[webhook] OTel changes

[dprotaso]

This stacks onto the shared main PR - #3190

You can review the webhook changes here

• webhook changes for observability
• go mod
• vendor

[dprotaso]

/assign @Cali0707 @evankanderson @skonto

[codecov]

Codecov Report

Attention: Patch coverage is 88.69565% with 13 lines in your changes missing coverage. Please review.

Project coverage is 76.00%. Comparing base (7a5377f) to head (624cd94).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
webhook/conversion.go	68.57%	8 Missing and 3 partials ⚠️
webhook/metrics.go	91.66%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3189      +/-   ##
==========================================
- Coverage   76.05%   76.00%   -0.05%     
==========================================
  Files         205      205              
  Lines       11751    11710      -41     
==========================================
- Hits         8937     8900      -37     
+ Misses       2541     2540       -1     
+ Partials      273      270       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dprotaso]

This is ready for a review cc @evankanderson @Cali0707

Based on the feedback from the OTel folks I removed the package variable instruments. This makes unit tests easier to write and FYI the instruments are de-duped by the otel-go sdk when multiple webhooks are created (excluding the pointers in our webhook struct)

[skonto]

We report time for bad requests too?

[dprotaso]

yeah

[evankanderson]

Bad requests may have a different time distribution than "good" requests, which can be a useful hint when debugging, so I'm +1 on separating these.

[evankanderson]

/approve

One concern about use of LabelerFromContext without looking at the second value in admission.go, but this seems like (not counting libraries), this somewhat simplifies our overall code.

[evankanderson]

Bad requests may have a different time distribution than "good" requests, which can be a useful hint when debugging, so I'm +1 on separating these.

[evankanderson]

If the second result is false, then:

In this case it is safe to use the Labeler but any attributes added to it will not be used.

Do we want / need to call otelhttp.ContextWithLabeler to set the labeler if this was false?

[dprotaso]

shouldn't need to since - the otelhttp middleware sets it.

https://github.com/open-telemetry/opentelemetry-go-contrib/blob/45af9252727c122174f7adab90f6c24ab04f1a6b/instrumentation/net/http/otelhttp/handler.go#L176

[dprotaso]

If someone's using the handler without that middleware then the labeler is a noop

[evankanderson]

Yeah, I didn't know if that was a concern. You can add a comment here that this relies on that middleware setting the labeler context as another option, since this looks like ignoring an error value.

[dprotaso]

done

[evankanderson]

Why do this after the recordHandlerDuration call?

[dprotaso]

recordHandlerDuration will add the duration to our custom histogram metric that measures the call to the conversion controller.

The labeler on the other hand will add attributes that otelhttp middelware reports. The the order of these don't really mater in my mind

[evankanderson]

So the labeler labels won't have any relation to the metric attributes?

[dprotaso]

So the labeler labels won't have any relation to the metric attributes?

There is no relationship. What we should probably do is actually get the attribute keys from the label when recording the metric - that way we'll have the exact same attributes (though there's a slice alloc)

[dprotaso]

ok - i moved this invocation upward and record will now fetch the labeler attributes

[evankanderson]

Do we need admission in these keys? If not, they could cover all kinds of webhook metrics (conversion, defaulting, etc), with fewer definitions. (e.g. the admission and conversion status could use the same attribute)

[dprotaso]

It's possible but a lot of the fields don't apply to conversion webhooks (maybe just two).

What are your concerns?

[evankanderson]

Having to type a lot of long strings into Prometheus queries. (Yes, it's more human laziness than technical cost, which should be fairly minimal with a reasonable interning implementation.)

[dprotaso]

ok - i did a pass take a look - i think it worked out

[Cali0707]

/lgtm
/hold in case @dprotaso wants any more reviews

[dprotaso]

rebased

[Cali0707]

/lgtm

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Cali0707, dprotaso, evankanderson

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Cali0707,dprotaso]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dprotaso]

/hold cancel

@evankanderson if you have any follow up comments let me know and i can do them in a follow up PR next week.