add prometheus metrics

[wweiwei-li]

Description

• metricAPIPermissionErrorsTotal
• metricAPILimitExceededTotal
• metricAPIThrottledTotal
• metricAPIValidationErrorTotal
• MetricControllerReconcileErrors tracks the total number of controller errors by error type.
• MetricControllerReconcileStageDuration tracks latencies of different reconcile stages.
• MetricWebhookValidationFailure tracks the total number of validation errors by error type.
• MetricWebhookMutationFailure tracks the total number of mutation errors by error type.
• MetricControllerCacheObjectCount tracks the total number of object in the controller runtime cache.
• MetricControllerTopTalker

Checklist

• Added tests that cover your change (if possible)
• Added/modified documentation as required (such as the README.md, or the docs directory)
• Manually tested
• Made sure the title of the PR is a good description that can go into the release notes

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

• Backfilled missing tests for code in same general area 🎉
• Refactored something and made the world a better place 🌟

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wweiwei-li

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [wweiwei-li]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[zac-nixon]

I don't think this works correctly. If the idea is to get the latency of the reconcile request, we need to get a timestamp at the start of the function. Currently, looking at the implementation of ObserveControllerReconcileLatency it will always report 0.

[wweiwei-li]

Yeah, it is not working correctly. My original plan was something like this. Would this make more sense ?

reconcileAddFinalizerStartTime := time.Now()
....
r.metricsCollector.ObserveControllerReconcileLatency("targetGroupBinding", "add finalizers", time.Since(econcileAddFinalizerStartTime))

reconcileUpdateStatusStartTime := time.Now()
.....

r.metricsCollector.ObserveControllerReconcileLatency("targetGroupBinding", "update status", time.Since(reconcileUpdateStatusStartTime))

[zac-nixon]

Your suggestion works but we can cut down on code duplication. I would suggest defining something like this:

func (mc *MetricsCollector) latencyHelper(resource string, step string, fn func()) {
	start := time.Now()
	defer mc.ObserveControllerReconcileLatency(resource, step, time.Now().Sub(start))
	fn()
}

Then you can call it like:

var err error
finalizerFn := func () {
   err = r.finalizerManager.AddFinalizers(ctx, tgb, targetGroupBindingFinalizer)
} 
r.metricsCollector.latencyHelper("targetGroupBinding", "add finalizers", finalizerFn)
... handle error here ...

Let me know what you think.

[zac-nixon]

I actually forgot about the quirk with using time.Now and deferred statements.

https://stackoverflow.com/questions/72965657/measure-elapsed-time-with-a-defer-statement-in-go

it's a small change to the example.

[zac-nixon]

Just so I'm clear, the idea is to provide more granular reconcile latency metrics than what is already provided the controller-runtime? Have you looked into what constructs the controller-runtime provides so we don't need to roll our own?

[wweiwei-li]

Yeah, the idea is to provide more granular reconcile latency metrics. I checked controller-runtime . It only provided end to end reconcile time.

[zac-nixon]

Why did you change this? The original goal of this implementation was to to avoid having to nil check when no metrics were requested.

[wweiwei-li]

I think that's because I saw awsMetricsCollector had the nil check, and I didn't see lbcmetrics.NewCollector() handle nil metrics.Registry internally. So have a feeling we need to apply the same nil check. Let me know if I am wrong

[zac-nixon]

We should continue setting lbcMetricsCollector. The factory knows whether or not the metric registry is nil. If it's nil, we return a no-op collector. If the metric registry is not nil, we return an actual collector. The users of the metrics collector don't need to know either way.

[zac-nixon]

This will currently cause a NPE if a registry is not defined.

[wweiwei-li]

Good catch, I will add check metrics.Registry

if metrics.Registry != nil {
		go func() {
			if err := lbcMetricsCollector.StartCollectCacheSize(ctx); err != nil {
				setupLog.Error(err, "problem periodically collect cache size")
				os.Exit(1)
			}
		}()
	}

[zac-nixon]

It might be useful to distinguish between ALB / NLB here.

[wweiwei-li]

yeah, agree, will update it to distinguish between ALB and NLB

[zac-nixon]

Instead of return an error here, it might be good to define a custom error struct that embeds the error message and various metric fields into the struct. The plus side here is that
1/ It's impossible to forget add new metrics for new fields.
2/ It's hopefully a little more readable.

LMK what you think.

[wweiwei-li]

Good point. I agree. will implement that

[zac-nixon]

nit: you define this same string map for every case.

