Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: activate stats when flag is on in audit, webhook #2749

Merged
merged 2 commits into from May 10, 2023
Merged

feat: activate stats when flag is on in audit, webhook #2749

merged 2 commits into from May 10, 2023

Conversation

acpana
Copy link
Contributor

@acpana acpana commented May 10, 2023

We merged #2686 (yay! 😀 ) but forgot to actually "activate" the driver options when the flags are true. 🤦🏼

This PR leverages the flags to pass in as driver opts for stats gathering.

Here's what the stats look like:

  • audit
{
  "level": "info",
  "ts": 1683670170.7345476,
  "logger": "controller",
  "msg": "audit review request stats",
  "process": "audit",
  "audit_id": "2023-05-09T22:09:29Z",
  "execution_stats": [
    {
      "scope": "template",
      "statsFor": "K8sRequiredLabels",
      "stats": [
        {
          "name": "templateRunTimeNS",
          "value": 229701,
          "source": {
            "type": "engine",
            "value": "Rego"
          },
          "description": "the number of nanoseconds it took to evaluate all constraints for a template"
        },
        {
          "name": "constraintCount",
          "value": 1,
          "source": {
            "type": "engine",
            "value": "Rego"
          },
          "description": "the number of constraints that were evaluated for the given constraint kind"
        }
      ],
      "labels": [
        {
          "name": "TracingEnabled",
          "value": false
        },
        {
          "name": "PrintEnabled",
          "value": false
        },
        {
          "name": "target",
          "value": "admission.k8s.gatekeeper.sh"
        }
      ]
    }
  ]
}
  • audit from cache
{
  "level": "info",
  "ts": 1683671032.5509458,
  "logger": "controller",
  "msg": "audit from cache review request stats",
  "process": "audit",
  "audit_id": "2023-05-09T22:23:52Z",
  "execution_stats": [
    {
      "scope": "template",
      "statsFor": "K8sRequiredLabels",
      "stats": [
        {
          "name": "templateRunTimeNS",
          "value": 240380,
          "source": {
            "type": "engine",
            "value": "Rego"
          },
          "description": "the number of nanoseconds it took to evaluate all constraints for a template"
        },
        {
          "name": "constraintCount",
          "value": 1,
          "source": {
            "type": "engine",
            "value": "Rego"
          },
          "description": "the number of constraints that were evaluated for the given constraint kind"
        }
      ],
      "labels": [
        {
          "name": "TracingEnabled",
          "value": false
        },
        {
          "name": "PrintEnabled",
          "value": false
        },
        {
          "name": "target",
          "value": "admission.k8s.gatekeeper.sh"
        }
      ]
    }
  ]
}
  • webhook
{
  "level": "info",
  "ts": 1683692576.9093642,
  "logger": "webhook",
  "msg": "admission review request stats",
  "hookType": "validation",
  "process": "admission",
  "event_type": "review_response_stats",
  "resource_group": "",
  "resource_api_version": "v1",
  "resource_kind": "Namespace",
  "resource_namespace": "",
  "request_username": "kubernetes-admin",
  "execution_stats": [
    {
      "scope": "template",
      "statsFor": "K8sRequiredLabels",
      "stats": [
        {
          "name": "templateRunTimeNS",
          "value": 762561,
          "source": {
            "type": "engine",
            "value": "Rego"
          },
          "description": "the number of nanoseconds it took to evaluate all constraints for a template"
        },
        {
          "name": "constraintCount",
          "value": 1,
          "source": {
            "type": "engine",
            "value": "Rego"
          },
          "description": "the number of constraints that were evaluated for the given constraint kind"
        }
      ],
      "labels": [
        {
          "name": "TracingEnabled",
          "value": false
        },
        {
          "name": "PrintEnabled",
          "value": false
        },
        {
          "name": "target",
          "value": "admission.k8s.gatekeeper.sh"
        }
      ]
    }
  ]
}

@acpana
activate stats when flag on
25cd400 
Signed-off-by: Alex Pana <8968914+acpana@users.noreply.github.com>
@acpana acpana requested review from maxsmythe and sozercan May 10, 2023 04:40
@codecov-commenter
Copy link

codecov-commenter commented May 10, 2023
edited

Codecov Report

Patch coverage: 20.00% and project coverage change: +0.03 🎉

Comparison is base (e59ae18) 53.17% compared to head (dc33fa5) 53.21%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2749      +/-   ##
==========================================
+ Coverage   53.17%   53.21%   +0.03%     
==========================================
  Files         126      126              
  Lines       11294    11295       +1     
==========================================
+ Hits         6006     6011       +5     
+ Misses       4814     4812       -2     
+ Partials      474      472       -2
Flag Coverage Δ
unittests 53.21% <20.00%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/audit/manager.go 10.05% <0.00%> (-0.02%) ⬇️
pkg/webhook/policy.go 36.53% <100.00%> (ø)

... and 3 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

sozercan
sozercan approved these changes May 10, 2023
View reviewed changes
Copy link
Member

@sozercan sozercan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

maxsmythe
maxsmythe approved these changes May 10, 2023
View reviewed changes
Copy link
Contributor

@maxsmythe maxsmythe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, adding an event_type tag/value to the log output could also make these lines more filterable.

@acpana
Copy link
Contributor Author

acpana commented May 10, 2023

@maxsmythe there is an event type on the webhook "event_type": "review_response_stats", but not on the audit log lines. I can add those in a follow up or with the docs.

@acpana acpana merged commit b0e9f5a into open-policy-agent:master May 10, 2023
14 checks passed
@acpana acpana mentioned this pull request May 16, 2023
Merged
anlandu pushed a commit to anlandu/gatekeeper that referenced this pull request May 19, 2023
@acpana @maxsmythe @anlandu
feat: activate stats when flag is on in audit, webhook (open-policy-a…
71ac93e 
…gent#2749)

Signed-off-by: Alex Pana <8968914+acpana@users.noreply.github.com>
Co-authored-by: Max Smythe <smythe@google.com>
Signed-off-by: Anlan Du <adu47249@gmail.com>
@ritazh ritazh added this to the v3.13.0 milestone Jul 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sozercan sozercan sozercan approved these changes

@maxsmythe maxsmythe maxsmythe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.13.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@acpana @codecov-commenter @sozercan @maxsmythe @ritazh