From ff9ba81440b100213687a2c9e7f7e243ac7e592b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charled.breteche@gmail.com>
Date: Wed, 30 Nov 2022 10:30:24 +0100
Subject: [PATCH] feat: add webhook type to admission metrics (#5493)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 pkg/metrics/attributes.go        | 14 ++++++++++++++
 pkg/webhooks/handlers/metrics.go | 29 +++++++++++------------------
 pkg/webhooks/server.go           |  8 ++++----
 3 files changed, 29 insertions(+), 22 deletions(-)
 create mode 100644 pkg/metrics/attributes.go

diff --git a/pkg/metrics/attributes.go b/pkg/metrics/attributes.go
new file mode 100644
index 0000000000..c95458b212
--- /dev/null
+++ b/pkg/metrics/attributes.go
@@ -0,0 +1,14 @@
+package metrics
+
+import "go.opentelemetry.io/otel/attribute"
+
+const (
+	// keys
+	RequestWebhookKey = attribute.Key("request_webhook")
+)
+
+var (
+	// keyvalues
+	WebhookMutating   = RequestWebhookKey.String("MutatingWebhookConfiguration")
+	WebhookValidating = RequestWebhookKey.String("ValidatingWebhookConfiguration")
+)
diff --git a/pkg/webhooks/handlers/metrics.go b/pkg/webhooks/handlers/metrics.go
index c7c352a019..2d373d0fb5 100644
--- a/pkg/webhooks/handlers/metrics.go
+++ b/pkg/webhooks/handlers/metrics.go
@@ -13,11 +13,11 @@ import (
 	admissionv1 "k8s.io/api/admission/v1"
 )
 
-func (inner AdmissionHandler) WithMetrics(logger logr.Logger, metricsConfig config.MetricsConfiguration) AdmissionHandler {
+func (inner AdmissionHandler) WithMetrics(logger logr.Logger, metricsConfig config.MetricsConfiguration, attrs ...attribute.KeyValue) AdmissionHandler {
 	return inner.withMetrics(logger, metricsConfig).WithTrace("METRICS")
 }
 
-func (inner AdmissionHandler) withMetrics(logger logr.Logger, metricsConfig config.MetricsConfiguration) AdmissionHandler {
+func (inner AdmissionHandler) withMetrics(logger logr.Logger, metricsConfig config.MetricsConfiguration, attrs ...attribute.KeyValue) AdmissionHandler {
 	meter := global.MeterProvider().Meter("kyverno")
 	admissionRequestsMetric, err := meter.SyncInt64().Counter(
 		"kyverno_admission_requests_total",
@@ -42,29 +42,22 @@ func (inner AdmissionHandler) withMetrics(logger logr.Logger, metricsConfig conf
 			if response != nil {
 				allowed = response.Allowed
 			}
+			attributes := []attribute.KeyValue{
+				attribute.String("resource_kind", request.Kind.Kind),
+				attribute.String("resource_namespace", namespace),
+				attribute.String("resource_request_operation", operation),
+				attribute.Bool("request_allowed", allowed),
+			}
+			attributes = append(attributes, attrs...)
 			if admissionReviewDurationMetric != nil {
 				defer func() {
 					latency := int64(time.Since(startTime))
 					admissionReviewLatencyDurationInSeconds := float64(latency) / float64(1000*1000*1000)
-					admissionReviewDurationMetric.Record(
-						ctx,
-						admissionReviewLatencyDurationInSeconds,
-						attribute.String("resource_kind", request.Kind.Kind),
-						attribute.String("resource_namespace", namespace),
-						attribute.String("resource_request_operation", operation),
-						attribute.Bool("request_allowed", allowed),
-					)
+					admissionReviewDurationMetric.Record(ctx, admissionReviewLatencyDurationInSeconds, attributes...)
 				}()
 			}
 			if admissionRequestsMetric != nil {
-				admissionRequestsMetric.Add(
-					ctx,
-					1,
-					attribute.String("resource_kind", request.Kind.Kind),
-					attribute.String("resource_namespace", namespace),
-					attribute.String("resource_request_operation", operation),
-					attribute.Bool("request_allowed", allowed),
-				)
+				admissionRequestsMetric.Add(ctx, 1, attributes...)
 			}
 		}
 		return response
diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go
index 0670c5fa29..46727958b0 100644
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@@ -90,7 +90,7 @@ func NewServer(
 				WithProtection(toggle.ProtectManagedResources.Enabled()).
 				WithDump(debugModeOpts.DumpPayload).
 				WithOperationFilter(admissionv1.Create, admissionv1.Update, admissionv1.Connect).
-				WithMetrics(resourceLogger, metricsConfig.Config).
+				WithMetrics(resourceLogger, metricsConfig.Config, metrics.WebhookMutating).
 				WithAdmission(resourceLogger.WithName("mutate"))
 		},
 	)
@@ -104,7 +104,7 @@ func NewServer(
 				WithFilter(configuration).
 				WithProtection(toggle.ProtectManagedResources.Enabled()).
 				WithDump(debugModeOpts.DumpPayload).
-				WithMetrics(resourceLogger, metricsConfig.Config).
+				WithMetrics(resourceLogger, metricsConfig.Config, metrics.WebhookValidating).
 				WithAdmission(resourceLogger.WithName("validate"))
 		},
 	)
@@ -113,7 +113,7 @@ func NewServer(
 		config.PolicyMutatingWebhookServicePath,
 		handlers.FromAdmissionFunc("MUTATE", policyHandlers.Mutate).
 			WithDump(debugModeOpts.DumpPayload).
-			WithMetrics(policyLogger, metricsConfig.Config).
+			WithMetrics(policyLogger, metricsConfig.Config, metrics.WebhookMutating).
 			WithAdmission(policyLogger.WithName("mutate")).
 			ToHandlerFunc(),
 	)
@@ -123,7 +123,7 @@ func NewServer(
 		handlers.FromAdmissionFunc("VALIDATE", policyHandlers.Validate).
 			WithDump(debugModeOpts.DumpPayload).
 			WithSubResourceFilter().
-			WithMetrics(policyLogger, metricsConfig.Config).
+			WithMetrics(policyLogger, metricsConfig.Config, metrics.WebhookValidating).
 			WithAdmission(policyLogger.WithName("validate")).
 			ToHandlerFunc(),
 	)