From 6feacec60f1d3fc6a580014a86123a6faa8b7b88 Mon Sep 17 00:00:00 2001
From: Anna Kapuscinska <anna@isovalent.com>
Date: Fri, 9 Aug 2024 02:19:20 +0100
Subject: [PATCH 1/2] policyfiltermetrics: Use pkg/metrics helpers to define
 metrics

This lets us constrain label values (preventing growing cardinality) and drop
the explicit initialization function.

Signed-off-by: Anna Kapuscinska <anna@isovalent.com>
---
 go.mod                                        |  2 +-
 .../policyfiltermetrics.go                    | 41 ++++++++++---------
 pkg/metricsconfig/healthmetrics.go            |  1 -
 3 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/go.mod b/go.mod
index 1fad6f0d1a8..231da01e66d 100644
--- a/go.mod
+++ b/go.mod
@@ -39,6 +39,7 @@ require (
 	github.com/vishvananda/netlink v1.2.1-beta.2.0.20240524165444-4d4ba1473f21
 	go.uber.org/atomic v1.11.0
 	go.uber.org/multierr v1.11.0
+	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb
 	golang.org/x/sync v0.8.0
 	golang.org/x/sys v0.22.0
 	golang.org/x/time v0.6.0
@@ -177,7 +178,6 @@ require (
 	go.uber.org/dig v1.17.1 // indirect
 	go.uber.org/zap v1.26.0 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
-	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect
 	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.20.0 // indirect
diff --git a/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go b/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go
index d06c4151323..9e3c5350f1e 100644
--- a/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go
+++ b/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go
@@ -4,6 +4,8 @@
 package policyfiltermetrics
 
 import (
+	"golang.org/x/exp/maps"
+
 	"github.com/cilium/tetragon/pkg/metrics"
 	"github.com/cilium/tetragon/pkg/metrics/consts"
 	"github.com/prometheus/client_golang/prometheus"
@@ -64,15 +66,29 @@ func (s OperationErr) String() string {
 }
 
 var (
-	PolicyFilterOpMetrics = prometheus.NewCounterVec(prometheus.CounterOpts{
-		Namespace:   consts.MetricsNamespace,
-		Name:        "policyfilter_metrics_total",
-		Help:        "Policy filter metrics. For internal use only.",
-		ConstLabels: nil,
-	}, []string{"subsys", "op", "error"})
+	subsysLabel = metrics.ConstrainedLabel{
+		Name:   "subsys",
+		Values: maps.Values(subsysLabelValues),
+	}
+
+	operationLabel = metrics.ConstrainedLabel{
+		Name:   "op",
+		Values: maps.Values(operationLabelValues),
+	}
+
+	errorLabel = metrics.ConstrainedLabel{
+		Name:   "error",
+		Values: maps.Values(operationErrLabels),
+	}
 )
 
 var (
+	PolicyFilterOpMetrics = metrics.MustNewCounter(metrics.NewOpts(
+		consts.MetricsNamespace, "", "policyfilter_metrics_total",
+		"Policy filter metrics. For internal use only.",
+		nil, []metrics.ConstrainedLabel{subsysLabel, operationLabel, errorLabel}, nil,
+	), nil)
+
 	PolicyFilterHookContainerNameMissingMetrics = prometheus.NewCounter(prometheus.CounterOpts{
 		Namespace:   consts.MetricsNamespace,
 		Name:        "policyfilter_hook_container_name_missing_total",
@@ -85,19 +101,6 @@ func RegisterMetrics(group metrics.Group) {
 	group.MustRegister(PolicyFilterOpMetrics, PolicyFilterHookContainerNameMissingMetrics)
 }
 
