Policy Change Counts
Metric Name
kyverno_policy_changes_total
Metric Value
Counter - An only-increasing integer representing the total number of policy-level changes associated with a metric sample.
Use cases
- The cluster admin wants to track how many cluster policies have been created in the last 1 year.
- An end user wants to track how many policies (kind: Policy) have been created in their personal namespace.
- The cluster admin wants to see how many policies with
validationFailureAction: Enforceand background mode enabled were created since last week.
Filter Labels
| Label | Allowed Values | Description |
|---|---|---|
| policy_validation_mode | “enforce”, “audit” | PolicyValidationFailure action of the rule’s parent policy |
| policy_type | “cluster”, “namespaced” | Kind of the rule’s parent policy. Kind: ClusterPolicy or Kind: Policy |
| policy_background_mode | “true”, “false” | Policy’s set background mode |
| policy_name | Name of the policy to which the rule belongs | |
| policy_namespace | Namespace in which this Policy resides (only for policies with kind: Policy), For ClusterPolicies, this field will be “-” | |
| policy_change_type | “create”, “update”, “delete” | Action which happened with the policy behind this policy change. |
Useful Queries
Tracking the number of cluster policies with audit mode which were created in the last 60 minutes:
sum(increase(kyverno_policy_changes_total{policy_type="cluster", policy_change_type="create", policy_validation_mode="audit"}[60m]))Listing down all the namespaced Policies which were deleted in the “default" namespace in the last 5 minutes:
kyverno_policy_changes_total{policy_type="namespaced", policy_namespace="default", policy_change_type="delete"}[5m]Track the number of changes which happened with a cluster policy named “sample-policy":
sum(kyverno_policy_changes_total{policy_type="cluster", policy_name="sample-policy"})