From e361173549f42d07a21ec22030a58c62d878936e Mon Sep 17 00:00:00 2001
From: Martin Kennelly <mkennell@redhat.com>
Date: Mon, 4 Oct 2021 14:19:24 +0100
Subject: [PATCH] Metric: Add egress firewall rules metric

Add a metric to count the number of egress firewall
rules. This metric will facilitate
an understanding if egress firewall is being used
and also how heavily it is being used across
all namespaces.

Signed-off-by: Martin Kennelly <mkennell@redhat.com>
---
 go-controller/pkg/metrics/master.go | 13 +++++++++++++
 go-controller/pkg/ovn/ovn.go        |  3 +++
 2 files changed, 16 insertions(+)

diff --git a/go-controller/pkg/metrics/master.go b/go-controller/pkg/metrics/master.go
index 2bfc4f9abb9..beda0bdfc68 100644
--- a/go-controller/pkg/metrics/master.go
+++ b/go-controller/pkg/metrics/master.go
@@ -163,6 +163,13 @@ var metricEgressIPCount = prometheus.NewGauge(prometheus.GaugeOpts{
 	Help:      "The number of defined egress IP addresses",
 })
 
+var metricEgressFirewallRuleCount = prometheus.NewGauge(prometheus.GaugeOpts{
+	Namespace: MetricOvnNamespace,
+	Subsystem: MetricOvnkubeSubsystemMaster,
+	Name:      "num_egress_firewall_rules",
+	Help:      "The number of egress firewall rules defined"},
+)
+
 var registerMasterMetricsOnce sync.Once
 var startE2ETimeStampUpdaterOnce sync.Once
 
@@ -238,6 +245,7 @@ func RegisterMasterMetrics(nbClient, sbClient goovn.Client) {
 		prometheus.MustRegister(metricV4AllocatedHostSubnetCount)
 		prometheus.MustRegister(metricV6AllocatedHostSubnetCount)
 		prometheus.MustRegister(metricEgressIPCount)
+		prometheus.MustRegister(metricEgressFirewallRuleCount)
 		registerWorkqueueMetrics(MetricOvnkubeNamespace, MetricOvnkubeSubsystemMaster)
 	})
 }
@@ -314,3 +322,8 @@ func RecordSubnetCount(v4SubnetCount, v6SubnetCount float64) {
 func RecordEgressIPCount(count float64) {
 	metricEgressIPCount.Set(count)
 }
+
+// UpdateEgressFirewallRuleCount records the number of Egress firewall rules.
+func UpdateEgressFirewallRuleCount(count float64) {
+	metricEgressFirewallRuleCount.Add(count)
+}
diff --git a/go-controller/pkg/ovn/ovn.go b/go-controller/pkg/ovn/ovn.go
index 3fe795fce77..d630a079b15 100644
--- a/go-controller/pkg/ovn/ovn.go
+++ b/go-controller/pkg/ovn/ovn.go
@@ -754,6 +754,7 @@ func (oc *Controller) WatchEgressFirewall() *factory.Handler {
 			if err != nil {
 				klog.Error(err)
 			}
+			metrics.UpdateEgressFirewallRuleCount(float64(len(egressFirewall.Spec.Egress)))
 		},
 		UpdateFunc: func(old, newer interface{}) {
 			newEgressFirewall := newer.(*egressfirewall.EgressFirewall).DeepCopy()
@@ -778,6 +779,7 @@ func (oc *Controller) WatchEgressFirewall() *factory.Handler {
 				if err != nil {
 					klog.Error(err)
 				}
+				metrics.UpdateEgressFirewallRuleCount(float64(len(newEgressFirewall.Spec.Egress) - len(oldEgressFirewall.Spec.Egress)))
 			}
 		},
 		DeleteFunc: func(obj interface{}) {
@@ -792,6 +794,7 @@ func (oc *Controller) WatchEgressFirewall() *factory.Handler {
 			if err != nil {
 				klog.Errorf("Failed to commit db changes for egressFirewall in namespace %s stdout: %q, stderr: %q, err: %+v", egressFirewall.Namespace, stdout, stderr, err)
 			}
+			metrics.UpdateEgressFirewallRuleCount(float64(-len(egressFirewall.Spec.Egress)))
 		},
 	}, oc.syncEgressFirewall)
 }