Merge pull request #2298 from jrcichra/kube_secret_owner

feat: add kube_secret_owner metric
kubernetes · Feb 25, 2024 · c92541d · c92541d
2 parents a1329c1 + 01507af
commit c92541d
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 3 deletions.
diff --git a/docs/secret-metrics.md b/docs/secret-metrics.md
@@ -8,3 +8,4 @@
 | kube_secret_labels                    | Gauge       | Kubernetes labels converted to Prometheus labels controlled via [--metric-labels-allowlist](./cli-arguments.md)           | `secret`=&lt;secret-name&gt; <br> `namespace`=&lt;secret-namespace&gt; <br> `label_SECRET_LABEL`=&lt;SECRET_LABEL&gt;                 | STABLE       |
 | kube_secret_created                   | Gauge       |                                                                                                                           | `secret`=&lt;secret-name&gt; <br> `namespace`=&lt;secret-namespace&gt;                                                                | STABLE       |
 | kube_secret_metadata_resource_version | Gauge       |                                                                                                                           | `secret`=&lt;secret-name&gt; <br> `namespace`=&lt;secret-namespace&gt;                                                                | EXPERIMENTAL |
+| kube_secret_owner                         | Gauge       |                                                                                                                           | `secret`=&lt;secret-name&gt; <br> `namespace`=&lt;secret-namespace&gt; <br> `owner_kind`=&lt;owner kind&gt; <br> `owner_name`=&lt;owner name&gt; <br> `owner_is_controller`=&lt;whether owner is controller&gt; | EXPERIMENTAL |
diff --git a/internal/store/secret.go b/internal/store/secret.go
@@ -18,6 +18,7 @@ package store
 
 import (
 	"context"
+	"strconv"
 
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -153,6 +154,52 @@ func secretMetricFamilies(allowAnnotationsList, allowLabelsList []string) []gene
 				}
 			}),
 		),
+		*generator.NewFamilyGeneratorWithStability(
+			"kube_secret_owner",
+			"Information about the Secret's owner.",
+			metric.Gauge,
+			basemetrics.ALPHA,
+			"",
+			wrapSecretFunc(func(j *v1.Secret) *metric.Family {
+				labelKeys := []string{"owner_kind", "owner_name", "owner_is_controller"}
+
+				owners := j.GetOwnerReferences()
+
+				if len(owners) == 0 {
+					return &metric.Family{
+						Metrics: []*metric.Metric{
+							{
+								LabelKeys:   labelKeys,
+								LabelValues: []string{"", "", ""},
+								Value:       1,
+							},
+						},
+					}
+				}
+
+				ms := make([]*metric.Metric, len(owners))
+
+				for i, owner := range owners {
+					if owner.Controller != nil {
+						ms[i] = &metric.Metric{
+							LabelKeys:   labelKeys,
+							LabelValues: []string{owner.Kind, owner.Name, strconv.FormatBool(*owner.Controller)},
+							Value:       1,
+						}
+					} else {
+						ms[i] = &metric.Metric{
+							LabelKeys:   labelKeys,
+							LabelValues: []string{owner.Kind, owner.Name, "false"},
+							Value:       1,
+						}
+					}
+				}
+
+				return &metric.Family{
+					Metrics: ms,
+				}
+			}),
+		),
 	}
 
 }

diff --git a/internal/store/secret_test.go b/internal/store/secret_test.go
@@ -26,6 +26,7 @@ import (
 )
 
