Common stats reporting for validation and mutation

[mmirecki]

The PR is opened for discussion on this comment.

It extracts some common code for validation and mutation stats reporting.

Depends on #881

[codecov-io]

Codecov Report

Merging #976 (bba2dba) into master (d6c5389) will increase coverage by 0.49%.
The diff coverage is 70.83%.

@@            Coverage Diff             @@
##           master     #976      +/-   ##
==========================================
+ Coverage   46.70%   47.19%   +0.49%     
==========================================
  Files          62       62              
  Lines        3987     3994       +7     
==========================================
+ Hits         1862     1885      +23     
+ Misses       1879     1869      -10     
+ Partials      246      240       -6     

Flag	Coverage Δ
unittests	47.19% <70.83%> (+0.49%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/webhook/common.go	48.27% <ø> (ø)
pkg/webhook/mutation.go	17.52% <0.00%> (+0.17%)	⬆️
pkg/webhook/policy.go	24.32% <0.00%> (+0.13%)	⬆️
pkg/webhook/stats_reporter.go	86.20% <94.44%> (+2.53%)	⬆️
pkg/readiness/object_tracker.go	79.14% <0.00%> (+1.22%)	⬆️
...onstrainttemplate/constrainttemplate_controller.go	56.49% <0.00%> (+3.89%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d6c5389...bba2dba. Read the comment docs.

[maxsmythe]

added some thoughts. Adding @sozercan, as I know he is interested in metrics

[maxsmythe]

Will we also need error and success?

[mmirecki]

Done

[maxsmythe]

We should create a separate metric: mutation_request_count, the equivalent of request_count but for mutation.

Another option would be to add a separate tag, called "webhook" that returns either "mutation" or "validation"

The second is probably cleaner, the first is backwards-compatible.

[ritazh]

If we are considering changing at the risk of backward compatibility, I would vote for validating_request_count to replace request_count and validating_requestDurationMetricName to replace requestDurationMetricName. WDYT?

[maxsmythe]

It would probably be less painful for users if we kept request_count and all and added special mutation_ metric names if we go the two separate metrics route.

This is because users may have developed alerts and aggregation rules for prometheus that depend on the old metric names.

If we want to migrate, maybe we should have some sort of deprecation pathway?

[sozercan]

+1 on deprecation pathway if we are going to change names

should we publish all 3 (no prefix, validation and mutation) and then deprecate non prefix (which is same as validation)?

[maxsmythe]

That works for me

[ritazh]

+1 on 3 and deprecate request_count later

[mmirecki]

Added validation_request_count/ validation_request_duration_seconds
The validating webhook will now report both: here
Please confirm this is what we want.

[sozercan]

Added #1010 to track this

[shomron]

I'm late to this discussion but have just been going over the metrics code.
Backwards compatibility aside, I'm not sure separate metrics for separate webhooks is internally consistent. Controller-runtime already exposes a number of metrics for webhooks automatically, and they use labels for distinguishing between them:

# HELP controller_runtime_webhook_requests_in_flight Current number of admission requests being served.
# TYPE controller_runtime_webhook_requests_in_flight gauge
controller_runtime_webhook_requests_in_flight{webhook="/v1/admit"} 0
controller_runtime_webhook_requests_in_flight{webhook="/v1/admitlabel"} 0

Additionally, with a single metric it is easier to perform aggregation across all webhooks when desired.

Do we have a sense of how we want to consume these metrics and what kind of questions they will help answer? That might help understand the aggregation use case better.

[maxsmythe]

Per my original comment, I agree the extra label/tag solution is cleaner. I also don't see a downside internally as I don't think there is much difference between a new metric and a new tag. New tag may actually have slightly less overhead.

My biggest concern would be people who may have built up Prometheus alerts and/or aggregation rules around the metrics as they currently exist. Does adding data from mutation affect how they've tuned their alerts? What are the backwards compatibility expectations for metrics?

[ritazh]

+1 on exporting this function

[mmirecki]

Done

[maxsmythe]

IMO we should have left this as two different functions. My reasoning from a different comment:

We should collapse these into two functions:

ReportValidationRequest

and

ReportMutationRequest

That way we can do the fanout into two metrics internally in the metrics interface. That will make a future removal of the deprecated metric easier.

[mmirecki]

Moved back to having different functions for each.
Note that we have 3 functions now (once deprected)

[maxsmythe]

Can ReportValidationRequest() increment both the new and the deprecated metric? That would avoid code duplication.

Then once we deprecate the old metric we only need to remove the one line.

[maxsmythe]

I think the outccome looks basically right.

My biggest comment would be we should change the interface of the stats reporter to hide which metrics actually get reported from the webhook code.

[maxsmythe]

are we using the "skip" response?

[mmirecki]

Yes, here
We use it when skipping because of namespace exclusion

[maxsmythe]

thanks!

[sozercan]

LGTM

[maxsmythe]

nit: this looks like it can go away now that it's unused.

[mmirecki]

Done

[maxsmythe]

LGTM

[maxsmythe]

@sozercan Still LGTY after the changes?

[ritazh]

lgtm

[mmirecki]

Rebased on master