Merge pull request #123179 from aramase/aramase/f/encryption_config_reload_metric

Add `apiserver_encryption_config_controller_automatic_reloads_total` metric and deprecate success/failure counter
2025-07-31 07:20:13 +00:00 · 2024-02-13 08:28:47 -08:00 · 2024-02-13 08:28:47 -08:00 · 7abb063b42
commit 7abb063b42
parent c3b2295c3a 77241d3125
4 changed files with 82 additions and 24 deletions
--- a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller_test.go
@ -47,11 +47,17 @@ func TestController(t *testing.T) {
 # HELP apiserver_encryption_config_controller_automatic_reload_success_total [ALPHA] Total number of successful automatic reloads of encryption configuration split by apiserver identity.
 # TYPE apiserver_encryption_config_controller_automatic_reload_success_total counter
 apiserver_encryption_config_controller_automatic_reload_success_total{apiserver_id_hash="sha256:cd8a60cec6134082e9f37e7a4146b4bc14a0bf8a863237c36ec8fdb658c3e027"} 1
+# HELP apiserver_encryption_config_controller_automatic_reloads_total [ALPHA] Total number of reload successes and failures of encryption configuration split by apiserver identity.
+# TYPE apiserver_encryption_config_controller_automatic_reloads_total counter
+apiserver_encryption_config_controller_automatic_reloads_total{apiserver_id_hash="sha256:cd8a60cec6134082e9f37e7a4146b4bc14a0bf8a863237c36ec8fdb658c3e027",status="success"} 1
 `
 	const expectedFailureMetricValue = `
 # HELP apiserver_encryption_config_controller_automatic_reload_failures_total [ALPHA] Total number of failed automatic reloads of encryption configuration split by apiserver identity.
 # TYPE apiserver_encryption_config_controller_automatic_reload_failures_total counter
 apiserver_encryption_config_controller_automatic_reload_failures_total{apiserver_id_hash="sha256:cd8a60cec6134082e9f37e7a4146b4bc14a0bf8a863237c36ec8fdb658c3e027"} 1
+# HELP apiserver_encryption_config_controller_automatic_reloads_total [ALPHA] Total number of reload successes and failures of encryption configuration split by apiserver identity.
+# TYPE apiserver_encryption_config_controller_automatic_reloads_total counter
+apiserver_encryption_config_controller_automatic_reloads_total{apiserver_id_hash="sha256:cd8a60cec6134082e9f37e7a4146b4bc14a0bf8a863237c36ec8fdb658c3e027",status="failure"} 1
 `

 	tests := []struct {
@ -334,6 +340,7 @@ apiserver_encryption_config_controller_automatic_reload_failures_total{apiserver
 			if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(test.wantMetrics),
 				"apiserver_encryption_config_controller_automatic_reload_success_total",
 				"apiserver_encryption_config_controller_automatic_reload_failures_total",
+				"apiserver_encryption_config_controller_automatic_reloads_total",
 			); err != nil {
 				t.Errorf("failed to validate metrics: %v", err)
 			}
--- a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics.go
@ -32,24 +32,41 @@ const (
 )

 var (
-	encryptionConfigAutomaticReloadFailureTotal = metrics.NewCounterVec(
+	encryptionConfigAutomaticReloadsTotal = metrics.NewCounterVec(
 		&metrics.CounterOpts{
 			Namespace:      namespace,
 			Subsystem:      subsystem,
-			Name:           "automatic_reload_failures_total",
-			Help:           "Total number of failed automatic reloads of encryption configuration split by apiserver identity.",
+			Name:           "automatic_reloads_total",
+			Help:           "Total number of reload successes and failures of encryption configuration split by apiserver identity.",
 			StabilityLevel: metrics.ALPHA,
 		},
+		[]string{"status", "apiserver_id_hash"},
+	)
+
+	// deprecatedEncryptionConfigAutomaticReloadFailureTotal has been deprecated in 1.30.0
+	// use encryptionConfigAutomaticReloadsTotal instead
+	deprecatedEncryptionConfigAutomaticReloadFailureTotal = metrics.NewCounterVec(
+		&metrics.CounterOpts{
+			Namespace:         namespace,
+			Subsystem:         subsystem,
+			Name:              "automatic_reload_failures_total",
+			Help:              "Total number of failed automatic reloads of encryption configuration split by apiserver identity.",
+			StabilityLevel:    metrics.ALPHA,
+			DeprecatedVersion: "1.30.0",
+		},
 		[]string{"apiserver_id_hash"},
 	)

