diff --git a/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go b/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go index 0f3b8693734..a541fa803e7 100644 --- a/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go +++ b/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go @@ -44,23 +44,80 @@ func (s Operation) String() string { return operationLabelValues[s] } +type Warning int + +const ( + SuccessWarning Warning = iota + ContainerNameNotFoundWarning +) + +var warningLabelValues = map[Warning]string{ + SuccessWarning: "", + ContainerNameNotFoundWarning: "container-name-not-found", +} + +func (s Warning) String() string { + return warningLabelValues[s] +} + +type Error int + +const ( + SuccessError Error = iota + AddPodContainerError + AddPodError + UpdatePodError + DeletePodError +) + +var errorLabelValues = map[Error]string{ + SuccessError: "", + AddPodContainerError: "add-pod-container-failed", + AddPodError: "add-pod-error", + UpdatePodError: "update-pod-error", + DeletePodError: "delete-pod-error", +} + +func (s Error) String() string { + return errorLabelValues[s] +} + var ( PolicyFilterOpMetrics = prometheus.NewCounterVec(prometheus.CounterOpts{ Namespace: consts.MetricsNamespace, Name: "policyfilter_metrics_total", Help: "Policy filter metrics. For internal use only.", ConstLabels: nil, - }, []string{"subsys", "op"}) + }, []string{"subsys", "op", "warning", "error"}) ) func InitMetrics(registry *prometheus.Registry) { registry.MustRegister(PolicyFilterOpMetrics) // Initialize metrics with labels - PolicyFilterOpMetrics.WithLabelValues(RTHooksSubsys.String(), AddContainerOperation.String()).Add(0) - PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), AddPodOperation.String()).Add(0) - PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), UpdatePodOperation.String()).Add(0) - PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), DeletePodOperation.String()).Add(0) + // RTHooksSubsys + PolicyFilterOpMetrics.WithLabelValues(RTHooksSubsys.String(), AddContainerOperation.String(), + SuccessWarning.String(), SuccessError.String()).Add(0) + PolicyFilterOpMetrics.WithLabelValues(RTHooksSubsys.String(), AddContainerOperation.String(), + ContainerNameNotFoundWarning.String(), SuccessError.String()).Add(0) + PolicyFilterOpMetrics.WithLabelValues(RTHooksSubsys.String(), AddContainerOperation.String(), + SuccessWarning.String(), AddPodContainerError.String()).Add(0) + + // PodHandlersSubsys + PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), AddPodOperation.String(), + SuccessWarning.String(), SuccessError.String()).Add(0) + PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), AddPodOperation.String(), + SuccessWarning.String(), AddPodError.String()).Add(0) + + PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), UpdatePodOperation.String(), + SuccessWarning.String(), SuccessError.String()).Add(0) + PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), UpdatePodOperation.String(), + SuccessWarning.String(), UpdatePodError.String()).Add(0) + + PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), DeletePodOperation.String(), + SuccessWarning.String(), SuccessError.String()).Add(0) + PolicyFilterOpMetrics.WithLabelValues(PodHandlersSubsys.String(), DeletePodOperation.String(), + SuccessWarning.String(), DeletePodError.String()).Add(0) // NOTES: // * error, error_type, type - standardize on a label @@ -68,8 +125,8 @@ func InitMetrics(registry *prometheus.Registry) { // * Rename policyfilter_metrics_total to get rid of _metrics? } -func OpInc(subsys Subsys, op Operation) { +func OpInc(subsys Subsys, op Operation, warning Warning, errorLabel Error) { PolicyFilterOpMetrics.WithLabelValues( - subsys.String(), op.String(), + subsys.String(), op.String(), warning.String(), errorLabel.String(), ).Inc() } diff --git