Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkg/metrics: add event for tracing policy metrics #927

Merged
merged 1 commit into from Apr 14, 2023
Merged

pkg/metrics: add event for tracing policy metrics #927

merged 1 commit into from Apr 14, 2023

Conversation

kkourt
Copy link
Contributor

@kkourt kkourt commented Apr 14, 2023

This patch adds metrics for tracing policy events. It uses the policy name and a hook name as labels.

As an example, with this policy:

apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
  name: "kubectlexec-net"
spec:
  kprobes:
  - call: "tcp_connect"
    syscall: false
    args:
     - index: 0
       type: "sock"
    selectors:
    - matchPIDs:
      - operator: NotIn
        followForks: true
        isNamespacePID: true
        values:
        - 1
  - call: "tcp_close"
    syscall: false
    args:
     - index: 0
       type: "sock"
    selectors:
    - matchPIDs:
      - operator: NotIn
        followForks: true
        isNamespacePID: true
        values:
        - 1
  - call: "tcp_sendmsg"
    syscall: false
    args:
     - index: 0
       type: "sock"
     - index: 2
       type: int
    # follow any non-init pids (e.g., exec into container)
    selectors:
    - matchPIDs:
      - operator: NotIn
        followForks: true
        isNamespacePID: true
        values:
        - 1

We will see the following events:

tetragon_policy_stats{binary="/usr/bin/curl",hook="kprobe:tcp_close",namespace="default",pod="pizza",policy="kubectlexec-net"} 1                              │
tetragon_policy_stats{binary="/usr/bin/curl",hook="kprobe:tcp_connect",namespace="default",pod="pizza",policy="kubectlexec-net"} 1                            │
tetragon_policy_stats{binary="/usr/bin/curl",hook="kprobe:tcp_sendmsg",namespace="default",pod="pizza",policy="kubectlexec-net"} 1

@kkourt
pkg/metrics: add event for tracing policy metrics
25deb8d 
This patch adds metrics for tracing policy events. It uses the policy
name and a hook name as labels.

As an example, with this policy:
```
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
  name: "kubectlexec-net"
spec:
  kprobes:
  - call: "tcp_connect"
    syscall: false
    args:
     - index: 0
       type: "sock"
    selectors:
    - matchPIDs:
      - operator: NotIn
        followForks: true
        isNamespacePID: true
        values:
        - 1
  - call: "tcp_close"
    syscall: false
    args:
     - index: 0
       type: "sock"
    selectors:
    - matchPIDs:
      - operator: NotIn
        followForks: true
        isNamespacePID: true
        values:
        - 1
  - call: "tcp_sendmsg"
    syscall: false
    args:
     - index: 0
       type: "sock"
     - index: 2
       type: int
    # follow any non-init pids (e.g., exec into container)
    selectors:
    - matchPIDs:
      - operator: NotIn
        followForks: true
        isNamespacePID: true
        values:
        - 1
```

We will see the following events:
```
tetragon_policy_stats{binary="/usr/bin/curl",hook="kprobe:tcp_close",namespace="default",pod="pizza",policy="kubectlexec-net"} 1                              │
tetragon_policy_stats{binary="/usr/bin/curl",hook="kprobe:tcp_connect",namespace="default",pod="pizza",policy="kubectlexec-net"} 1                            │
tetragon_policy_stats{binary="/usr/bin/curl",hook="kprobe:tcp_sendmsg",namespace="default",pod="pizza",policy="kubectlexec-net"} 1
```

Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
@kkourt kkourt requested a review from a team as a code owner April 14, 2023 07:35
@kkourt kkourt requested a review from mtardy April 14, 2023 07:35
@kkourt kkourt mentioned this pull request Apr 14, 2023
Merged
@kkourt kkourt merged commit a712a5b into main Apr 14, 2023
18 checks passed
@kkourt kkourt deleted the pr/kkourt/policy-metrics branch April 14, 2023 08:55
mtardy
mtardy approved these changes Apr 14, 2023
View reviewed changes
Copy link
Member

@mtardy mtardy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

past-merge approval :D! This PR mostly propagates the policy name so that it's available for metrics, it was less complicated that I was thinking to add this metric.

pkg/metrics/eventmetrics/eventmetrics.go
@@ -34,6 +35,12 @@ var (
Help: "The total number of events dropped because listener buffer was full",
ConstLabels: nil,
}, nil)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: whitespace

mtardy
mtardy reviewed Apr 14, 2023
View reviewed changes
Copy link
Member

@mtardy mtardy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

past-merge approval :D! This PR mostly propagates the policy name so that it's available for metrics, it was less complicated that I was thinking to add this metric.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtardy mtardy mtardy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kkourt @mtardy