Skip to content

fix: support metrics collection with alternate report storage #2856

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rzala wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: support metrics collection with alternate report storage #2856

rzala wants to merge 1 commit into from

Conversation

@rzala
Copy link

@rzala rzala commented Jan 15, 2026

Description

Fixes #2610

This PR adds support for Prometheus metrics collection when alternate report storage (filesystem-based) is enabled. Previously, enabling alternateReportStorage.enabled: true would cause all metrics like trivy_image_vulnerabilities to stop working because the metrics collector only read from Kubernetes CRDs.

Changes

  • Added StorageReader interface to abstract storage backend operations
  • Implemented CRDStorageReader for reading from Kubernetes CRDs (existing default behavior)
  • Implemented FilesystemStorageReader for reading from alternate storage filesystem
  • Updated ResourcesMetricsCollector to use the StorageReader abstraction
  • Added comprehensive unit tests for both storage backends and edge cases

Impact

  • Backward compatible - No breaking changes, CRD-based metrics work exactly as before
  • Dual-mode support - Metrics now work with both CRD and filesystem storage
  • All report types supported - VulnerabilityReport, ExposedSecretReport, ConfigAuditReport, RbacAssessmentReport, InfraAssessmentReport, ClusterComplianceReport
  • Production ready - Robust error handling, logging, and graceful degradation

Testing

Added comprehensive unit tests in pkg/metrics/storage_reader_test.go:

  • Tests for CRD-based collection (validates backward compatibility)
  • Tests for filesystem-based collection
  • Edge case testing (missing directories, corrupt files, permissions)
  • Backend selection tests

How to Test

With CRD Storage (default):

  1. Deploy trivy-operator with default configuration
  2. Verify metrics endpoint returns data

With Alternate Storage:

  1. Enable alternate storage: alternateReportStorage.enabled: true
  2. Configure PVC-based storage
  3. Verify metrics endpoint still returns data
  4. Confirm metrics match report contents

Checklist

@rzala rzala requested a review from simar7 as a code owner January 15, 2026 17:04
@CLAassistant
Copy link

CLAassistant commented Jan 15, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot added the bug label Jan 15, 2026
@rzala rzala marked this pull request as draft January 15, 2026 19:55
@rzala
fix: support metrics collection with alternate report storage
0452d01 
Fixes aquasecurity#2610

When alternate report storage is enabled, reports are saved to
filesystem instead of Kubernetes CRDs. The metrics collector was
only reading from CRDs, causing all metrics to become unavailable.

This commit adds a storage abstraction layer that allows the metrics
collector to read from either CRDs (default) or filesystem (when
alternate storage is enabled), maintaining full backward compatibility.

Additionally, adds validation to skip malformed reports without proper
metadata (name/labels), preventing duplicate metric errors from stale
files in alternate storage directories.

Changes:
- Add StorageReader interface for storage backend abstraction
- Implement CRDStorageReader for reading from Kubernetes CRDs
- Implement FilesystemStorageReader for reading from alternate storage
- Add validation to filter out malformed reports without metadata
- Update ResourcesMetricsCollector to use StorageReader
- Add comprehensive unit tests for both storage backends

All report types are supported: VulnerabilityReport, ExposedSecretReport,
ConfigAuditReport, RbacAssessmentReport, InfraAssessmentReport, and
ClusterComplianceReport.
@rzala rzala force-pushed the fix/alternate-storage-metrics branch from cbc0a1b to 0452d01 Compare January 15, 2026 20:11
@rzala rzala marked this pull request as ready for review January 16, 2026 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 Awaiting requested review from simar7 simar7 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Alternate Report Storage doesn't provides metrics

2 participants

@rzala @CLAassistant