a/pkg/policyfilter/rthooks/rthooks.go b/pkg/policyfilter/rthooks/rthooks.go index 65c6d1eac5b..e94147cfed9 100644 --- a/pkg/policyfilter/rthooks/rthooks.go +++ b/pkg/policyfilter/rthooks/rthooks.go @@ -109,8 +109,25 @@ func createContainerHook(_ context.Context, arg *rthooks.CreateContainerArg) err cgid := policyfilter.CgroupID(cgID) if err := pfState.AddPodContainer(policyfilter.PodID(podID), namespace, pod.Labels, containerID, cgid, containerName); err != nil { log.WithError(err).Warn("failed to update policy filter, aborting hook.") + policyfiltermetrics.OpInc(policyfiltermetrics.RTHooksSubsys, policyfiltermetrics.AddContainerOperation, + policyfiltermetrics.ContainerNameNotFoundWarning, policyfiltermetrics.AddPodContainerError) + return err + } + + // whether the operation of adding the container to policy can be considered successful + // i.e. no warnings were produced. Used only for adding metrics without errors + operationSuccessMetric := true + + if containerName == "" { + policyfiltermetrics.OpInc(policyfiltermetrics.RTHooksSubsys, policyfiltermetrics.AddContainerOperation, + policyfiltermetrics.ContainerNameNotFoundWarning, policyfiltermetrics.SuccessError) + operationSuccessMetric = false + } + + if operationSuccessMetric { + policyfiltermetrics.OpInc(policyfiltermetrics.RTHooksSubsys, policyfiltermetrics.AddContainerOperation, + policyfiltermetrics.SuccessWarning, policyfiltermetrics.SuccessError) } - policyfiltermetrics.OpInc(policyfiltermetrics.RTHooksSubsys, policyfiltermetrics.AddContainerOperation) return nil } diff --git a/pkg/policyfilter/state.go b/pkg/policyfilter/state.go index fc59c83478a..2ef4450c11e 100644 --- a/pkg/policyfilter/state.go +++ b/pkg/policyfilter/state.go @@ -315,8 +315,14 @@ func (m *state) getPodEventHandlers() cache.ResourceEventHandlerFuncs { logger.GetLogger().Warn("policyfilter, add-pod handler: unexpected object type: %T", pod) return } - m.updatePodHandler(pod) - policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.AddPodOperation) + err := m.updatePodHandler(pod) + if err != nil { + policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.AddPodOperation, + policyfiltermetrics.SuccessWarning, policyfiltermetrics.AddPodError) + } else { + policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.AddPodOperation, + policyfiltermetrics.SuccessWarning, policyfiltermetrics.SuccessError) + } }, UpdateFunc: func(_, newObj interface{}) { pod, ok := newObj.(*v1.Pod) @@ -324,8 +330,14 @@ func (m *state) getPodEventHandlers() cache.ResourceEventHandlerFuncs { logger.GetLogger().Warn("policyfilter, update-pod handler: unexpected object type(s): new:%T", pod) return } - m.updatePodHandler(pod) - policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.UpdatePodOperation) + err := m.updatePodHandler(pod) + if err != nil { + policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.UpdatePodOperation, + policyfiltermetrics.SuccessWarning, policyfiltermetrics.UpdatePodError) + } else { + policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.UpdatePodOperation, + policyfiltermetrics.SuccessWarning, policyfiltermetrics.SuccessError) + } }, DeleteFunc: func(obj interface{}) { // Remove all containers for this pod @@ -347,8 +359,12 @@ func (m *state) getPodEventHandlers() cache.ResourceEventHandlerFuncs { "pod-id": podID, "namespace": namespace, }).Warn("policyfilter, delete-pod handler: DelPod failed") + policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.DeletePodOperation, + policyfiltermetrics.SuccessWarning, policyfiltermetrics.DeletePodError) + } else { + policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.DeletePodOperation, + policyfiltermetrics.SuccessWarning, policyfiltermetrics.SuccessError) } - policyfiltermetrics.OpInc(policyfiltermetrics.PodHandlersSubsys, policyfiltermetrics.DeletePodOperation) }, } }