[wweiwei-li]

will fix it

[zac-nixon]

Can you double check that the current metrics don't cover these cases? If they don't, it would be good to make these cases a little more generic. Right now, all the cases are tailored to ELB specific error codes.

[wweiwei-li]

Same here. I know we are able to derive this from current API metrics. However, I was thinking if we want some aggregated metrics for important errors we care ?

[zac-nixon]

Agreed. Sounds good.

[zac-nixon]

typo: remove that

[zac-nixon]

same for all these descriptions it looks like.

[wweiwei-li]

Good catch, will remove them

[zac-nixon]

can you collect the deferred target queue cache size too?

[wweiwei-li]

Sure, will add.

[zac-nixon]

We should make this a bit more generic as ultimately it's the same code block repeated. Basically defining a "collectable" resource map and then allowing the type to be passed in might work. Let's talk offline about how to make this more extendable.

[wweiwei-li]

Agree, "collectable" resource map makes sense. will update it

[zac-nixon]

This should be derivable from the buckets we've defined.

[wweiwei-li]

Are you saying the MetricPodReadinessGateFlipAbove60Seconds are redundant ? yeah, I know we are able to derive how many of them exceed 60s and 90s using PromQL. However, I was thinking we want to some direct metrics ?

[zac-nixon]

In this case I think we're just duplicating the bucketing function that Prometheus supports out of the box. If we want these 2 specific buckets, adding them to this vector makes more sense. https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/pkg/metrics/lbc/instruments.go#L32

[wweiwei-li]

Agree, I will remove MetricPodReadinessGateFlipAbove60Seconds metric and MetricPodReadinessGateFlipAbove90Seconds metric

[M00nF1sh]

have whitespaces in such "label" could cause issues when consuming those metrics in downstream services/code that cannot handle whitespace correctly.

maybe switch things like "add finalizers" to "add_finalizers". (make it a machine readable identifier)

[wweiwei-li]

Good point, will fix it

[M00nF1sh]

this defer r.metricsCollector.ObserveControllerReconcileLatency("targetGroupBinding", "add finalizers") won't work, it will always be 0. you need to return a anonymous function and call it in defer

[wweiwei-li]

Yeah, like Zac suggested above,

I will have

	var err error
	finalizerFn := func() {
		err = r.finalizerManager.AddFinalizers(ctx, tgb, targetGroupBindingFinalizer)
	}
	r.metricsCollector.ObserveControllerReconcileLatency("targetGroupBinding", "add_finalizers", finalizerFn)
	if err != nil {
		return err
	}

func (c *Collector) ObserveControllerReconcileLatency(controller string, stage string, fn func()) {
	start := time.Now()
	defer func() {
		c.instruments.controllerReconcileLatency.With(prometheus.Labels{
			labelController:     controller,
			labelReconcileStage: stage,
		}).Observe(time.Since(start).Seconds())
	}()
	fn()
}

[M00nF1sh]

this seems not work due to how defer works in golang.
ideally we should collect latency metrics spend for each task, instead of "latency spend since X stage".
There is a difference between

• latency spent on adding finalizers
• latency since adding finalizer to finish reconcile.

The first one is clearly the better option and allows us to monitor on

[wweiwei-li]

Agree, will collect latency spent on each task

[oliviassss]

nit: maybe to be consistent on using either Error or Errors for the metrics naming.

[wweiwei-li]

Good point, updated it to use Errors

[oliviassss]

do we only consider ELBv2 errors in this PR? how about other like EC2 API errors?

[wweiwei-li]

Yeah, this was only considered for ELB. I think EC2 API also matters. I can add some common errors based on https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html

[zac-nixon]

typo : blinding -> binding

[zac-nixon]

nice!

[zac-nixon]

Can you please define the resource as a const, it's re-used for every metric collection step. I think the step names are unique and don't need be consts.

[zac-nixon]

I believe you still need to propagate this error to the parent function. Right now, it will silently fail.

[zac-nixon]

same comment, when using this nested function approach we need to propagate the error to the parent function.

[zac-nixon]

please define ingress as a constant.

[zac-nixon]

same, please define service as a const.

[zac-nixon]

I'd prefer to just use the no-ops collector instead nil checking the registry. It makes the code easier to reason about.

[zac-nixon]

same here, let's just utilize the no-op implementation so we don't need nil checks.

[zac-nixon]

What startup error(s) do we expect here?