Policy Change Counts
Metric Name
kyverno_policy_changes_total
Metric Value
Counter - An only-increasing integer representing the total number of policy-level changes associated with a metric sample.
Use cases
- The cluster admin wants to track how many cluster policies have been created in the last 1 year.
- An end user wants to track how many policies (kind: Policy) have been created in their personal namespace.
- The cluster admin wants to see how many policies with
validationFailureAction: enforce
and background mode enabled were created since last week.
Filter Labels
Label | Allowed Values | Description |
---|---|---|
policy_validation_mode | “enforce”, “audit” | PolicyValidationFailure action of the rule’s parent policy |
policy_type | “cluster”, “namespaced” | Kind of the rule’s parent policy. Kind: ClusterPolicy or Kind: Policy |
policy_background_mode | “true”, “false” | Policy’s set background mode |
policy_name | Name of the policy to which the rule belongs | |
policy_namespace | Namespace in which this Policy resides (only for policies with kind: Policy), For ClusterPolicies, this field will be “-” | |
policy_change_type | “create”, “update”, “delete” | Action which happened with the policy behind this policy change. |
Useful Queries
-
Tracking the number of cluster policies with audit mode which were created in the last 60 minutes:
sum(increase(kyverno_policy_changes_total{policy_type="cluster", policy_change_type="create", policy_validation_mode="audit"}[60m]))
-
Listing down all the namespaced Policies which were deleted in the “default" namespace in the last 5 minutes:
kyverno_policy_changes_total{policy_type="namespaced", policy_namespace="default", policy_change_type="delete"}[5m]
-
Track the number of changes which happened with a cluster policy named “sample-policy":
sum(kyverno_policy_changes_total{policy_type="cluster", policy_name="sample-policy"})