Instrument flagz and statusz endpoints with apiserver request metrics#137021
Merged
k8s-ci-robot merged 2 commits intokubernetes:masterfrom Feb 28, 2026
Merged
Instrument flagz and statusz endpoints with apiserver request metrics#137021k8s-ci-robot merged 2 commits intokubernetes:masterfrom
k8s-ci-robot merged 2 commits intokubernetes:masterfrom
Conversation
k8s-ci-robot
added
release-note-none
k8s-ci-robot
added
area/apiserver
sig/api-machinery
k8s-ci-robot
removed
the
do-not-merge/needs-sig
Member
|
I think we should add a changelog entry. |
yongruilin
force-pushed
the
master_zpages-metrics
branch
from
5e72a6c to
767f8cd
Compare
k8s-ci-robot
added
size/L
Contributor
Author
Updated. |
Contributor
Author
|
/assign @richabanker |
…rics Use MonitorRequest instead of InstrumentHandlerFunc so that group, version, and deprecated status are derived from content negotiation on each request. For text/plain requests, group and version are empty. For structured responses (JSON/YAML/CBOR), they reflect the negotiated API version (e.g., config.k8s.io/v1alpha1). This ensures accurate metric labels even when clients request deprecated API versions. Add TestMetrics for both endpoints, verifying that requests are recorded in apiserver_request_total with correct label values.
yongruilin
force-pushed
the
master_zpages-metrics
branch
from
767f8cd to
e728229
Compare
Member
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
30 tasks
30 tasks
richabanker
reviewed
Feb 25, 2026
| "", // resource | ||
| DefaultFlagzPath, // subresource | ||
| "", // scope | ||
| "", // component |
Contributor
There was a problem hiding this comment.
can we put "apiserver" here? Is that what component is supposed to mean?
Contributor
Author
There was a problem hiding this comment.
hmmm, the healthz doesn't pass "component" field. But I think we should pass "apiserver" here?
Contributor
There was a problem hiding this comment.
componentName thats passed to handleFlagz()?
richabanker
reviewed
Feb 25, 2026
| "", // resource | ||
| DefaultStatuszPath, // subresource | ||
| "", // scope | ||
| "", // component |
Contributor
There was a problem hiding this comment.
same comment about component
richabanker
reviewed
Feb 25, 2026
| # HELP apiserver_request_total [STABLE] Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, and HTTP response code. | ||
| # TYPE apiserver_request_total counter | ||
| apiserver_request_total{code="200",component="",dry_run="",group="",resource="",scope="",subresource="/flagz",verb="GET",version=""} 1 | ||
| apiserver_request_total{code="200",component="",dry_run="",group="config.k8s.io",resource="",scope="",subresource="/flagz",verb="GET",version="v1alpha1"} 1 |
Contributor
There was a problem hiding this comment.
Nit: Its including the "/" that too in subresource.. should that be in resource and without the "/" ?
Contributor
Author
There was a problem hiding this comment.
I see. Unlike healthz/livez/readyz, flagz and statusz are defined API resources with their own GVK (config.k8s.io/v1alpha1/Flagz and config.k8s.io/v1alpha1/Statusz), so it makes more sense to use resource="flagz" with an empty subresource rather than putting the path in subresource. Updated
Contributor
|
Few nits about lgtm otherwise. Thanks for the help on adding metrics coverage for these endpoints! |
yongruilin
force-pushed
the
master_zpages-metrics
branch
from
435226c to
83959a9
Compare
…tusz metrics
Set component label to componentName (e.g., "kube-proxy", "kubelet")
instead of empty string. Move endpoint identifier from subresource to
resource ("flagz"/"statusz") since these are defined API resources with
their own GVK (config.k8s.io/v1alpha1).
yongruilin
force-pushed
the
master_zpages-metrics
branch
from
83959a9 to
c246753
Compare
Contributor
|
/retest |
Contributor
|
/lgtm |
k8s-ci-robot
added
the
lgtm
Contributor
|
LGTM label has been added. DetailsGit tree hash: bdf3f8ff3832572cf54b8dd3d981bebf940c4fca |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: richabanker, yongruilin The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
github-project-automation
Bot
moved this from Needs Triage
to Done
in SIG Instrumentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind feature
What this PR does / why we need it:
Instruments the /flagz and /statusz endpoints with metrics.InstrumentHandlerFunc so that requests are recorded in apiserver_request_total and apiserver_request_duration_seconds, matching the existing pattern used by /healthz, /livez, and /readyz. This enables operators to detect potential abuse or DDOS of these zpages endpoints via the standard apiserver HTTP metrics.
Which issue(s) this PR is related to:
KEP: kubernetes/enhancements#4828
kubernetes/enhancements#5806 (comment)
Special notes for your reviewer:
The instrumentation follows the exact same pattern as the health endpoints in staging/src/k8s.io/apiserver/pkg/server/healthz/healthz.go. Tests also follow the existing TestMetrics pattern in healthz_test.go.
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: