, oldP, curP)
|
||||||
|
// register kyverno_policy_changes_total metric concurrently
|
||||||
|
go c.registerPolicyChangesMetricUpdatePolicy(logger, oldP, curP)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *controller) deletePolicy(obj interface{}) {
|
||||||
|
p, ok := kubeutils.GetObjectWithTombstone(obj).(*kyvernov1.ClusterPolicy)
|
||||||
|
if !ok {
|
||||||
|
logger.Info("Failed to get deleted object", "obj", obj)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// register kyverno_policy_rule_info_total metric concurrently
|
||||||
|
go c.registerPolicyRuleInfoMetricDeletePolicy(logger, p)
|
||||||
|
// register kyverno_policy_changes_total metric concurrently
|
||||||
|
go c.registerPolicyChangesMetricDeletePolicy(logger, p)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *controller) addNsPolicy(obj interface{}) {
|
||||||
|
p := obj.(*kyvernov1.Policy)
|
||||||
|
// register kyverno_policy_rule_info_total metric concurrently
|
||||||
|
go c.registerPolicyRuleInfoMetricAddPolicy(logger, p)
|
||||||
|
// register kyverno_policy_changes_total metric concurrently
|
||||||
|
go c.registerPolicyChangesMetricAddPolicy(logger, p)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *controller) updateNsPolicy(old, cur interface{}) {
|
||||||
|
oldP, curP := old.(*kyvernov1.Policy), cur.(*kyvernov1.Policy)
|
||||||
|
// register kyverno_policy_rule_info_total metric concurrently
|
||||||
|
go c.registerPolicyRuleInfoMetricUpdatePolicy(logger, oldP, curP)
|
||||||
|
// register kyverno_policy_changes_total metric concurrently
|
||||||
|
go c.registerPolicyChangesMetricUpdatePolicy(logger, oldP, curP)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *controller) deleteNsPolicy(obj interface{}) {
|
||||||
|
p, ok := kubeutils.GetObjectWithTombstone(obj).(*kyvernov1.Policy)
|
||||||
|
if !ok {
|
||||||
|
logger.Info("Failed to get deleted object", "obj", obj)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// register kyverno_policy_rule_info_total metric concurrently
|
||||||
|
go c.registerPolicyRuleInfoMetricDeletePolicy(logger, p)
|
||||||
|
// register kyverno_policy_changes_total metric concurrently
|
||||||
|
go c.registerPolicyChangesMetricDeletePolicy(logger, p)
|
||||||
|
}
|
7
pkg/controllers/metrics/policy/log.go
Normal file
7
pkg/controllers/metrics/policy/log.go
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
package policy
|
||||||
|
|
||||||
|
import "github.com/kyverno/kyverno/pkg/logging"
|
||||||
|
|
||||||
|
const controllerName = "policy-metrics"
|
||||||
|
|
||||||
|
var logger = logging.WithName(controllerName)
|
|
@ -9,14 +9,14 @@ import (
|
||||||
policyRuleInfoMetric "github.com/kyverno/kyverno/pkg/metrics/policyruleinfo"
|
policyRuleInfoMetric "github.com/kyverno/kyverno/pkg/metrics/policyruleinfo"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (pc *PolicyController) registerPolicyRuleInfoMetricAddPolicy(logger logr.Logger, p kyvernov1.PolicyInterface) {
|
func (pc *controller) registerPolicyRuleInfoMetricAddPolicy(logger logr.Logger, p kyvernov1.PolicyInterface) {
|
||||||
err := policyRuleInfoMetric.AddPolicy(pc.metricsConfig, p)
|
err := policyRuleInfoMetric.AddPolicy(pc.metricsConfig, p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "error occurred while registering kyverno_policy_rule_info_total metrics for the above policy's creation", "name", p.GetName())
|
logger.Error(err, "error occurred while registering kyverno_policy_rule_info_total metrics for the above policy's creation", "name", p.GetName())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *PolicyController) registerPolicyRuleInfoMetricUpdatePolicy(logger logr.Logger, oldP, curP kyvernov1.PolicyInterface) {
|
func (pc *controller) registerPolicyRuleInfoMetricUpdatePolicy(logger logr.Logger, oldP, curP kyvernov1.PolicyInterface) {
|
||||||
// removing the old rules associated metrics
|
// removing the old rules associated metrics
|
||||||
err := policyRuleInfoMetric.RemovePolicy(pc.metricsConfig, oldP)
|
