Initial metrics integration (#290)

* add opencensus metrics and prom exporter Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * prom exporter test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * record test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * address comments Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * update opencensus v0.22.2 Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * address comments Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * change default port Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * fix defer Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * fix auditduration name in test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix expected port in test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * move total constraints to controller Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update with new map for cache Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix when cache doesn't include remaining tags Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * Update kind to v0.6.0 (#303) * update kind version to 0.6.0 Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * remove deprecated command Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * set TERM to disable fancy output Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * err check Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * make vendor Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix rebase Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix lint Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * add lock to delete and nested loop for known status/action Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * defer Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * update Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * requestResponse type Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * shared mutex Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * move reportMetrics Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * anonymous constraintcache Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * unexport Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * add test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix test nits Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * return err Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * added log.fatal Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * return to manager Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * remove goroutine Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix lint Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * handle stop Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * update Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * Use namespace of Pod as namespace for cert secret (#347) Fixes #346 Signed-off-by: Max Smythe <smythe@google.com> * Add capability PSP control aspect to library (#340) * Add capability PSP control aspect to library Signed-off-by: Max Smythe <smythe@google.com> * Update PSP library README Signed-off-by: Max Smythe <smythe@google.com> * Fix template kind Signed-off-by: Max Smythe <smythe@google.com> Signed-off-by: Sertaç Özercan <sozercan@gmail.com>
open-policy-agent · Dec 17, 2019 · 6d1c641 · 6d1c641
1 parent 03832f5
commit 6d1c641
Show file tree

Hide file tree

Showing 100 changed files with 8,132 additions and 51 deletions.
diff --git a/go.mod b/go.mod
@@ -3,19 +3,24 @@ module github.com/open-policy-agent/gatekeeper
 go 1.12
 
 require (
+	contrib.go.opencensus.io/exporter/prometheus v0.1.0
 	github.com/davecgh/go-spew v1.1.1
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-logr/logr v0.1.0
 	github.com/go-logr/zapr v0.1.0
 	github.com/go-openapi/spec v0.19.4 // indirect
 	github.com/go-openapi/strfmt v0.19.3 // indirect
 	github.com/go-openapi/validate v0.19.4 // indirect
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/google/go-cmp v0.3.1
 	github.com/onsi/ginkgo v1.10.1 // indirect
 	github.com/onsi/gomega v1.7.0
 	github.com/open-policy-agent/frameworks/constraint v0.0.0-20191112030435-1307ba72bce3
 	github.com/open-policy-agent/opa v0.15.0
 	github.com/pkg/errors v0.8.1
+	github.com/spf13/cobra v0.0.5
+	github.com/spf13/pflag v1.0.3
+	go.opencensus.io v0.22.2
 	go.uber.org/zap v1.10.0
 	golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297
 	k8s.io/api v0.0.0-20191025225708-5524a3672fbb

diff --git a/go.sum b/go.sum
@@ -1,6 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0 h1:eOI3/cP2VTU6uZLDYAoic+eyzzB9YyGmJ7eIjl8rOPg=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+contrib.go.opencensus.io/exporter/prometheus v0.1.0 h1:SByaIoWwNgMdPSgl5sMqM2KDE5H/ukPWBRo314xiDvg=
+contrib.go.opencensus.io/exporter/prometheus v0.1.0/go.mod h1:cGFniUXGZlKRjzOyuZJ6mgB+PgBcCIa79kEKR8YCW+A=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/BurntSushi/toml v0.3.0/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -24,6 +26,7 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -137,11 +140,16 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7 h1:u4bArs140e9+AfE52mFHOXVFnOSBJBRlzTHrOPLOIhE=
 github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 h1:ZgQEtGgCBiWRM39fZuwSd1LwSqqSW0hOdXCYYDX0R3I=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v0.0.0-20181025225059-d3de96c4c28e/go.mod h1:Qd/q+1AKNOZr9uGQzbzCmRO6sUih6GTPZv6a1/R87v0=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/btree v0.0.0-20160524151835-7d79101e329e/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -297,6 +305,9 @@ github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mo
 go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.1.1 h1:Sq1fR+0c58RME5EoqKdjkiQAmPjmfHlZOoRI6fTUOcs=
 go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/atomic v0.0.0-20181018215023-8dc6146f7569/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -316,16 +327,22 @@ golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56 h1:ZpKuNIejY8P0ExLOVyKhb0WsgG8UdvHXe6TWjY7eL6k=
 golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/lint v0.0.0-20181023182221-1baf3a9d7d67/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -340,7 +357,9 @@ golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -349,6 +368,7 @@ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f h1:25KHgbfyiSm6vwQLbM3zZIe1v9p/3ea4Rz+nnM5K/i4=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -360,7 +380,10 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2 h1:+DCIGbF/swA92ohVg0//6X2I
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
@@ -378,8 +401,13 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
 google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20170731182057-09f6ed296fc6/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/grpc v1.13.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -400,6 +428,7 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966 h1:B0J02caTR6tpSJozBJyiAzT6CtBzjclw4pgm9gg8Ys0=
 gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.0.0-20191016110246-af539daaa43a h1:IocS6+jQEuO8ZGQXhrD9BZ7Ze+Ly6FUKPlYs/m4I6xo=
 k8s.io/api v0.0.0-20191016110246-af539daaa43a/go.mod h1:ceHJE/vDjU8jKnRV6Vqn/+vyZmC6NvOluInN+RhQkIs=
 k8s.io/apiextensions-apiserver v0.0.0-20191016113439-b64f2075a530 h1:1liYV4IkFmYsGuRs+l5awlrRXSonzez84KK8FSlhECY=