-	encryptionConfigAutomaticReloadSuccessTotal = metrics.NewCounterVec(
+	// deprecatedEncryptionConfigAutomaticReloadSuccessTotal has been deprecated in 1.30.0
+	// use encryptionConfigAutomaticReloadsTotal instead
+	deprecatedEncryptionConfigAutomaticReloadSuccessTotal = metrics.NewCounterVec(
 		&metrics.CounterOpts{
-			Namespace:      namespace,
-			Subsystem:      subsystem,
-			Name:           "automatic_reload_success_total",
-			Help:           "Total number of successful automatic reloads of encryption configuration split by apiserver identity.",
-			StabilityLevel: metrics.ALPHA,
+			Namespace:         namespace,
+			Subsystem:         subsystem,
+			Name:              "automatic_reload_success_total",
+			Help:              "Total number of successful automatic reloads of encryption configuration split by apiserver identity.",
+			StabilityLevel:    metrics.ALPHA,
+			DeprecatedVersion: "1.30.0",
 		},
 		[]string{"apiserver_id_hash"},
 	)
@ -76,21 +93,24 @@ func RegisterMetrics() {
 				return sha256.New()
 			},
 		}
-		legacyregistry.MustRegister(encryptionConfigAutomaticReloadFailureTotal)
-		legacyregistry.MustRegister(encryptionConfigAutomaticReloadSuccessTotal)
+		legacyregistry.MustRegister(encryptionConfigAutomaticReloadsTotal)
+		legacyregistry.MustRegister(deprecatedEncryptionConfigAutomaticReloadFailureTotal)
+		legacyregistry.MustRegister(deprecatedEncryptionConfigAutomaticReloadSuccessTotal)
 		legacyregistry.MustRegister(encryptionConfigAutomaticReloadLastTimestampSeconds)
 	})
 }

 func RecordEncryptionConfigAutomaticReloadFailure(apiServerID string) {
 	apiServerIDHash := getHash(apiServerID)
-	encryptionConfigAutomaticReloadFailureTotal.WithLabelValues(apiServerIDHash).Inc()
+	encryptionConfigAutomaticReloadsTotal.WithLabelValues("failure", apiServerIDHash).Inc()
+	deprecatedEncryptionConfigAutomaticReloadFailureTotal.WithLabelValues(apiServerIDHash).Inc()
 	recordEncryptionConfigAutomaticReloadTimestamp("failure", apiServerIDHash)
 }

 func RecordEncryptionConfigAutomaticReloadSuccess(apiServerID string) {
 	apiServerIDHash := getHash(apiServerID)
-	encryptionConfigAutomaticReloadSuccessTotal.WithLabelValues(apiServerIDHash).Inc()
+	encryptionConfigAutomaticReloadsTotal.WithLabelValues("success", apiServerIDHash).Inc()
+	deprecatedEncryptionConfigAutomaticReloadSuccessTotal.WithLabelValues(apiServerIDHash).Inc()
 	recordEncryptionConfigAutomaticReloadTimestamp("success", apiServerIDHash)
 }

--- a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics_test.go
@ -20,7 +20,7 @@ import (
 	"strings"
 	"testing"

-	"k8s.io/component-base/metrics/legacyregistry"
+	"k8s.io/component-base/metrics"
 	"k8s.io/component-base/metrics/testutil"
 )

@ -29,40 +29,68 @@ const (
 	testAPIServerIDHash = "sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37"
 )

+func testMetricsRegistry(t *testing.T) metrics.KubeRegistry {
+	// setting the version to 1.30.0 to test deprecation
+	// of deprecatedEncryptionConfigAutomaticReloadFailureTotal and deprecatedEncryptionConfigAutomaticReloadSuccessTotal
+	registry := testutil.NewFakeKubeRegistry("1.30.0")
+	registry.MustRegister(encryptionConfigAutomaticReloadsTotal)
+	registry.MustRegister(deprecatedEncryptionConfigAutomaticReloadFailureTotal)
+	registry.MustRegister(deprecatedEncryptionConfigAutomaticReloadSuccessTotal)
+	registry.MustRegister(encryptionConfigAutomaticReloadLastTimestampSeconds)
+
+	t.Cleanup(func() { registry.Reset() })
+
+	return registry
+}
+
 func TestRecordEncryptionConfigAutomaticReloadFailure(t *testing.T) {
+	registry := testMetricsRegistry(t)
+
 	expectedValue := `
-	# HELP apiserver_encryption_config_controller_automatic_reload_failures_total [ALPHA] Total number of failed automatic reloads of encryption configuration split by apiserver identity.
+	# HELP apiserver_encryption_config_controller_automatic_reload_failures_total [ALPHA] (Deprecated since 1.30.0) Total number of failed automatic reloads of encryption configuration split by apiserver identity.
    # TYPE apiserver_encryption_config_controller_automatic_reload_failures_total counter
    apiserver_encryption_config_controller_automatic_reload_failures_total {apiserver_id_hash="sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37"} 1
+	# HELP apiserver_encryption_config_controller_automatic_reloads_total [ALPHA] Total number of reload successes and failures of encryption configuration split by apiserver identity.
+    # TYPE apiserver_encryption_config_controller_automatic_reloads_total counter
+    apiserver_encryption_config_controller_automatic_reloads_total {apiserver_id_hash="sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37",status="failure"} 1
 	`
-	metrics := []string{
+	metricNames := []string{
 		namespace + "_" + subsystem + "_automatic_reload_failures_total",
+		namespace + "_" + subsystem + "_automatic_reloads_total",
 	}

