feat: add webhook type to admission metrics (#5493)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-28 10:28:36 +00:00 · 2022-11-30 10:30:24 +01:00 · 2022-11-30 10:30:24 +01:00 · ff9ba81440
commit ff9ba81440
parent c3be9e36a5
3 changed files with 29 additions and 22 deletions
--- a/pkg/metrics/attributes.go
+++ b/pkg/metrics/attributes.go
@ -0,0 +1,14 @@
+package metrics
+
+import "go.opentelemetry.io/otel/attribute"
+
+const (
+	// keys
+	RequestWebhookKey = attribute.Key("request_webhook")
+)
+
+var (
+	// keyvalues
+	WebhookMutating   = RequestWebhookKey.String("MutatingWebhookConfiguration")
+	WebhookValidating = RequestWebhookKey.String("ValidatingWebhookConfiguration")
+)
--- a/pkg/webhooks/handlers/metrics.go
+++ b/pkg/webhooks/handlers/metrics.go
@ -13,11 +13,11 @@ import (
 	admissionv1 "k8s.io/api/admission/v1"
 )

-func (inner AdmissionHandler) WithMetrics(logger logr.Logger, metricsConfig config.MetricsConfiguration) AdmissionHandler {
+func (inner AdmissionHandler) WithMetrics(logger logr.Logger, metricsConfig config.MetricsConfiguration, attrs ...attribute.KeyValue) AdmissionHandler {
 	return inner.withMetrics(logger, metricsConfig).WithTrace("METRICS")
 }

-func (inner AdmissionHandler) withMetrics(logger logr.Logger, metricsConfig config.MetricsConfiguration) AdmissionHandler {
+func (inner AdmissionHandler) withMetrics(logger logr.Logger, metricsConfig config.MetricsConfiguration, attrs ...attribute.KeyValue) AdmissionHandler {
 	meter := global.MeterProvider().Meter("kyverno")
 	admissionRequestsMetric, err := meter.SyncInt64().Counter(
 		"kyverno_admission_requests_total",
@ -42,29 +42,22 @@ func (inner AdmissionHandler) withMetrics(logger logr.Logger, metricsConfig conf
 			if response != nil {
 				allowed = response.Allowed
 			}
+			attributes := []attribute.KeyValue{
+				attribute.String("resource_kind", request.Kind.Kind),
+				attribute.String("resource_namespace", namespace),
+				attribute.String("resource_request_operation", operation),
+				attribute.Bool("request_allowed", allowed),
+			}
+			attributes = append(attributes, attrs...)
 			if admissionReviewDurationMetric != nil {
 				defer func() {
 					latency := int64(time.Since(startTime))
 					admissionReviewLatencyDurationInSeconds := float64(latency) / float64(1000*1000*1000)
-					admissionReviewDurationMetric.Record(
-						ctx,
-						admissionReviewLatencyDurationInSeconds,
-						attribute.String("resource_kind", request.Kind.Kind),
-						attribute.String("resource_namespace", namespace),
-						attribute.String("resource_request_operation", operation),
-						attribute.Bool("request_allowed", allowed),
-					)
+					admissionReviewDurationMetric.Record(ctx, admissionReviewLatencyDurationInSeconds, attributes...)
 				}()
 			}
 			if admissionRequestsMetric != nil {
-				admissionRequestsMetric.Add(
-					ctx,
-					1,
-					attribute.String("resource_kind", request.Kind.Kind),
-					attribute.String("resource_namespace", namespace),
-					attribute.String("resource_request_operation", operation),
-					attribute.Bool("request_allowed", allowed),
-				)
+				admissionRequestsMetric.Add(ctx, 1, attributes...)
 			}
 		}
 		return response
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@ -90,7 +90,7 @@ func NewServer(
 				WithProtection(toggle.ProtectManagedResources.Enabled()).
 				WithDump(debugModeOpts.DumpPayload).
 				WithOperationFilter(admissionv1.Create, admissionv1.Update, admissionv1.Connect).
-				WithMetrics(resourceLogger, metricsConfig.Config).
+				WithMetrics(resourceLogger, metricsConfig.Config, metrics.WebhookMutating).
 				WithAdmission(resourceLogger.WithName("mutate"))
 		},
 	)
@ -104,7 +104,7 @@ func NewServer(
 				WithFilter(configuration).
 				WithProtection(toggle.ProtectManagedResources.Enabled()).
 				WithDump(debugModeOpts.DumpPayload).
-				WithMetrics(resourceLogger, metricsConfig.Config).
+				WithMetrics(resourceLogger, metricsConfig.Config, metrics.WebhookValidating).
 				WithAdmission(resourceLogger.WithName("validate"))
 		},
 	)
@ -113,7 +113,7 @@ func NewServer(
 		config.PolicyMutatingWebhookServicePath,
 		handlers.FromAdmissionFunc("MUTATE", policyHandlers.Mutate).
 			WithDump(debugModeOpts.DumpPayload).
-			WithMetrics(policyLogger, metricsConfig.Config).
+			WithMetrics(policyLogger, metricsConfig.Config, metrics.WebhookMutating).
 			WithAdmission(policyLogger.WithName("mutate")).
 			ToHandlerFunc(),
 	)
@ -123,7 +123,7 @@ func NewServer(
 		handlers.FromAdmissionFunc("VALIDATE", policyHandlers.Validate).
 			WithDump(debugModeOpts.DumpPayload).
 			WithSubResourceFilter().
-			WithMetrics(policyLogger, metricsConfig.Config).
+			WithMetrics(policyLogger, metricsConfig.Config, metrics.WebhookValidating).
 			WithAdmission(policyLogger.WithName("validate")).
 			ToHandlerFunc(),
 	)