 func TestSecretStore(t *testing.T) {
+	var test = true
 	startTime := 1501569018
 	metav1StartTime := metav1.Unix(int64(startTime), 0)
 	cases := []generateMetricsTestCase{
@@ -43,17 +44,20 @@ func TestSecretStore(t *testing.T) {
 				# HELP kube_secret_info [STABLE] Information about secret.
 				# HELP kube_secret_labels [STABLE] Kubernetes labels converted to Prometheus labels.
 				# HELP kube_secret_metadata_resource_version Resource version representing a specific version of secret.
+				# HELP kube_secret_owner Information about the Secret's owner.
 				# HELP kube_secret_type [STABLE] Type about secret.
 				# TYPE kube_secret_created gauge
 				# TYPE kube_secret_info gauge
 				# TYPE kube_secret_labels gauge
 				# TYPE kube_secret_metadata_resource_version gauge
+				# TYPE kube_secret_owner gauge
 				# TYPE kube_secret_type gauge
 				kube_secret_info{namespace="ns1",secret="secret1"} 1
+				kube_secret_owner{namespace="ns1",owner_is_controller="",owner_kind="",owner_name="",secret="secret1"} 1
 				kube_secret_type{namespace="ns1",secret="secret1",type="Opaque"} 1
 				kube_secret_metadata_resource_version{namespace="ns1",secret="secret1"} 0
 `,
-			MetricNames: []string{"kube_secret_info", "kube_secret_metadata_resource_version", "kube_secret_created", "kube_secret_labels", "kube_secret_type"},
+			MetricNames: []string{"kube_secret_info", "kube_secret_metadata_resource_version", "kube_secret_created", "kube_secret_labels", "kube_secret_type", "kube_secret_owner"},
 		},
 		{
 			Obj: &v1.Secret{
@@ -70,17 +74,20 @@ func TestSecretStore(t *testing.T) {
 				# HELP kube_secret_info [STABLE] Information about secret.
 				# HELP kube_secret_labels [STABLE] Kubernetes labels converted to Prometheus labels.
 				# HELP kube_secret_metadata_resource_version Resource version representing a specific version of secret.
+				# HELP kube_secret_owner Information about the Secret's owner.
 				# HELP kube_secret_type [STABLE] Type about secret.
 				# TYPE kube_secret_created gauge
 				# TYPE kube_secret_info gauge
 				# TYPE kube_secret_labels gauge
 				# TYPE kube_secret_metadata_resource_version gauge
+				# TYPE kube_secret_owner gauge
 				# TYPE kube_secret_type gauge
 				kube_secret_info{namespace="ns2",secret="secret2"} 1
+				kube_secret_owner{namespace="ns2",owner_is_controller="",owner_kind="",owner_name="",secret="secret2"} 1
 				kube_secret_type{namespace="ns2",secret="secret2",type="kubernetes.io/service-account-token"} 1
 				kube_secret_created{namespace="ns2",secret="secret2"} 1.501569018e+09
 				`,
-			MetricNames: []string{"kube_secret_info", "kube_secret_metadata_resource_version", "kube_secret_created", "kube_secret_labels", "kube_secret_type"},
+			MetricNames: []string{"kube_secret_info", "kube_secret_metadata_resource_version", "kube_secret_created", "kube_secret_labels", "kube_secret_type", "kube_secret_owner"},
 		},
 		{
 			Obj: &v1.Secret{
@@ -98,18 +105,60 @@ func TestSecretStore(t *testing.T) {
 				# HELP kube_secret_info [STABLE] Information about secret.
 				# HELP kube_secret_labels [STABLE] Kubernetes labels converted to Prometheus labels.
 				# HELP kube_secret_metadata_resource_version Resource version representing a specific version of secret.
+				# HELP kube_secret_owner Information about the Secret's owner.
 				# HELP kube_secret_type [STABLE] Type about secret.
 				# TYPE kube_secret_created gauge
 				# TYPE kube_secret_info gauge
 				# TYPE kube_secret_labels gauge
 				# TYPE kube_secret_metadata_resource_version gauge
+				# TYPE kube_secret_owner gauge
 				# TYPE kube_secret_type gauge
 				kube_secret_info{namespace="ns3",secret="secret3"} 1
+				kube_secret_owner{namespace="ns3",owner_is_controller="",owner_kind="",owner_name="",secret="secret3"} 1
 				kube_secret_type{namespace="ns3",secret="secret3",type="kubernetes.io/dockercfg"} 1
 				kube_secret_created{namespace="ns3",secret="secret3"} 1.501569018e+09
 				kube_secret_metadata_resource_version{namespace="ns3",secret="secret3"} 0
 `,
-			MetricNames: []string{"kube_secret_info", "kube_secret_metadata_resource_version", "kube_secret_created", "kube_secret_labels", "kube_secret_type"},
+			MetricNames: []string{"kube_secret_info", "kube_secret_metadata_resource_version", "kube_secret_created", "kube_secret_labels", "kube_secret_type", "kube_secret_owner"},
+		},
+		{
+			Obj: &v1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:              "secret4",
+					Namespace:         "ns4",
+					CreationTimestamp: metav1StartTime,
+					Labels:            map[string]string{"test-4": "test-4"},
+					ResourceVersion:   "0",
+					OwnerReferences: []metav1.OwnerReference{
+						{
+							Name:       "managed-secret4",
+							Kind:       "ManagedSecret",
+							Controller: &test,
+						},
+					},
+				},
+				Type: v1.SecretTypeOpaque,
+			},
+			Want: `
+				# HELP kube_secret_created [STABLE] Unix creation timestamp
+				# HELP kube_secret_info [STABLE] Information about secret.
+				# HELP kube_secret_labels [STABLE] Kubernetes labels converted to Prometheus labels.
+				# HELP kube_secret_metadata_resource_version Resource version representing a specific version of secret.
+				# HELP kube_secret_owner Information about the Secret's owner.
+				# HELP kube_secret_type [STABLE] Type about secret.
+				# TYPE kube_secret_created gauge
+				# TYPE kube_secret_info gauge
+				# TYPE kube_secret_labels gauge
+				# TYPE kube_secret_metadata_resource_version gauge
+				# TYPE kube_secret_owner gauge
+				# TYPE kube_secret_type gauge
+				kube_secret_info{namespace="ns4",secret="secret4"} 1
+				kube_secret_owner{namespace="ns4",owner_is_controller="true",owner_kind="ManagedSecret",owner_name="managed-secret4",secret="secret4"} 1
+				kube_secret_type{namespace="ns4",secret="secret4",type="Opaque"} 1
+				kube_secret_created{namespace="ns4",secret="secret4"} 1.501569018e+09
+				kube_secret_metadata_resource_version{namespace="ns4",secret="secret4"} 0
+`,
+			MetricNames: []string{"kube_secret_info", "kube_secret_metadata_resource_version", "kube_secret_created", "kube_secret_labels", "kube_secret_type", "kube_secret_owner"},
 		},
 	}
 	for i, c := range cases {