Admission Review Latency
Metric Name(s)
Section titled “Metric Name(s)”kyverno_admission_review_duration_seconds_countkyverno_admission_review_duration_seconds_sumkyverno_admission_review_duration_seconds_bucket
Metric Value
Section titled “Metric Value”Histogram - A float value representing the latency of the admission review in seconds.
See Prometheus docs for a detailed explanation of how histograms work.
Metric Labels
Section titled “Metric Labels”| Label | Allowed Values | Description |
|---|---|---|
| request_allowed | ”true”, “false” | If the admission review was accepeted or rejected. |
| request_webhook | ”ValidatingWebhookConfiguration”, “MutatingWebhookConfiguration” | Type of webhook processing the admission review. |
| resource_kind | ”Pod”, “Deployment”, “StatefulSet”, “ReplicaSet”, etc. | Kind of this resource |
| resource_namespace | Namespace in which this resource lives | |
| resource_request_operation | ”create”, “update”, “delete” | If the requested resource is being created, updated, or deleted. |
Use cases
Section titled “Use cases”- The cluster admin wants to know how fast/slow have the admission reviews been for incoming requests around “Deployment” creations in the default namespace.
- The cluster admin wants to be alerted as soon as the p95 latency of admission reviews associated with the incoming “Pod” creation requests breach a certain threshold.
Useful Queries
Section titled “Useful Queries”-
Average latency associated with the admission reviews triggered by incoming resource requests, grouped by the resource:
avg(kyverno_admission_review_duration_seconds{}) by (resource_type) -
Maximum latency associated with the admission reviews triggered by incoming pod requests over last 24 hours:
max(kyverno_admission_review_duration_seconds{resource_type="Pod"}[24h]) -
Listing the admission request which consumed maximum amount of latency in the last 60 minutes:
max(kyverno_admission_review_duration_seconds{}[60m])