-func InitMetrics() {
-	// Initialize metrics with labels
-	for _, subsys := range subsysLabelValues {
-		for _, op := range operationLabelValues {
-			for _, err := range operationErrLabels {
-				PolicyFilterOpMetrics.WithLabelValues(
-					subsys, op, err,
-				).Add(0)
-			}
-		}
-	}
-}
-
 func OpInc(subsys Subsys, op Operation, err string) {
 	PolicyFilterOpMetrics.WithLabelValues(subsys.String(), op.String(), err).Inc()
 }
diff --git a/pkg/metricsconfig/healthmetrics.go b/pkg/metricsconfig/healthmetrics.go
index 70182dc5fc4..17ba97ead91 100644
--- a/pkg/metricsconfig/healthmetrics.go
+++ b/pkg/metricsconfig/healthmetrics.go
@@ -73,7 +73,6 @@ func registerHealthMetrics(group metrics.Group) {
 	group.ExtendInit(opcodemetrics.InitMetrics)
 	// policy filter metrics
 	policyfiltermetrics.RegisterMetrics(group)
-	group.ExtendInit(policyfiltermetrics.InitMetrics)
 	// process metrics
 	process.RegisterMetrics(group)
 	// ringbuf metrics

From 9a0024a93f7e4513e6ac1eda558fcd5f7a57026c Mon Sep 17 00:00:00 2001
From: Anna Kapuscinska <anna@isovalent.com>
Date: Fri, 9 Aug 2024 03:26:19 +0100
Subject: [PATCH 2/2] policyfiltermetrics: Rename metrics

Rename `tetragon_policyfilter_metrics_total` metric to
`tetragon_policyfilter_operations_total`, and its `op` label to `operation` (to
prevent confusion with ops.OpCode).

Signed-off-by: Anna Kapuscinska <anna@isovalent.com>
---
 contrib/upgrade-notes/latest.md                        | 3 ++-
 docs/content/en/docs/reference/metrics.md              | 6 +++---
 pkg/metrics/policyfiltermetrics/policyfiltermetrics.go | 6 +++---
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/contrib/upgrade-notes/latest.md b/contrib/upgrade-notes/latest.md
index 2c961d9ce4d..ae5f0934ac9 100644
--- a/contrib/upgrade-notes/latest.md
+++ b/contrib/upgrade-notes/latest.md
@@ -44,4 +44,5 @@ tetragon:
 
 #### Metrics
 
-* TBD
+* `tetragon_policyfilter_metrics_total` metric is renamed to `tetragon_policyfilter_operations_total`, and its `op`
+  label is renamed to `operation`.
diff --git a/docs/content/en/docs/reference/metrics.md b/docs/content/en/docs/reference/metrics.md
index f9d49d54a09..8672a356b83 100644
--- a/docs/content/en/docs/reference/metrics.md
+++ b/docs/content/en/docs/reference/metrics.md
@@ -215,14 +215,14 @@ The total number of events dropped because listener buffer was full
 
 The total number of operations when the container name was missing in the OCI hook
 
-### `tetragon_policyfilter_metrics_total`
+### `tetragon_policyfilter_operations_total`
 
-Policy filter metrics. For internal use only.
+Number of policy filter operations.
 
 | label | values |
 | ----- | ------ |
 | `error` | `generic-error, pod-namespace-conflict` |
-| `op   ` | `add, add-container, delete, update` |
+| `operation` | `add, add-container, delete, update` |
 | `subsys` | `pod-handlers, rthooks` |
 
 ### `tetragon_process_cache_capacity`
diff --git a/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go b/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go
index 9e3c5350f1e..39c005eb2b9 100644
--- a/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go
+++ b/pkg/metrics/policyfiltermetrics/policyfiltermetrics.go
@@ -72,7 +72,7 @@ var (
 	}
 
 	operationLabel = metrics.ConstrainedLabel{
-		Name:   "op",
+		Name:   "operation",
 		Values: maps.Values(operationLabelValues),
 	}
 
@@ -84,8 +84,8 @@ var (
 
 var (
 	PolicyFilterOpMetrics = metrics.MustNewCounter(metrics.NewOpts(
-		consts.MetricsNamespace, "", "policyfilter_metrics_total",
-		"Policy filter metrics. For internal use only.",
+		consts.MetricsNamespace, "", "policyfilter_operations_total",
+		"Number of policy filter operations.",
 		nil, []metrics.ConstrainedLabel{subsysLabel, operationLabel, errorLabel}, nil,
 	), nil)