chore: adding metrics for VAP integration

[JaydipGabani]

What this PR does / why we need it:
Adds metrics for VAP integration
Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #4078

Special notes for your reviewer:

[JaydipGabani]

Instead of a tag, I am adding new metrics tracking total CT with CEL, and this can be used with constraint_templates metrics to figure out rego only CT count.

The reason of adding a new metrics rather than a tag as discussed was to maintain backward compatibility. IMO this is better but if we want to do type=CEL,REGO I can revert to that.

[sozercan]

Good call on using a separate constraint_templates_with_cel metric instead of adding a type=cel tag to constraint_templates for backward compatibility. Consider adding a brief code comment here explaining this design decision.

[Copilot]

Pull request overview

This PR adds comprehensive metrics support for ValidatingAdmissionPolicy (VAP) integration in Gatekeeper, enabling observability into the generation and status of VAP resources alongside constraint templates.

• Introduces three new metrics: gatekeeper_constraint_templates_with_cel, gatekeeper_validating_admission_policies, and gatekeeper_validating_admission_policy_bindings
• Implements thread-safe registry tracking for VAP and VAPB resources with active/error status reporting
• Adds integration tests in BATS to verify metric reporting and removes redundant pod creation calls

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
website/docs/metrics.md	Documents the three new VAP-related metrics with descriptions, tags, and aggregation types
test/testutils/controller.go	Simplifies variable declaration by removing unnecessary parentheses
test/bats/test.bats	Adds metrics verification tests for VAP integration and optimizes pod creation to check for existing pods before creating new ones
pkg/controller/constrainttemplate/stats_reporter_test.go	Adds comprehensive test coverage for VAP, VAPB, and CEL template metrics including creation, deletion, and status updates
pkg/controller/constrainttemplate/stats_reporter.go	Implements metrics infrastructure for VAP and CEL constraint templates with thread-safe registries and observable gauges
pkg/controller/constrainttemplate/constrainttemplate_controller.go	Integrates metric reporting throughout the VAP lifecycle including creation, updates, errors, and deletion
pkg/controller/constraint/stats_reporter_test.go	Adds test coverage for VAPB metrics with status tracking and deletion scenarios
pkg/controller/constraint/stats_reporter.go	Implements VAPB metrics with registry-based tracking and status observation
pkg/controller/constraint/constraint_controller.go	Integrates VAPB metric reporting across all generation states including errors and successful binding creation

[codecov-commenter]

Codecov Report

❌ Patch coverage is 71.53846% with 37 lines in your changes missing coverage. Please review.
✅ Project coverage is 41.33%. Comparing base (3350319) to head (27b710f).
⚠️ Report is 553 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/controller/constraint/constraint_controller.go	0.00%	22 Missing ⚠️
...onstrainttemplate/constrainttemplate_controller.go	52.63%	9 Missing ⚠️
...kg/controller/constrainttemplate/stats_reporter.go	91.11%	2 Missing and 2 partials ⚠️
pkg/controller/constraint/stats_reporter.go	88.23%	1 Missing and 1 partial ⚠️

❗ There is a different number of reports uploaded between BASE (3350319) and HEAD (27b710f). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (3350319)	HEAD (27b710f)
unittests	2	1

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #4317       +/-   ##
===========================================
- Coverage   54.49%   41.33%   -13.16%     
===========================================
  Files         134      253      +119     
  Lines       12329    17923     +5594     
===========================================
+ Hits         6719     7409      +690     
- Misses       5116     9871     +4755     
- Partials      494      643      +149     

Flag	Coverage Δ
unittests	41.33% <71.53%> (-13.16%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sozercan]

can we improve unit test coverage here?

[JaydipGabani]

generally constraint tests are covered through CT tests so there is no reconcilation tests for constraint. For this change, I have added unit tests for stats_reporter and have added tests in bats file which should cover the code. Let me know if metrics tests through constraint lifecycle is still desired and I can add them.

[sozercan]

Good call on using a separate constraint_templates_with_cel metric instead of adding a type=cel tag to constraint_templates for backward compatibility. Consider adding a brief code comment here explaining this design decision.

[sozercan]

thanks! added a few comments

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.

[sozercan]

do we want to emit a metric while waiting?

[JaydipGabani]

This may not be transient error if parsing timestamp is resulting in an error. That is why I think it may be a good idea to emit metrics. Eventually if VAPB is generated then this metric will be replaced with active status anyways.

[Copilot]

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 14 out of 14 changed files in this pull request and generated no new comments.