Merge pull request #1403 from Mikulas/label-allow-list-any

Add wildcard option to metric-labels-allowlist

docs/cli-arguments.md

@@ -39,7 +39,7 @@ Usage of ./kube-state-metrics:
       --logtostderr                      log to standard error instead of files (default true)
       --metric-allowlist string          Comma-separated list of metrics to be exposed. This list comprises of exact metric names and/or regex patterns. The allowlist and denylist are mutually exclusive.
       --metric-denylist string           Comma-separated list of metrics not to be enabled. This list comprises of exact metric names and/or regex patterns. The allowlist and denylist are mutually exclusive.
-      --metric-labels-allowlist string   Comma-separated list of additional Kubernetes label keys that will be used in the resource' labels metric. By default the metric contains only name and namespace labels. To include additional labels provide a list of resource names in their plural form and Kubernetes label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'
+      --metric-labels-allowlist string   Comma-separated list of additional Kubernetes label keys that will be used in the resource' labels metric. By default the metric contains only name and namespace labels. To include additional labels provide a list of resource names in their plural form and Kubernetes label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. A single '*' can be provided per resource instead to allow any labels, but that has severe performance implications (Example: '=pods=[*]').
       --namespaces string                Comma-separated list of namespaces to be enabled. Defaults to ""
       --one_output                       If true, only write logs to their native severity level (vs also writing to each lower severity level)
       --pod string                       Name of the pod that contains the kube-state-metrics container. When set, it is expected that --pod and --pod-namespace are both set. Most likely this should be passed via the downward API. This is used for auto-detecting sharding. If set, this has preference over statically configured sharding. This is experimental, it may be removed without notice.

internal/store/pod_test.go

@@ -25,6 +25,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	generator "k8s.io/kube-state-metrics/v2/pkg/metric_generator"
+	"k8s.io/kube-state-metrics/v2/pkg/options"
 )
 
 func TestPodStore(t *testing.T) {
@@ -1492,11 +1493,55 @@ func TestPodStore(t *testing.T) {
 				"kube_pod_runtimeclass_name_info",
 			},
 		},
+		{
+			Obj: &v1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "pod1",
+					Namespace: "ns1",
+					UID:       "uid1",
+					Labels: map[string]string{
+						"app": "example",
+					},
+				},
+				Spec: v1.PodSpec{},
+			},
+			AllowLabelsList: []string{"wildcard-not-first", options.LabelWildcard},
+			Want: `
+				# HELP kube_pod_labels Kubernetes labels converted to Prometheus labels.
+				# TYPE kube_pod_labels gauge
+				kube_pod_labels{namespace="ns1",pod="pod1",uid="uid1"} 1
+		`,
+			MetricNames: []string{
+				"kube_pod_labels",
+			},
+		},
+		{
+			Obj: &v1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "pod1",
+					Namespace: "ns1",
+					UID:       "uid1",
+					Labels: map[string]string{
+						"app": "example",
+					},
+				},
+				Spec: v1.PodSpec{},
+			},
+			AllowLabelsList: []string{options.LabelWildcard},
+			Want: `
+				# HELP kube_pod_labels Kubernetes labels converted to Prometheus labels.
+				# TYPE kube_pod_labels gauge
+				kube_pod_labels{label_app="example",namespace="ns1",pod="pod1",uid="uid1"} 1
+		`,
+			MetricNames: []string{
+				"kube_pod_labels",
+			},
+		},
 	}
 
 	for i, c := range cases {
-		c.Func = generator.ComposeMetricGenFuncs(podMetricFamilies(nil))
-		c.Headers = generator.ExtractMetricFamilyHeaders(podMetricFamilies(nil))
+		c.Func = generator.ComposeMetricGenFuncs(podMetricFamilies(c.AllowLabelsList))
+		c.Headers = generator.ExtractMetricFamilyHeaders(podMetricFamilies(c.AllowLabelsList))
 		if err := c.run(); err != nil {
 			t.Errorf("unexpected collecting result in %vth run:\n%s", i, err)
 		}