-	encryptionConfigAutomaticReloadFailureTotal.Reset()
+	deprecatedEncryptionConfigAutomaticReloadFailureTotal.Reset()
+	encryptionConfigAutomaticReloadsTotal.Reset()
 	RegisterMetrics()

 	RecordEncryptionConfigAutomaticReloadFailure(testAPIServerID)
-	if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(expectedValue), metrics...); err != nil {
+	if err := testutil.GatherAndCompare(registry, strings.NewReader(expectedValue), metricNames...); err != nil {
 		t.Fatal(err)
 	}
 }

 func TestRecordEncryptionConfigAutomaticReloadSuccess(t *testing.T) {
+	registry := testMetricsRegistry(t)
+
 	expectedValue := `
-	# HELP apiserver_encryption_config_controller_automatic_reload_success_total [ALPHA] Total number of successful automatic reloads of encryption configuration split by apiserver identity.
+	# HELP apiserver_encryption_config_controller_automatic_reload_success_total [ALPHA] (Deprecated since 1.30.0) Total number of successful automatic reloads of encryption configuration split by apiserver identity.
    # TYPE apiserver_encryption_config_controller_automatic_reload_success_total counter
    apiserver_encryption_config_controller_automatic_reload_success_total {apiserver_id_hash="sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37"} 1
+	# HELP apiserver_encryption_config_controller_automatic_reloads_total [ALPHA] Total number of reload successes and failures of encryption configuration split by apiserver identity.
+    # TYPE apiserver_encryption_config_controller_automatic_reloads_total counter
+    apiserver_encryption_config_controller_automatic_reloads_total {apiserver_id_hash="sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37",status="success"} 1
 	`
-	metrics := []string{
+	metricNames := []string{
 		namespace + "_" + subsystem + "_automatic_reload_success_total",
+		namespace + "_" + subsystem + "_automatic_reloads_total",
 	}

-	encryptionConfigAutomaticReloadSuccessTotal.Reset()
+	deprecatedEncryptionConfigAutomaticReloadSuccessTotal.Reset()
+	encryptionConfigAutomaticReloadsTotal.Reset()
 	RegisterMetrics()

 	RecordEncryptionConfigAutomaticReloadSuccess(testAPIServerID)
-	if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(expectedValue), metrics...); err != nil {
+	if err := testutil.GatherAndCompare(registry, strings.NewReader(expectedValue), metricNames...); err != nil {
 		t.Fatal(err)
 	}
 }
@ -93,16 +121,18 @@ func TestEncryptionConfigAutomaticReloadLastTimestampSeconds(t *testing.T) {
 		},
 	}

-	metrics := []string{
+	metricNames := []string{
 		namespace + "_" + subsystem + "_automatic_reload_last_timestamp_seconds",
 	}
 	RegisterMetrics()

 	for _, tc := range testCases {
+		registry := testMetricsRegistry(t)
+
 		encryptionConfigAutomaticReloadLastTimestampSeconds.Reset()
 		encryptionConfigAutomaticReloadLastTimestampSeconds.WithLabelValues(tc.resultLabel, testAPIServerIDHash).Set(float64(tc.timestamp))

-		if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(tc.expectedValue), metrics...); err != nil {
+		if err := testutil.GatherAndCompare(registry, strings.NewReader(tc.expectedValue), metricNames...); err != nil {
 			t.Fatal(err)
 		}
 	}
--- a/test/integration/controlplane/transformation/kms_transformation_test.go
+++ b/test/integration/controlplane/transformation/kms_transformation_test.go
@ -357,6 +357,7 @@ resources:
 	wantMetricStrings := []string{
 		`apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds{apiserver_id_hash="sha256:3c607df3b2bf22c9d9f01d5314b4bbf411c48ef43ff44ff29b1d55b41367c795",status="success"} FP`,
 		`apiserver_encryption_config_controller_automatic_reload_success_total{apiserver_id_hash="sha256:3c607df3b2bf22c9d9f01d5314b4bbf411c48ef43ff44ff29b1d55b41367c795"} 2`,
+		`apiserver_encryption_config_controller_automatic_reloads_total{apiserver_id_hash="sha256:3c607df3b2bf22c9d9f01d5314b4bbf411c48ef43ff44ff29b1d55b41367c795",status="success"} 2`,
 	}

 	test.secret, err = test.createSecret(testSecret, testNamespace)