Description of problem:
In OCP 4.10, kube-state-metrics exposes kube_.*_annotations timeseries for every resource. This increases the number of series stored by Prometheus in memory while providing little to no value (by default the series only contain the namespace and name labels).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Check for kube_pod_annotations metric for instance in the OCP console's metrics page
It returns data.
Annotation metrics should have been disabled by https://github.com/openshift/cluster-monitoring-operator/pull/1426 but the regex had a typo (e.g. "kube_*_annotations" -> "kube_.+_annotations"). It would be good to have an e2e test to avoid future regressions.
checked with 4.10.0-0.nightly-2022-01-26-234447, kube_.*_annotations is dropped
# oc -n openshift-monitoring get deploy kube-state-metrics -oyaml | grep "metric-denylist"
# token=`oc sa get-token prometheus-k8s -n openshift-monitoring`
# oc -n openshift-monitoring exec -c prometheus prometheus-k8s-0 -- curl -k -H "Authorization: Bearer $token" 'https://thanos-querier.openshift-monitoring.svc:9091/api/v1/label/__name__/values' | jq | grep kube_.*_annotations
# oc -n openshift-monitoring logs kube-state-metrics-79db5d9694-ppn4v | grep kube_.*_annotations
I0127 06:55:57.960214 1 main.go:133] metric allow-denylisting: Excluding the following lists that were on denylist: kube_pod_container_status_running, kube_pod_completion_time, kube_pod_status_scheduled, kube_secret_labels, kube_.+_metadata_resource_version, kube_pod_init_container_status_running, kube_.+_created, kube_replicaset_metadata_generation, kube_pod_init_container_status_terminated, kube_pod_container_status_terminated, kube_.*_annotations, kube_replicaset_status_observed_generation, kube_pod_restart_policy
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.