internal/store/testutils.go

@@ -30,11 +30,12 @@ import (
 )
 
 type generateMetricsTestCase struct {
-	Obj         interface{}
-	MetricNames []string
-	Want        string
-	Headers     []string
-	Func        func(interface{}) []metric.FamilyInterface
+	Obj             interface{}
+	MetricNames     []string
+	AllowLabelsList []string
+	Want            string
+	Headers         []string
+	Func            func(interface{}) []metric.FamilyInterface
 }
 
 func (testCase *generateMetricsTestCase) run() error {

internal/store/utils.go

@@ -27,6 +27,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/validation"
 
 	"k8s.io/kube-state-metrics/v2/pkg/metric"
+	"k8s.io/kube-state-metrics/v2/pkg/options"
 )
 
 var (
@@ -177,6 +178,10 @@ func createLabelKeysValues(allKubeLabels map[string]string, allowList []string)
 	allowedKubeLabels := make(map[string]string)
 
 	if len(allowList) > 0 {
+		if allowList[0] == options.LabelWildcard {
+			return kubeLabelsToPrometheusLabels(allKubeLabels)
+		}
+
 		for _, l := range allowList {
 			v, found := allKubeLabels[l]
 			if found {

pkg/options/options.go

@@ -90,8 +90,7 @@ func (o *Options) AddFlags() {
 	o.flags.Var(&o.Namespaces, "namespaces", fmt.Sprintf("Comma-separated list of namespaces to be enabled. Defaults to %q", &DefaultNamespaces))
 	o.flags.Var(&o.MetricAllowlist, "metric-allowlist", "Comma-separated list of metrics to be exposed. This list comprises of exact metric names and/or regex patterns. The allowlist and denylist are mutually exclusive.")
 	o.flags.Var(&o.MetricDenylist, "metric-denylist", "Comma-separated list of metrics not to be enabled. This list comprises of exact metric names and/or regex patterns. The allowlist and denylist are mutually exclusive.")
-	o.flags.Var(&o.LabelsAllowList, "metric-labels-allowlist", "Comma-separated list of additional Kubernetes label keys that will be used in the resource' labels metric. By default the metric contains only name and namespace labels. To include additional labels provide a list of resource names in their plural form and Kubernetes label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'")
-
+	o.flags.Var(&o.LabelsAllowList, "metric-labels-allowlist", "Comma-separated list of additional Kubernetes label keys that will be used in the resource' labels metric. By default the metric contains only name and namespace labels. To include additional labels provide a list of resource names in their plural form and Kubernetes label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. A single '*' can be provided per resource instead to allow any labels, but that has severe performance implications (Example: '=pods=[*]').")
 	o.flags.Int32Var(&o.Shard, "shard", int32(0), "The instances shard nominal (zero indexed) within the total number of shards. (default 0)")
 	o.flags.IntVar(&o.TotalShards, "total-shards", 1, "The total number of shards. Sharding is disabled when total shards is set to 1.")
 

pkg/options/types.go

@@ -130,6 +130,9 @@ func (n *NamespaceList) Type() string {
 	return "string"
 }
 
+// LabelWildcard allowlists any label
+const LabelWildcard = "*"
+
 // LabelsAllowList represents a list of allowed labels for metrics.
 type LabelsAllowList map[string][]string
 

pkg/options/types_test.go

@@ -187,6 +187,21 @@ func TestLabelsAllowListSet(t *testing.T) {
 				},
 				"pods": {}}),
 		},
+		{
+			Desc:  "with wildcard",
+			Value: "cronjobs=[*],pods=[*,foo],namespaces=[bar,*]",
+			Wanted: LabelsAllowList(map[string][]string{
+				"cronjobs": {
+					"*",
+				},
+				"pods": {
+					"*",
+					"foo",
+				},
+				"namespaces": {
+					"bar",
+					"*"}}),
+		},
 	}
 
 	for _, test := range tests {