nmstate · kubevirt-bot · Mar 24, 2026 · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026
diff --git a/cmd/handler/main.go b/cmd/handler/main.go
@@ -96,6 +96,8 @@ func init() {
 	metrics.Registry.MustRegister(monitoring.AppliedFeatures)
 	metrics.Registry.MustRegister(monitoring.NetworkInterfaces)
 	metrics.Registry.MustRegister(monitoring.NetworkRoutes)
+	metrics.Registry.MustRegister(monitoring.PolicyStatus)
+	metrics.Registry.MustRegister(monitoring.EnactmentStatus)
 }
 
 func main() {
@@ -596,6 +598,26 @@ func setupMetricsManager(mgr manager.Manager) error {
 		return err
 	}
 
+	setupLog.Info("Creating Metrics NodeNetworkConfigurationPolicy controller")
+	if err := (&controllersmetrics.NodeNetworkConfigurationPolicyReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("metrics").WithName("NodeNetworkConfigurationPolicy"),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create NodeNetworkConfigurationPolicy metrics controller", "metrics", "NMState")
+		return err
+	}
+
+	setupLog.Info("Creating Metrics NodeNetworkConfigurationEnactment status controller")
+	if err := (&controllersmetrics.NodeNetworkConfigurationEnactmentStatusReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("metrics").WithName("NodeNetworkConfigurationEnactmentStatus"),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create NodeNetworkConfigurationEnactment status metrics controller", "metrics", "NMState")
+		return err
+	}
+
 	return nil
 }
 