err := policyRuleInfoMetric.RemovePolicy(pc.metricsConfig, oldP)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -29,21 +29,21 @@ func (pc *PolicyController) registerPolicyRuleInfoMetricUpdatePolicy(logger logr
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *PolicyController) registerPolicyRuleInfoMetricDeletePolicy(logger logr.Logger, p kyvernov1.PolicyInterface) {
|
func (pc *controller) registerPolicyRuleInfoMetricDeletePolicy(logger logr.Logger, p kyvernov1.PolicyInterface) {
|
||||||
err := policyRuleInfoMetric.RemovePolicy(pc.metricsConfig, p)
|
err := policyRuleInfoMetric.RemovePolicy(pc.metricsConfig, p)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "error occurred while registering kyverno_policy_rule_info_total metrics for the above policy's deletion", "name", p.GetName())
|
logger.Error(err, "error occurred while registering kyverno_policy_rule_info_total metrics for the above policy's deletion", "name", p.GetName())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *PolicyController) registerPolicyChangesMetricAddPolicy(logger logr.Logger, p kyvernov1.PolicyInterface) {
|
func (pc *controller) registerPolicyChangesMetricAddPolicy(logger logr.Logger, p kyvernov1.PolicyInterface) {
|
||||||
err := policyChangesMetric.RegisterPolicy(pc.metricsConfig, p, policyChangesMetric.PolicyCreated)
|
err := policyChangesMetric.RegisterPolicy(pc.metricsConfig, p, policyChangesMetric.PolicyCreated)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's creation", "name", p.GetName())
|
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's creation", "name", p.GetName())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *PolicyController) registerPolicyChangesMetricUpdatePolicy(logger logr.Logger, oldP, curP kyvernov1.PolicyInterface) {
|
func (pc *controller) registerPolicyChangesMetricUpdatePolicy(logger logr.Logger, oldP, curP kyvernov1.PolicyInterface) {
|
||||||
oldSpec := oldP.GetSpec()
|
oldSpec := oldP.GetSpec()
|
||||||
curSpec := curP.GetSpec()
|
curSpec := curP.GetSpec()
|
||||||
if reflect.DeepEqual(oldSpec, curSpec) {
|
if reflect.DeepEqual(oldSpec, curSpec) {
|
||||||
|
@ -62,7 +62,7 @@ func (pc *PolicyController) registerPolicyChangesMetricUpdatePolicy(logger logr.
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *PolicyController) registerPolicyChangesMetricDeletePolicy(logger logr.Logger, p kyvernov1.PolicyInterface) {
|
func (pc *controller) registerPolicyChangesMetricDeletePolicy(logger logr.Logger, p kyvernov1.PolicyInterface) {
|
||||||
err := policyChangesMetric.RegisterPolicy(pc.metricsConfig, p, policyChangesMetric.PolicyDeleted)
|
err := policyChangesMetric.RegisterPolicy(pc.metricsConfig, p, policyChangesMetric.PolicyDeleted)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's deletion", "name", p.GetName())
|
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's deletion", "name", p.GetName())
|
|
@ -163,11 +163,6 @@ func (pc *PolicyController) addPolicy(obj interface{}) {
|
||||||
|
|
||||||
logger.Info("policy created", "uid", p.UID, "kind", "ClusterPolicy", "name", p.Name)
|
logger.Info("policy created", "uid", p.UID, "kind", "ClusterPolicy", "name", p.Name)
|
||||||
|
|
||||||
// register kyverno_policy_rule_info_total metric concurrently
|
|
||||||
go pc.registerPolicyRuleInfoMetricAddPolicy(logger, p)
|
|
||||||
// register kyverno_policy_changes_total metric concurrently
|
|
||||||
go pc.registerPolicyChangesMetricAddPolicy(logger, p)
|
|
||||||
|
|
||||||
if !toggle.AutogenInternals.Enabled() {
|
if !toggle.AutogenInternals.Enabled() {
|
||||||
if p.Spec.Background == nil || p.Spec.ValidationFailureAction == "" || missingAutoGenRules(p, logger) {
|
if p.Spec.Background == nil || p.Spec.ValidationFailureAction == "" || missingAutoGenRules(p, logger) {
|
||||||
pol, _ := utilscommon.MutatePolicy(p, logger)
|
pol, _ := utilscommon.MutatePolicy(p, logger)
|
||||||
|
@ -191,11 +186,6 @@ func (pc *PolicyController) updatePolicy(old, cur interface{}) {
|
||||||
oldP := old.(*kyvernov1.ClusterPolicy)
|
oldP := old.(*kyvernov1.ClusterPolicy)
|
||||||
curP := cur.(*kyvernov1.ClusterPolicy)
|
curP := cur.(*kyvernov1.ClusterPolicy)
|
||||||
|
|
||||||
