Source file src/k8s.io/kubernetes/pkg/kubelet/volumemanager/cache/desired_state_of_wold_selinux_metrics.go

Documentation: k8s.io/kubernetes/pkg/kubelet/volumemanager/cache

     1  /*
     2  Copyright 2022 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package cache
    18  
    19  import (
    20  	"sync"
    21  
    22  	compbasemetrics "k8s.io/component-base/metrics"
    23  	"k8s.io/component-base/metrics/legacyregistry"
    24  )
    25  
    26  var (
    27  	// TODO: add plugin name + access mode labels to all these metrics
    28  	seLinuxContainerContextErrors = compbasemetrics.NewGaugeVec(
    29  		&compbasemetrics.GaugeOpts{
    30  			Name:           "volume_manager_selinux_container_errors_total",
    31  			Help:           "Number of errors when kubelet cannot compute SELinux context for a container. Kubelet can't start such a Pod then and it will retry, therefore value of this metric may not represent the actual nr. of containers.",
    32  			StabilityLevel: compbasemetrics.ALPHA,
    33  		},
    34  		[]string{"access_mode"},
    35  	)
    36  	seLinuxContainerContextWarnings = compbasemetrics.NewGaugeVec(
    37  		&compbasemetrics.GaugeOpts{
    38  			Name:           "volume_manager_selinux_container_warnings_total",
    39  			StabilityLevel: compbasemetrics.ALPHA,
    40  			Help:           "Number of errors when kubelet cannot compute SELinux context for a container that are ignored. They will become real errors when SELinuxMountReadWriteOncePod feature is expanded to all volume access modes.",
    41  		},
    42  		[]string{"access_mode"},
    43  	)
    44  	seLinuxPodContextMismatchErrors = compbasemetrics.NewGaugeVec(
    45  		&compbasemetrics.GaugeOpts{
    46  			Name:           "volume_manager_selinux_pod_context_mismatch_errors_total",
    47  			Help:           "Number of errors when a Pod defines different SELinux contexts for its containers that use the same volume. Kubelet can't start such a Pod then and it will retry, therefore value of this metric may not represent the actual nr. of Pods.",
    48  			StabilityLevel: compbasemetrics.ALPHA,
    49  		},
    50  		[]string{"access_mode"},
    51  	)
    52  	seLinuxPodContextMismatchWarnings = compbasemetrics.NewGaugeVec(
    53  		&compbasemetrics.GaugeOpts{
    54  			Name:           "volume_manager_selinux_pod_context_mismatch_warnings_total",
    55  			Help:           "Number of errors when a Pod defines different SELinux contexts for its containers that use the same volume. They are not errors yet, but they will become real errors when SELinuxMountReadWriteOncePod feature is expanded to all volume access modes.",
    56  			StabilityLevel: compbasemetrics.ALPHA,
    57  		},
    58  		[]string{"access_mode"},
    59  	)
    60  	seLinuxVolumeContextMismatchErrors = compbasemetrics.NewGaugeVec(
    61  		&compbasemetrics.GaugeOpts{
    62  			Name:           "volume_manager_selinux_volume_context_mismatch_errors_total",
    63  			Help:           "Number of errors when a Pod uses a volume that is already mounted with a different SELinux context than the Pod needs. Kubelet can't start such a Pod then and it will retry, therefore value of this metric may not represent the actual nr. of Pods.",
    64  			StabilityLevel: compbasemetrics.ALPHA,
    65  		},
    66  		[]string{"volume_plugin", "access_mode"},
    67  	)
    68  	seLinuxVolumeContextMismatchWarnings = compbasemetrics.NewGaugeVec(
    69  		&compbasemetrics.GaugeOpts{
    70  			Name:           "volume_manager_selinux_volume_context_mismatch_warnings_total",
    71  			Help:           "Number of errors when a Pod uses a volume that is already mounted with a different SELinux context than the Pod needs. They are not errors yet, but they will become real errors when SELinuxMountReadWriteOncePod feature is expanded to all volume access modes.",
    72  			StabilityLevel: compbasemetrics.ALPHA,
    73  		},
    74  		[]string{"volume_plugin", "access_mode"},
    75  	)
    76  	seLinuxVolumesAdmitted = compbasemetrics.NewGaugeVec(
    77  		&compbasemetrics.GaugeOpts{
    78  			Name:           "volume_manager_selinux_volumes_admitted_total",
    79  			Help:           "Number of volumes whose SELinux context was fine and will be mounted with mount -o context option.",
    80  			StabilityLevel: compbasemetrics.ALPHA,
    81  		},
    82  		[]string{"volume_plugin", "access_mode"},
    83  	)
    84  
    85  	registerMetrics sync.Once
    86  )
    87  
    88  func registerSELinuxMetrics() {
    89  	registerMetrics.Do(func() {
    90  		legacyregistry.MustRegister(seLinuxContainerContextErrors)
    91  		legacyregistry.MustRegister(seLinuxContainerContextWarnings)
    92  		legacyregistry.MustRegister(seLinuxPodContextMismatchErrors)
    93  		legacyregistry.MustRegister(seLinuxPodContextMismatchWarnings)
    94  		legacyregistry.MustRegister(seLinuxVolumeContextMismatchErrors)
    95  		legacyregistry.MustRegister(seLinuxVolumeContextMismatchWarnings)
    96  		legacyregistry.MustRegister(seLinuxVolumesAdmitted)
    97  	})
    98  }
    99  

View as plain text