[PodSecurity] Avoid the LegcayRegistry for metrics serving

plugin/pkg/admission/security/podsecurity/admission.go

@@ -43,6 +43,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	corev1listers "k8s.io/client-go/listers/core/v1"
 	"k8s.io/component-base/featuregate"
+	"k8s.io/component-base/metrics/legacyregistry"
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
 	"k8s.io/kubernetes/pkg/apis/apps"
 	"k8s.io/kubernetes/pkg/apis/batch"
@@ -83,6 +84,20 @@ var _ admission.ValidationInterface = &Plugin{}
 var _ genericadmissioninit.WantsExternalKubeInformerFactory = &Plugin{}
 var _ genericadmissioninit.WantsExternalKubeClientSet = &Plugin{}
 
+var (
+	defaultRecorder     *metrics.PrometheusRecorder
+	defaultRecorderInit sync.Once
+)
+
+func getDefaultRecorder() metrics.Recorder {
+	// initialize and register to legacy metrics once
+	defaultRecorderInit.Do(func() {
+		defaultRecorder = metrics.NewPrometheusRecorder(podsecurityadmissionapi.GetAPIVersion())
+		defaultRecorder.MustRegister(legacyregistry.MustRegister)
+	})
+	return defaultRecorder
+}
+
 // newPlugin creates a new admission plugin.
 func newPlugin(reader io.Reader) (*Plugin, error) {
 	config, err := podsecurityconfigloader.LoadFromReader(reader)
@@ -94,14 +109,13 @@ func newPlugin(reader io.Reader) (*Plugin, error) {
 	if err != nil {
 		return nil, fmt.Errorf("could not create PodSecurityRegistry: %w", err)
 	}
-	metrics.LegacyMustRegister()
 
 	return &Plugin{
 		Handler: admission.NewHandler(admission.Create, admission.Update),
 		delegate: &podsecurityadmission.Admission{
 			Configuration:    config,
 			Evaluator:        evaluator,
-			Metrics:          metrics.DefaultRecorder(),
+			Metrics:          getDefaultRecorder(),
 			PodSpecExtractor: podsecurityadmission.DefaultPodSpecExtractor{},
 		},
 	}, nil