diff --git a/controllers/metrics/nodenetworkconfigurationenactment_status_controller.go b/controllers/metrics/nodenetworkconfigurationenactment_status_controller.go
@@ -0,0 +1,130 @@
+/*
+Copyright The Kubernetes NMState Authors.
+
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package metrics
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/go-logr/logr"
+	"github.com/pkg/errors"
+	"github.com/prometheus/client_golang/prometheus"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/nmstate/kubernetes-nmstate/api/shared"
+	nmstatev1beta1 "github.com/nmstate/kubernetes-nmstate/api/v1beta1"
+	"github.com/nmstate/kubernetes-nmstate/pkg/monitoring"
+)
+
+// NodeNetworkConfigurationEnactmentStatusReconciler reconciles NNCE objects for per-node status metrics
+type NodeNetworkConfigurationEnactmentStatusReconciler struct {
+	client.Client
+	Log      logr.Logger
+	Scheme   *runtime.Scheme
+	oldNodes map[string]struct{}
+}
+
+func (r *NodeNetworkConfigurationEnactmentStatusReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
+	log := r.Log.WithValues("metrics.nodenetworkconfigurationenactment_status", request.NamespacedName)
+	log.Info("Reconcile")
+
+	if err := r.reportStatistics(ctx); err != nil {
+		return ctrl.Result{}, fmt.Errorf("failed reporting NNCE status statistics: %w", err)
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func (r *NodeNetworkConfigurationEnactmentStatusReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	r.oldNodes = make(map[string]struct{})
+
+	onConditionChange := conditionChangePredicate(func(obj client.Object) (shared.ConditionList, bool) {
+		nnce, ok := obj.(*nmstatev1beta1.NodeNetworkConfigurationEnactment)
+		if !ok {
+			return nil, false
+		}
+		return nnce.Status.Conditions, true
+	})
+
+	err := ctrl.NewControllerManagedBy(mgr).
+		Named("nodenetworkconfigurationenactment-status").
+		For(&nmstatev1beta1.NodeNetworkConfigurationEnactment{}).
+		WithEventFilter(onConditionChange).
+		Complete(r)
+	if err != nil {
+		return errors.Wrap(err, "failed to add controller to NNCE status metrics Reconciler")
+	}
+
+	return nil
+}
+
+type enactmentStatusKey struct {
+	node   string
+	status string
+}
+
+func (r *NodeNetworkConfigurationEnactmentStatusReconciler) reportStatistics(ctx context.Context) error {
+	nnceList := nmstatev1beta1.NodeNetworkConfigurationEnactmentList{}
+	if err := r.List(ctx, &nnceList); err != nil {
+		return err
+	}
+
+	counts := make(map[enactmentStatusKey]float64)
+	newNodes := make(map[string]struct{})
+
+	for i := range nnceList.Items {
+		nodeName := nnceList.Items[i].Labels[shared.EnactmentNodeLabel]
+		if nodeName == "" {
+			continue
+		}
+		newNodes[nodeName] = struct{}{}
+
+		status := activeConditionType(nnceList.Items[i].Status.Conditions)
+		if status != "" {
+			key := enactmentStatusKey{node: nodeName, status: string(status)}
+			counts[key]++
+		}
+	}
+
+	// Reset all known node+status combinations, then set current values
+	for nodeName := range newNodes {
+		for _, condType := range shared.NodeNetworkConfigurationEnactmentConditionTypes {
+			key := enactmentStatusKey{node: nodeName, status: string(condType)}
+			monitoring.EnactmentStatus.WithLabelValues(nodeName, string(condType)).Set(counts[key])
+		}
+	}
+
+	// Delete metrics for nodes that no longer have any enactments
+	for oldNode := range r.oldNodes {
+		if _, exists := newNodes[oldNode]; !exists {
+			for _, condType := range shared.NodeNetworkConfigurationEnactmentConditionTypes {
+				monitoring.EnactmentStatus.Delete(prometheus.Labels{
+					"node":   oldNode,
+					"status": string(condType),
+				})
+			}
+		}
+	}
+
+	r.oldNodes = newNodes
+
+	return nil
+}
diff --git a/controllers/metrics/nodenetworkconfigurationpolicy_controller.go b/controllers/metrics/nodenetworkconfigurationpolicy_controller.go
@@ -0,0 +1,97 @@
+/*
+Copyright The Kubernetes NMState Authors.
+
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package metrics
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/go-logr/logr"
+	"github.com/pkg/errors"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/nmstate/kubernetes-nmstate/api/shared"
+	nmstatev1 "github.com/nmstate/kubernetes-nmstate/api/v1"
+	"github.com/nmstate/kubernetes-nmstate/pkg/monitoring"
+)
+
+// NodeNetworkConfigurationPolicyReconciler reconciles NNCP objects for status metrics
+type NodeNetworkConfigurationPolicyReconciler struct {
+	client.Client
+	Log    logr.Logger
+	Scheme *runtime.Scheme
+}
+
+func (r *NodeNetworkConfigurationPolicyReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) {
+	log := r.Log.WithValues("metrics.nodenetworkconfigurationpolicy", request.NamespacedName)
+	log.Info("Reconcile")
+
+	if err := r.reportStatistics(ctx); err != nil {
+		return ctrl.Result{}, fmt.Errorf("failed reporting NNCP status statistics: %w", err)
+	}
+
+	return ctrl.Result{}, nil
+}
+
+func (r *NodeNetworkConfigurationPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	onConditionChange := conditionChangePredicate(func(obj client.Object) (shared.ConditionList, bool) {
+		nncp, ok := obj.(*nmstatev1.NodeNetworkConfigurationPolicy)
+		if !ok {
+			return nil, false
+		}
+		return nncp.Status.Conditions, true
+	})
+
+	err := ctrl.NewControllerManagedBy(mgr).
+		For(&nmstatev1.NodeNetworkConfigurationPolicy{}).
+		WithEventFilter(onConditionChange).
+		Complete(r)
+	if err != nil {
+		return errors.Wrap(err, "failed to add controller to NNCP status metrics Reconciler")
+	}
+
+	return nil
+}
+
+func (r *NodeNetworkConfigurationPolicyReconciler) reportStatistics(ctx context.Context) error {
+	nncpList := nmstatev1.NodeNetworkConfigurationPolicyList{}
+	if err := r.List(ctx, &nncpList); err != nil {
+		return err
+	}
+
+	counts := make(map[shared.ConditionType]float64)
+	for _, condType := range shared.NodeNetworkConfigurationPolicyConditionTypes {
+		counts[condType] = 0
+	}
+
+	for i := range nncpList.Items {
+		status := activeConditionType(nncpList.Items[i].Status.Conditions)
+		if status != "" {
+			counts[status]++
+		}
+	}
+
+	for condType, count := range counts {
+		monitoring.PolicyStatus.WithLabelValues(string(condType)).Set(count)
+	}
+
+	return nil
+}
diff --git a/controllers/metrics/utils.go b/controllers/metrics/utils.go
@@ -0,0 +1,64 @@
+/*
+Copyright The Kubernetes NMState Authors.
+
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package metrics
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+
+	"github.com/nmstate/kubernetes-nmstate/api/shared"
+)
+
+func activeConditionType(conditions shared.ConditionList) shared.ConditionType {
+	for _, c := range conditions {
+		if c.Status == corev1.ConditionTrue {
+			return c.Type
+		}
+	}
+	return ""
+}
+
+// conditionChangePredicate returns a predicate that triggers on create, delete,
+// and on updates only when the active condition type changes.
+// getConditions extracts the ConditionList from the concrete object type.
+func conditionChangePredicate(getConditions func(client.Object) (shared.ConditionList, bool)) predicate.Funcs {
+	return predicate.Funcs{
+		CreateFunc: func(event.CreateEvent) bool {
+			return true
+		},
+		DeleteFunc: func(event.DeleteEvent) bool {
+			return true
+		},
+		UpdateFunc: func(e event.UpdateEvent) bool {
+			oldConditions, ok := getConditions(e.ObjectOld)
+			if !ok {
+				return true
+			}
+			newConditions, ok := getConditions(e.ObjectNew)
+			if !ok {
+				return true
+			}
+			return activeConditionType(oldConditions) != activeConditionType(newConditions)
+		},
+		GenericFunc: func(event.GenericEvent) bool {
+			return false
+		},
+	}
+}
diff --git a/pkg/monitoring/metrics.go b/pkg/monitoring/metrics.go
@@ -39,6 +39,16 @@ var (
 		Help: "Number of network routes labeled by node, IP stack and type (static/dynamic)",
 	}
 
+	PolicyStatusOpts = prometheus.GaugeOpts{
+		Name: "kubernetes_nmstate_policies_status",
+		Help: "Number of NodeNetworkConfigurationPolicies labeled by their status condition",
+	}
+
+	EnactmentStatusOpts = prometheus.GaugeOpts{
+		Name: "kubernetes_nmstate_enactments_status",
+		Help: "Number of NodeNetworkConfigurationEnactments labeled by node and status condition",
+	}
+
 	AppliedFeatures = prometheus.NewGaugeVec(
 		AppliedFeaturesOpts,
 		[]string{"name"},
@@ -54,10 +64,22 @@ var (
 		[]string{"node", "ip_stack", "type"},
 	)
 
+	PolicyStatus = prometheus.NewGaugeVec(
+		PolicyStatusOpts,
+		[]string{"status"},
+	)
+
+	EnactmentStatus = prometheus.NewGaugeVec(
+		EnactmentStatusOpts,
+		[]string{"node", "status"},
+	)
+
 	gaugeOpts = []prometheus.GaugeOpts{
 		AppliedFeaturesOpts,
 		NetworkInterfacesOpts,
 		NetworkRoutesOpts,
+		PolicyStatusOpts,
+		EnactmentStatusOpts,
 	}
 )