From 77241d31253baf051302fff7480c9601ad817399 Mon Sep 17 00:00:00 2001 From: Anish Ramasekar Date: Wed, 7 Feb 2024 19:44:41 +0000 Subject: [PATCH] Add `apiserver_encryption_config_controller_automatic_reloads_total` metric - Adds `apiserver_encryption_config_controller_automatic_reloads_total` metric with status label for encryption config reload success/failure. - Deprecated `apiserver_encryption_config_controller_automatic_reload_failures_total` and `apiserver_encryption_config_controller_automatic_reload_success_total` Signed-off-by: Anish Ramasekar --- .../controller/controller_test.go | 7 +++ .../encryptionconfig/metrics/metrics.go | 46 +++++++++++----- .../encryptionconfig/metrics/metrics_test.go | 52 +++++++++++++++---- .../transformation/kms_transformation_test.go | 1 + 4 files changed, 82 insertions(+), 24 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller_test.go b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller_test.go index da7948a2288..e29e8d5e6a3 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller_test.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/controller/controller_test.go @@ -47,11 +47,17 @@ func TestController(t *testing.T) { # HELP apiserver_encryption_config_controller_automatic_reload_success_total [ALPHA] Total number of successful automatic reloads of encryption configuration split by apiserver identity. # TYPE apiserver_encryption_config_controller_automatic_reload_success_total counter apiserver_encryption_config_controller_automatic_reload_success_total{apiserver_id_hash="sha256:cd8a60cec6134082e9f37e7a4146b4bc14a0bf8a863237c36ec8fdb658c3e027"} 1 +# HELP apiserver_encryption_config_controller_automatic_reloads_total [ALPHA] Total number of reload successes and failures of encryption configuration split by apiserver identity. +# TYPE apiserver_encryption_config_controller_automatic_reloads_total counter +apiserver_encryption_config_controller_automatic_reloads_total{apiserver_id_hash="sha256:cd8a60cec6134082e9f37e7a4146b4bc14a0bf8a863237c36ec8fdb658c3e027",status="success"} 1 ` const expectedFailureMetricValue = ` # HELP apiserver_encryption_config_controller_automatic_reload_failures_total [ALPHA] Total number of failed automatic reloads of encryption configuration split by apiserver identity. # TYPE apiserver_encryption_config_controller_automatic_reload_failures_total counter apiserver_encryption_config_controller_automatic_reload_failures_total{apiserver_id_hash="sha256:cd8a60cec6134082e9f37e7a4146b4bc14a0bf8a863237c36ec8fdb658c3e027"} 1 +# HELP apiserver_encryption_config_controller_automatic_reloads_total [ALPHA] Total number of reload successes and failures of encryption configuration split by apiserver identity. +# TYPE apiserver_encryption_config_controller_automatic_reloads_total counter +apiserver_encryption_config_controller_automatic_reloads_total{apiserver_id_hash="sha256:cd8a60cec6134082e9f37e7a4146b4bc14a0bf8a863237c36ec8fdb658c3e027",status="failure"} 1 ` tests := []struct { @@ -334,6 +340,7 @@ apiserver_encryption_config_controller_automatic_reload_failures_total{apiserver if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(test.wantMetrics), "apiserver_encryption_config_controller_automatic_reload_success_total", "apiserver_encryption_config_controller_automatic_reload_failures_total", + "apiserver_encryption_config_controller_automatic_reloads_total", ); err != nil { t.Errorf("failed to validate metrics: %v", err) } diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics.go b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics.go index 70414035fed..745277002be 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics.go @@ -32,24 +32,41 @@ const ( ) var ( - encryptionConfigAutomaticReloadFailureTotal = metrics.NewCounterVec( + encryptionConfigAutomaticReloadsTotal = metrics.NewCounterVec( &metrics.CounterOpts{ Namespace: namespace, Subsystem: subsystem, - Name: "automatic_reload_failures_total", - Help: "Total number of failed automatic reloads of encryption configuration split by apiserver identity.", + Name: "automatic_reloads_total", + Help: "Total number of reload successes and failures of encryption configuration split by apiserver identity.", StabilityLevel: metrics.ALPHA, }, + []string{"status", "apiserver_id_hash"}, + ) + + // deprecatedEncryptionConfigAutomaticReloadFailureTotal has been deprecated in 1.30.0 + // use encryptionConfigAutomaticReloadsTotal instead + deprecatedEncryptionConfigAutomaticReloadFailureTotal = metrics.NewCounterVec( + &metrics.CounterOpts{ + Namespace: namespace, + Subsystem: subsystem, + Name: "automatic_reload_failures_total", + Help: "Total number of failed automatic reloads of encryption configuration split by apiserver identity.", + StabilityLevel: metrics.ALPHA, + DeprecatedVersion: "1.30.0", + }, []string{"apiserver_id_hash"}, ) - encryptionConfigAutomaticReloadSuccessTotal = metrics.NewCounterVec( + // deprecatedEncryptionConfigAutomaticReloadSuccessTotal has been deprecated in 1.30.0 + // use encryptionConfigAutomaticReloadsTotal instead + deprecatedEncryptionConfigAutomaticReloadSuccessTotal = metrics.NewCounterVec( &metrics.CounterOpts{ - Namespace: namespace, - Subsystem: subsystem, - Name: "automatic_reload_success_total", - Help: "Total number of successful automatic reloads of encryption configuration split by apiserver identity.", - StabilityLevel: metrics.ALPHA, + Namespace: namespace, + Subsystem: subsystem, + Name: "automatic_reload_success_total", + Help: "Total number of successful automatic reloads of encryption configuration split by apiserver identity.", + StabilityLevel: metrics.ALPHA, + DeprecatedVersion: "1.30.0", }, []string{"apiserver_id_hash"}, ) @@ -76,21 +93,24 @@ func RegisterMetrics() { return sha256.New() }, } - legacyregistry.MustRegister(encryptionConfigAutomaticReloadFailureTotal) - legacyregistry.MustRegister(encryptionConfigAutomaticReloadSuccessTotal) + legacyregistry.MustRegister(encryptionConfigAutomaticReloadsTotal) + legacyregistry.MustRegister(deprecatedEncryptionConfigAutomaticReloadFailureTotal) + legacyregistry.MustRegister(deprecatedEncryptionConfigAutomaticReloadSuccessTotal) legacyregistry.MustRegister(encryptionConfigAutomaticReloadLastTimestampSeconds) }) } func RecordEncryptionConfigAutomaticReloadFailure(apiServerID string) { apiServerIDHash := getHash(apiServerID) - encryptionConfigAutomaticReloadFailureTotal.WithLabelValues(apiServerIDHash).Inc() + encryptionConfigAutomaticReloadsTotal.WithLabelValues("failure", apiServerIDHash).Inc() + deprecatedEncryptionConfigAutomaticReloadFailureTotal.WithLabelValues(apiServerIDHash).Inc() recordEncryptionConfigAutomaticReloadTimestamp("failure", apiServerIDHash) } func RecordEncryptionConfigAutomaticReloadSuccess(apiServerID string) { apiServerIDHash := getHash(apiServerID) - encryptionConfigAutomaticReloadSuccessTotal.WithLabelValues(apiServerIDHash).Inc() + encryptionConfigAutomaticReloadsTotal.WithLabelValues("success", apiServerIDHash).Inc() + deprecatedEncryptionConfigAutomaticReloadSuccessTotal.WithLabelValues(apiServerIDHash).Inc() recordEncryptionConfigAutomaticReloadTimestamp("success", apiServerIDHash) } diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics_test.go b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics_test.go index fdf89e9bf95..30adf0d8d70 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics_test.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics/metrics_test.go @@ -20,7 +20,7 @@ import ( "strings" "testing" - "k8s.io/component-base/metrics/legacyregistry" + "k8s.io/component-base/metrics" "k8s.io/component-base/metrics/testutil" ) @@ -29,40 +29,68 @@ const ( testAPIServerIDHash = "sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37" ) +func testMetricsRegistry(t *testing.T) metrics.KubeRegistry { + // setting the version to 1.30.0 to test deprecation + // of deprecatedEncryptionConfigAutomaticReloadFailureTotal and deprecatedEncryptionConfigAutomaticReloadSuccessTotal + registry := testutil.NewFakeKubeRegistry("1.30.0") + registry.MustRegister(encryptionConfigAutomaticReloadsTotal) + registry.MustRegister(deprecatedEncryptionConfigAutomaticReloadFailureTotal) + registry.MustRegister(deprecatedEncryptionConfigAutomaticReloadSuccessTotal) + registry.MustRegister(encryptionConfigAutomaticReloadLastTimestampSeconds) + + t.Cleanup(func() { registry.Reset() }) + + return registry +} + func TestRecordEncryptionConfigAutomaticReloadFailure(t *testing.T) { + registry := testMetricsRegistry(t) + expectedValue := ` - # HELP apiserver_encryption_config_controller_automatic_reload_failures_total [ALPHA] Total number of failed automatic reloads of encryption configuration split by apiserver identity. + # HELP apiserver_encryption_config_controller_automatic_reload_failures_total [ALPHA] (Deprecated since 1.30.0) Total number of failed automatic reloads of encryption configuration split by apiserver identity. # TYPE apiserver_encryption_config_controller_automatic_reload_failures_total counter apiserver_encryption_config_controller_automatic_reload_failures_total {apiserver_id_hash="sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37"} 1 + # HELP apiserver_encryption_config_controller_automatic_reloads_total [ALPHA] Total number of reload successes and failures of encryption configuration split by apiserver identity. + # TYPE apiserver_encryption_config_controller_automatic_reloads_total counter + apiserver_encryption_config_controller_automatic_reloads_total {apiserver_id_hash="sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37",status="failure"} 1 ` - metrics := []string{ + metricNames := []string{ namespace + "_" + subsystem + "_automatic_reload_failures_total", + namespace + "_" + subsystem + "_automatic_reloads_total", } - encryptionConfigAutomaticReloadFailureTotal.Reset() + deprecatedEncryptionConfigAutomaticReloadFailureTotal.Reset() + encryptionConfigAutomaticReloadsTotal.Reset() RegisterMetrics() RecordEncryptionConfigAutomaticReloadFailure(testAPIServerID) - if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(expectedValue), metrics...); err != nil { + if err := testutil.GatherAndCompare(registry, strings.NewReader(expectedValue), metricNames...); err != nil { t.Fatal(err) } } func TestRecordEncryptionConfigAutomaticReloadSuccess(t *testing.T) { + registry := testMetricsRegistry(t) + expectedValue := ` - # HELP apiserver_encryption_config_controller_automatic_reload_success_total [ALPHA] Total number of successful automatic reloads of encryption configuration split by apiserver identity. + # HELP apiserver_encryption_config_controller_automatic_reload_success_total [ALPHA] (Deprecated since 1.30.0) Total number of successful automatic reloads of encryption configuration split by apiserver identity. # TYPE apiserver_encryption_config_controller_automatic_reload_success_total counter apiserver_encryption_config_controller_automatic_reload_success_total {apiserver_id_hash="sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37"} 1 + # HELP apiserver_encryption_config_controller_automatic_reloads_total [ALPHA] Total number of reload successes and failures of encryption configuration split by apiserver identity. + # TYPE apiserver_encryption_config_controller_automatic_reloads_total counter + apiserver_encryption_config_controller_automatic_reloads_total {apiserver_id_hash="sha256:14f9d63e669337ac6bfda2e2162915ee6a6067743eddd4e5c374b572f951ff37",status="success"} 1 ` - metrics := []string{ + metricNames := []string{ namespace + "_" + subsystem + "_automatic_reload_success_total", + namespace + "_" + subsystem + "_automatic_reloads_total", } - encryptionConfigAutomaticReloadSuccessTotal.Reset() + deprecatedEncryptionConfigAutomaticReloadSuccessTotal.Reset() + encryptionConfigAutomaticReloadsTotal.Reset() RegisterMetrics() RecordEncryptionConfigAutomaticReloadSuccess(testAPIServerID) - if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(expectedValue), metrics...); err != nil { + if err := testutil.GatherAndCompare(registry, strings.NewReader(expectedValue), metricNames...); err != nil { t.Fatal(err) } } @@ -93,16 +121,18 @@ func TestEncryptionConfigAutomaticReloadLastTimestampSeconds(t *testing.T) { }, } - metrics := []string{ + metricNames := []string{ namespace + "_" + subsystem + "_automatic_reload_last_timestamp_seconds", } RegisterMetrics() for _, tc := range testCases { + registry := testMetricsRegistry(t) + encryptionConfigAutomaticReloadLastTimestampSeconds.Reset() encryptionConfigAutomaticReloadLastTimestampSeconds.WithLabelValues(tc.resultLabel, testAPIServerIDHash).Set(float64(tc.timestamp)) - if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(tc.expectedValue), metrics...); err != nil { + if err := testutil.GatherAndCompare(registry, strings.NewReader(tc.expectedValue), metricNames...); err != nil { t.Fatal(err) } } diff --git a/test/integration/controlplane/transformation/kms_transformation_test.go b/test/integration/controlplane/transformation/kms_transformation_test.go index df84d7e3e58..afe5964ac0c 100644 --- a/test/integration/controlplane/transformation/kms_transformation_test.go +++ b/test/integration/controlplane/transformation/kms_transformation_test.go @@ -357,6 +357,7 @@ resources: wantMetricStrings := []string{ `apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds{apiserver_id_hash="sha256:3c607df3b2bf22c9d9f01d5314b4bbf411c48ef43ff44ff29b1d55b41367c795",status="success"} FP`, `apiserver_encryption_config_controller_automatic_reload_success_total{apiserver_id_hash="sha256:3c607df3b2bf22c9d9f01d5314b4bbf411c48ef43ff44ff29b1d55b41367c795"} 2`, + `apiserver_encryption_config_controller_automatic_reloads_total{apiserver_id_hash="sha256:3c607df3b2bf22c9d9f01d5314b4bbf411c48ef43ff44ff29b1d55b41367c795",status="success"} 2`, } test.secret, err = test.createSecret(testSecret, testNamespace)