Skip to content

ROX-28151: Custom Prometheus metrics tracker runner#15745

Closed
parametalol wants to merge 8 commits intomichael/ROX-28151-trackerfrom
michael/ROX-28151-runner
Closed

ROX-28151: Custom Prometheus metrics tracker runner#15745
parametalol wants to merge 8 commits intomichael/ROX-28151-trackerfrom
michael/ROX-28151-runner

Conversation

@parametalol
Copy link
Copy Markdown
Contributor

@parametalol parametalol commented Jun 16, 2025
edited
Loading

Description

This PR enables the periodic metrics gathering, started from main. Adds support for dynamic reconfiguration via PUT /v1/config.

It also adds the now functional Image Vulnerabilities tracker with all necessary labels.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

Manual testing

Test configuration

    "prometheusMetricsConfig": {
      "imageVulnerabilities": {
        "gatheringPeriodMinutes": 15,
        "metrics": {
          "my_metric2": {
            "labels": {
              "CVSS": {
                "expression": []
              },
              "ImageRegistry": {
                "expression": []
              }
            },
            "exposure": "EXTERNAL",
            "registryName": "custom"
          },
          "my_metric_int": {
            "labels": {
              "Severity": {
                "expression": []
              }
            },
            "exposure": "INTERNAL",
            "registryName": ""
          }
        },
        "filter": ""
      }
    }

External endpoint

sh$ curl -k https://localhost:8000/metrics/custom -s -H "authorization: Bearer $ROX_API_TOKEN" | grep my_met | head
# HELP rox_central_my_metric2 The total number of aggregated CVEs aggregated by ImageRegistry,CVSS and gathered every 15m0s
# TYPE rox_central_my_metric2 gauge
rox_central_my_metric2{CVSS="0.0",ImageRegistry="us-east1-docker.pkg.dev"} 4
rox_central_my_metric2{CVSS="1.9",ImageRegistry="us-central1-docker.pkg.dev"} 1
rox_central_my_metric2{CVSS="10.0",ImageRegistry="docker.io"} 1
rox_central_my_metric2{CVSS="10.0",ImageRegistry="us-central1-docker.pkg.dev"} 10
...

Internal endpoint

sh$ curl -k http://localhost:9090/metrics -s | grep my_met
# HELP rox_central_my_metric_int The total number of aggregated CVEs aggregated by Severity and gathered every 15m0s
# TYPE rox_central_my_metric_int gauge
rox_central_my_metric_int{Severity="CRITICAL_VULNERABILITY_SEVERITY"} 410
rox_central_my_metric_int{Severity="IMPORTANT_VULNERABILITY_SEVERITY"} 938
rox_central_my_metric_int{Severity="LOW_VULNERABILITY_SEVERITY"} 2020
rox_central_my_metric_int{Severity="MODERATE_VULNERABILITY_SEVERITY"} 1176
rox_central_my_metric_int{Severity="UNKNOWN_VULNERABILITY_SEVERITY"} 4

Current dependencies on/for this PR:

This was referenced Jun 16, 2025
Closed
Merged
Closed
Closed
This was referenced Jun 16, 2025
Closed
Closed
@parametalol parametalol changed the title michael/ROX-28151-runner ROX-28151: Custom Prometheus metrics tracker runner Jun 16, 2025
@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Jun 16, 2025
edited
Loading

Images are ready for the commit at 6829826.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.x-67-g68298268ca.

@codecov
Copy link
Copy Markdown

codecov bot commented Jun 16, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 51.49701% with 81 lines in your changes missing coverage. Please review.

Project coverage is 48.85%. Comparing base (7c5e09e) to head (6829826).

Files with missing lines Patch % Lines
central/metrics/aggregator/singleton.go 63.15% 23 Missing and 5 partials ⚠️
central/metrics/aggregator/common/config_parser.go 5.88% 16 Missing ⚠️
central/metrics/aggregator/common/tracker_base.go 25.00% 10 Missing and 2 partials ⚠️
...metrics/aggregator/image_vulnerabilities/labels.go 31.25% 11 Missing ⚠️
...etrics/aggregator/image_vulnerabilities/tracker.go 73.52% 7 Missing and 2 partials ⚠️
central/config/service/service.go 42.85% 4 Missing ⚠️
central/config/service/singleton.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@                     Coverage Diff                     @@
##           michael/ROX-28151-tracker   #15745    +/-   ##
===========================================================
  Coverage                      48.85%   48.85%            
===========================================================
  Files                           2601     2604     +3     
  Lines                         191058   191214   +156     
===========================================================
+ Hits                           93344    93424    +80     
- Misses                         90409    90476    +67     
- Partials                        7305     7314     +9
Flag Coverage Δ
go-unit-tests 48.85% <51.49%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@parametalol parametalol marked this pull request as draft June 17, 2025 08:22
@parametalol parametalol marked this pull request as ready for review June 17, 2025 08:34
@parametalol parametalol marked this pull request as draft June 17, 2025 13:15
@parametalol parametalol deleted the michael/ROX-28151-runner branch September 16, 2025 21:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/central do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@parametalol @rhacs-bot