New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collect VMI OS info from the Guest agent #11283
Conversation
5150c9f
to
83b9c16
Compare
83b9c16
to
e8aeb79
Compare
/lgtm |
@enp0s3 can you please take a look? |
Hey. Many of our metrics are limited to infra aspects. This can be potentially security relevant information, thus:
To me metrics stand out (compared to i.e. CR level details), because metrics are designed to be formwared to remote systems, and it's much easier to - unintentionally - leak guest related informations. /hold to give us time to answer these questions. |
@fabiand Hi, I'm not aware of any metrics exposing guest related information yet, thus we didn't consider implementing such knob. Are there specific |
It's a general concern - by exposing any information about the guest we cross this boundary. Thus to me this PR should be extended with a cluster level knob in order to turn off all guest related metric reporting. |
e8aeb79
to
f275773
Compare
/unhold Usually metric system already require authentication, aka not permitting arbitrary users to view metrics. This should be good enough. |
/retest |
f275773
to
5cdc809
Compare
/retest |
297c2a6
to
8115c2e
Compare
/lgtm |
It("should have kubevirt_vmi_phase_count correctly configured with guest OS labels", func() { | ||
agentVMI := createAgentVMI() | ||
labels := map[string]string{ | ||
"guest_os_kernel_release": agentVMI.Status.GuestOSInfo.KernelRelease, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@assafad Can you please assert on non-empty strings on each one of the newly added fields?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added.
Signed-off-by: assafad <aadmi@redhat.com>
8115c2e
to
2327548
Compare
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enp0s3 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Required labels detected, running phase 2 presubmits: |
/retest |
/cherry-pick release-1.2 |
@assafad: new pull request created: #11717 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does
Before this PR:
No guest agent info was collected and exposed through vmi metrics.
After this PR:
kernelRelease
,machine
,name
andversionId
fields fromvmi.status.guestOsInfo
are collected and added as labels tokubevirt_vmi_phase_count
metric.Fixes # https://issues.redhat.com/browse/CNV-37369
Why we need it and why it was done in this way
We would like to have more visibility regarding VMIs OS, so we can differentiate between running VMs, and alert for specific OS issues (e.g. https://issues.redhat.com/browse/CNV-38482).
Special notes for your reviewer
Checklist
This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.
Release note