diff --git a/main.go b/main.go
@@ -29,6 +29,7 @@ import (
 	"github.com/open-policy-agent/gatekeeper/pkg/controller"
 	configController "github.com/open-policy-agent/gatekeeper/pkg/controller/config"
 	"github.com/open-policy-agent/gatekeeper/pkg/controller/constrainttemplate"
+	"github.com/open-policy-agent/gatekeeper/pkg/metrics"
 	"github.com/open-policy-agent/gatekeeper/pkg/target"
 	"github.com/open-policy-agent/gatekeeper/pkg/upgrade"
 	"github.com/open-policy-agent/gatekeeper/pkg/watch"
@@ -135,6 +136,12 @@ func main() {
 		os.Exit(1)
 	}
 
+	setupLog.Info("setting up metrics")
+	if err := metrics.AddToManager(mgr); err != nil {
+		setupLog.Error(err, "unable to register metrics to the manager")
+		os.Exit(1)
+	}
+
 	// +kubebuilder:scaffold:builder
 
 	setupLog.Info("starting manager")

diff --git a/pkg/audit/manager.go b/pkg/audit/manager.go
@@ -9,6 +9,7 @@ import (
 
 	opa "github.com/open-policy-agent/frameworks/constraint/pkg/client"
 	constraintTypes "github.com/open-policy-agent/frameworks/constraint/pkg/types"
+	"github.com/open-policy-agent/gatekeeper/pkg/util"
 	"github.com/pkg/errors"
 	apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -38,13 +39,14 @@ var (
 
 // Manager allows us to audit resources periodically
 type Manager struct {
-	client  client.Client
-	opa     *opa.Client
-	stopper chan struct{}
-	stopped chan struct{}
-	mgr     manager.Manager
-	ctx     context.Context
-	ucloop  *updateConstraintLoop
+	client   client.Client
+	opa      *opa.Client
+	stopper  chan struct{}
+	stopped  chan struct{}
+	mgr      manager.Manager
+	ctx      context.Context
+	ucloop   *updateConstraintLoop
+	reporter StatsReporter
 }
 
 type auditResult struct {
@@ -70,18 +72,34 @@ type StatusViolation struct {
 
 // New creates a new manager for audit
 func New(ctx context.Context, mgr manager.Manager, opa *opa.Client) (*Manager, error) {
+	reporter, err := newStatsReporter()
+	if err != nil {
+		log.Error(err, "StatsReporter could not start")
+		return nil, err
+	}
+
 	am := &Manager{
-		opa:     opa,
-		stopper: make(chan struct{}),
-		stopped: make(chan struct{}),
-		mgr:     mgr,
-		ctx:     ctx,
+		opa:      opa,
+		stopper:  make(chan struct{}),
+		stopped:  make(chan struct{}),
+		mgr:      mgr,
+		ctx:      ctx,
+		reporter: reporter,
 	}
 	return am, nil
 }
 
 // audit performs an audit then updates the status of all constraint resources with the results
 func (am *Manager) audit(ctx context.Context) error {
+	timeStart := time.Now()
+	// record audit latency
+	defer func() {
+		latency := time.Since(timeStart)
+		if err := am.reporter.ReportLatency(latency); err != nil {
+			log.Error(err, "failed to report latency")
+		}
+	}()
+
 	timestamp := time.Now().UTC().Format(time.RFC3339)
 	// new client to get updated restmapper
 	c, err := client.New(am.mgr.GetConfig(), client.Options{Scheme: am.mgr.GetScheme(), Mapper: nil})
@@ -98,6 +116,7 @@ func (am *Manager) audit(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
+
 	log.Info("Audit opa.Audit() audit results", "violations", len(resp.Results()))
 	// get updatedLists
 	updateLists := make(map[string][]auditResult)
@@ -165,7 +184,7 @@ func getUpdateListsFromAuditResponses(resp *constraintTypes.Responses) (map[stri
 
 	for _, r := range resp.Results() {
 		selfLink := r.Constraint.GetSelfLink()
-		totalViolationsPerConstraint[selfLink] = totalViolationsPerConstraint[selfLink] + 1
+		totalViolationsPerConstraint[selfLink]++
 		// skip if this constraint has reached the constraintViolationsLimit
 		if len(updateLists[selfLink]) < *constraintViolationsLimit {
 			name := r.Constraint.GetName()
@@ -205,6 +224,12 @@ func (am *Manager) writeAuditResults(ctx context.Context, resourceList *metav1.A
 	group := resourceGV[0]
 	version := resourceGV[1]
 