// register kyverno_policy_rule_info_total metric concurrently
|
|
||||||
go pc.registerPolicyRuleInfoMetricUpdatePolicy(logger, oldP, curP)
|
|
||||||
// register kyverno_policy_changes_total metric concurrently
|
|
||||||
go pc.registerPolicyChangesMetricUpdatePolicy(logger, oldP, curP)
|
|
||||||
|
|
||||||
if !toggle.AutogenInternals.Enabled() {
|
if !toggle.AutogenInternals.Enabled() {
|
||||||
if curP.Spec.Background == nil || curP.Spec.ValidationFailureAction == "" || missingAutoGenRules(curP, logger) {
|
if curP.Spec.Background == nil || curP.Spec.ValidationFailureAction == "" || missingAutoGenRules(curP, logger) {
|
||||||
pol, _ := utilscommon.MutatePolicy(curP, logger)
|
pol, _ := utilscommon.MutatePolicy(curP, logger)
|
||||||
|
@ -227,11 +217,6 @@ func (pc *PolicyController) deletePolicy(obj interface{}) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// register kyverno_policy_rule_info_total metric concurrently
|
|
||||||
go pc.registerPolicyRuleInfoMetricDeletePolicy(logger, p)
|
|
||||||
// register kyverno_policy_changes_total metric concurrently
|
|
||||||
go pc.registerPolicyChangesMetricDeletePolicy(logger, p)
|
|
||||||
|
|
||||||
logger.Info("policy deleted", "uid", p.UID, "kind", "ClusterPolicy", "name", p.Name)
|
logger.Info("policy deleted", "uid", p.UID, "kind", "ClusterPolicy", "name", p.Name)
|
||||||
|
|
||||||
// do not clean up UR on generate clone (sync=true) policy deletion
|
// do not clean up UR on generate clone (sync=true) policy deletion
|
||||||
|
@ -249,11 +234,6 @@ func (pc *PolicyController) addNsPolicy(obj interface{}) {
|
||||||
logger := pc.log
|
logger := pc.log
|
||||||
p := obj.(*kyvernov1.Policy)
|
p := obj.(*kyvernov1.Policy)
|
||||||
|
|
||||||
// register kyverno_policy_rule_info_total metric concurrently
|
|
||||||
go pc.registerPolicyRuleInfoMetricAddPolicy(logger, p)
|
|
||||||
// register kyverno_policy_changes_total metric concurrently
|
|
||||||
go pc.registerPolicyChangesMetricAddPolicy(logger, p)
|
|
||||||
|
|
||||||
logger.Info("policy created", "uid", p.UID, "kind", "Policy", "name", p.Name, "namespaces", p.Namespace)
|
logger.Info("policy created", "uid", p.UID, "kind", "Policy", "name", p.Name, "namespaces", p.Namespace)
|
||||||
|
|
||||||
if !toggle.AutogenInternals.Enabled() {
|
if !toggle.AutogenInternals.Enabled() {
|
||||||
|
@ -279,11 +259,6 @@ func (pc *PolicyController) updateNsPolicy(old, cur interface{}) {
|
||||||
oldP := old.(*kyvernov1.Policy)
|
oldP := old.(*kyvernov1.Policy)
|
||||||
curP := cur.(*kyvernov1.Policy)
|
curP := cur.(*kyvernov1.Policy)
|
||||||
|
|
||||||
// register kyverno_policy_rule_info_total metric concurrently
|
|
||||||
go pc.registerPolicyRuleInfoMetricUpdatePolicy(logger, oldP, curP)
|
|
||||||
// register kyverno_policy_changes_total metric concurrently
|
|
||||||
go pc.registerPolicyChangesMetricUpdatePolicy(logger, oldP, curP)
|
|
||||||
|
|
||||||
if !toggle.AutogenInternals.Enabled() {
|
if !toggle.AutogenInternals.Enabled() {
|
||||||
if curP.Spec.Background == nil || curP.Spec.ValidationFailureAction == "" || missingAutoGenRules(curP, logger) {
|
if curP.Spec.Background == nil || curP.Spec.ValidationFailureAction == "" || missingAutoGenRules(curP, logger) {
|
||||||
nsPol, _ := utilscommon.MutatePolicy(curP, logger)
|
nsPol, _ := utilscommon.MutatePolicy(curP, logger)
|
||||||
|
@ -315,11 +290,6 @@ func (pc *PolicyController) deleteNsPolicy(obj interface{}) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// register kyverno_policy_rule_info_total metric concurrently
|
|
||||||
go pc.registerPolicyRuleInfoMetricDeletePolicy(logger, p)
|
|
||||||
// register kyverno_policy_changes_total metric concurrently
|
|
||||||
go pc.registerPolicyChangesMetricDeletePolicy(logger, p)
|
|
||||||
|
|
||||||
logger.Info("policy deleted event", "uid", p.UID, "kind", "Policy", "policy_name", p.Name, "namespaces", p.Namespace)
|
logger.Info("policy deleted event", "uid", p.UID, "kind", "Policy", "policy_name", p.Name, "namespaces", p.Namespace)
|
||||||
|
|
||||||
pol := p
|
pol := p
|
||||||
|
|
Loading…
Add table
Reference in a new issue