+	// resetting total violations per enforcement action
+	totalViolationsPerEnforcementAction := make(map[util.EnforcementAction]int64)
+	for _, action := range util.KnownEnforcementActions {
+		totalViolationsPerEnforcementAction[action] = 0
+	}
+
 	// get constraints for each Kind
 	for _, r := range resourceList.APIResources {
 		log.Info("constraint", "resource kind", r.Kind)
@@ -220,12 +245,19 @@ func (am *Manager) writeAuditResults(ctx context.Context, resourceList *metav1.A
 			return err
 		}
 		log.Info("constraint", "count of constraints", len(instanceList.Items))
+
 		updateConstraints := make(map[string]unstructured.Unstructured, len(instanceList.Items))
 		// get each constraint
 		for _, item := range instanceList.Items {
 			updateConstraints[item.GetSelfLink()] = item
-		}
 
+			enforcementAction, err := util.GetEnforcementAction(item.Object)
+			if err != nil {
+				return err
+			}
+
+			totalViolationsPerEnforcementAction[enforcementAction] += totalViolations[item.GetSelfLink()]
+		}
 		if len(updateConstraints) > 0 {
 			if am.ucloop != nil {
 				close(am.ucloop.stop)
@@ -247,6 +279,12 @@ func (am *Manager) writeAuditResults(ctx context.Context, resourceList *metav1.A
 			go am.ucloop.update()
 		}
 	}
+
+	for k, v := range totalViolationsPerEnforcementAction {
+		if err := am.reporter.ReportTotalViolations(k, v); err != nil {
+			log.Error(err, "failed to report total violations")
+		}
+	}
 	return nil
 }
 

diff --git a/pkg/audit/stats_reporter.go b/pkg/audit/stats_reporter.go
@@ -0,0 +1,93 @@
+package audit
+
+import (
+	"context"
+	"time"
+
+	"github.com/open-policy-agent/gatekeeper/pkg/metrics"
+	"github.com/open-policy-agent/gatekeeper/pkg/util"
+	"go.opencensus.io/stats"
+	"go.opencensus.io/stats/view"
+	"go.opencensus.io/tag"
+)
+
+const (
+	totalViolationsName = "total_violations"
+	auditDurationName   = "audit_duration_seconds"
+)
+
+var (
+	violationsTotalM = stats.Int64(totalViolationsName, "Total number of violations per constraint", stats.UnitDimensionless)
+	auditDurationM   = stats.Float64(auditDurationName, "Latency of audit operation in seconds", stats.UnitSeconds)
+
+	enforcementActionKey = tag.MustNewKey("enforcement_action")
+)
+
+func init() {
+	if err := register(); err != nil {
+		panic(err)
+	}
+}
+
+func register() error {
+	views := []*view.View{
+		{
+			Name:        totalViolationsName,
+			Measure:     violationsTotalM,
+			Aggregation: view.LastValue(),
+			TagKeys:     []tag.Key{enforcementActionKey},
+		},
+		{
+			Name:        auditDurationName,
+			Measure:     auditDurationM,
+			Aggregation: view.Distribution(0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 1, 2, 3, 4, 5),
+		},
+	}
+	return view.Register(views...)
+}
+
+func (r *reporter) ReportTotalViolations(enforcementAction util.EnforcementAction, v int64) error {
+	ctx, err := tag.New(
+		r.ctx,
+		tag.Insert(enforcementActionKey, string(enforcementAction)))
+	if err != nil {
+		return err
+	}
+
+	return r.report(ctx, violationsTotalM.M(v))
+}
+
+func (r *reporter) ReportLatency(d time.Duration) error {
+	ctx, err := tag.New(r.ctx)
+	if err != nil {
+		return err
+	}
+
+	return r.report(ctx, auditDurationM.M(d.Seconds()))
+}
+
+// StatsReporter reports audit metrics
+type StatsReporter interface {
+	ReportTotalViolations(enforcementAction util.EnforcementAction, v int64) error
+	ReportLatency(d time.Duration) error
+}
+
+// newStatsReporter creaters a reporter for audit metrics
+func newStatsReporter() (StatsReporter, error) {
+	ctx, err := tag.New(
+		context.Background(),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return &reporter{ctx: ctx}, nil
+}
+
+type reporter struct {
+	ctx context.Context
+}
+
+func (r *reporter) report(ctx context.Context, m stats.Measurement) error {
+	return metrics.Record(ctx, m)
+}