docs: correct metric names to match actual exported Prometheus names

The OpenTelemetry Prometheus exporter appends `_total` to counter
instruments (see open-telemetry/opentelemetry-go#3360), so the metrics
exposed at /metrics do not match the names listed in this document.

- Align the metric names in the table and sample output with the names
  the driver actually registers in pkg/secrets-store/stats_reporter.go.
- Add the `provider` tag to rotation_reconcile_total and
  rotation_reconcile_error_total, which the reporter already sets.
- Fix the k8s secret sync histogram name (k8s_secret_duration_sec).
- Note that metrics only appear on driver pods that have served a
  mount/unmount/rotation, which can be confusing when port-forwarding.

Fixes kubernetes-sigs#1937

Signed-off-by: Maksym Lushpenko <iviakciivi@gmail.com>

Author: mlushpenko

docs/book/src/topics/metrics.md

@@ -6,16 +6,18 @@ Prometheus is the only exporter that's currently supported with the driver.
 
 ## List of metrics provided by the driver
 
+> **Note:** The OpenTelemetry Prometheus exporter appends a `_total` suffix to counter instruments (see [open-telemetry/opentelemetry-go#3360](https://github.com/open-telemetry/opentelemetry-go/pull/3360)). The names below are the names as they appear on the `/metrics` endpoint.
+
 | Metric                          | Description                                                               | Tags                                                                              |
 | ------------------------------- | ------------------------------------------------------------------------- | --------------------------------------------------------------------------------- |
-| total_node_publish              | Total number of successful volume mount requests                          | `os_type=<runtime os>`<br>`provider=<provider name>`                              |
-| total_node_unpublish            | Total number of successful volume unmount requests                        | `os_type=<runtime os>`                                                            |
-| total_node_publish_error        | Total number of errors with volume mount requests                         | `os_type=<runtime os>`<br>`provider=<provider name>`<br>`error_type=<error code>` |
-| total_node_unpublish_error      | Total number of errors with volume unmount requests                       | `os_type=<runtime os>`                                                            |
-| total_sync_k8s_secret           | Total number of k8s secrets synced                                        | `os_type=<runtime os>`<br>`provider=<provider name>`                              |
-| sync_k8s_secret_duration_sec    | Distribution of how long it took to sync k8s secret                       | `os_type=<runtime os>`                                                            |
-| total_rotation_reconcile        | Total number of rotation reconciles                                       | `os_type=<runtime os>`<br>`rotated=<true or false>`                               |
-| total_rotation_reconcile_error  | Total number of rotation reconciles with error                            | `os_type=<runtime os>`<br>`rotated=<true or false>`<br>`error_type=<error code>`  |
+| node_publish_total              | Total number of successful volume mount requests                          | `os_type=<runtime os>`<br>`provider=<provider name>`                              |
+| node_unpublish_total            | Total number of successful volume unmount requests                        | `os_type=<runtime os>`                                                            |
+| node_publish_error_total        | Total number of errors with volume mount requests                         | `os_type=<runtime os>`<br>`provider=<provider name>`<br>`error_type=<error code>` |
+| node_unpublish_error_total      | Total number of errors with volume unmount requests                       | `os_type=<runtime os>`                                                            |
+| sync_k8s_secret_total           | Total number of k8s secrets synced                                        | `os_type=<runtime os>`<br>`provider=<provider name>`                              |
+| k8s_secret_duration_sec         | Distribution of how long it took to sync k8s secret                       | `os_type=<runtime os>`                                                            |
+| rotation_reconcile_total        | Total number of rotation reconciles                                       | `os_type=<runtime os>`<br>`provider=<provider name>`<br>`rotated=<true or false>` |
+| rotation_reconcile_error_total  | Total number of rotation reconciles with error                            | `os_type=<runtime os>`<br>`provider=<provider name>`<br>`rotated=<true or false>`<br>`error_type=<error code>`  |
 | rotation_reconcile_duration_sec | Distribution of how long it took to rotate secrets-store content for pods | `os_type=<runtime os>`                                                            |
 
 Metrics are served from port 8095, but this port is not exposed outside the pod by default. Use kubectl port-forward to access the metrics over localhost:
@@ -25,39 +27,41 @@ kubectl port-forward ds/csi-secrets-store -n kube-system 8095:8095 &
 curl localhost:8095/metrics
 ```
 
+> **Note:** Metrics are only emitted from driver pods that have actually performed the corresponding work (e.g. a volume mount, unmount, or rotation reconcile). When port-forwarding a single pod for validation, it is possible to hit a pod that has not yet served any requests and therefore exposes no driver-specific metrics. Trigger the relevant action against that pod, or query all pods, to see the metrics.
+
 ### Sample Metrics output
 
 ```shell
-# HELP sync_k8s_secret_duration_sec Distribution of how long it took to sync k8s secret
-# TYPE sync_k8s_secret_duration_sec histogram
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.1"} 0
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.2"} 0
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.3"} 0
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.4"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="0.5"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="1"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="1.5"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="2"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="2.5"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="3"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="5"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="10"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="15"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="30"} 1
-sync_k8s_secret_duration_sec_bucket{os_type="linux",le="+Inf"} 1
-sync_k8s_secret_duration_sec_sum{os_type="linux"} 0.3115892
-sync_k8s_secret_duration_sec_count{os_type="linux"} 1
-# HELP total_node_publish Total number of node publish calls
-# TYPE total_node_publish counter
-total_node_publish{os_type="linux",provider="azure"} 1
-# HELP total_node_publish_error Total number of node publish calls with error
-# TYPE total_node_publish_error counter
-total_node_publish_error{error_type="ProviderBinaryNotFound",os_type="linux",provider="azure"} 2
-total_node_publish_error{error_type="SecretProviderClassNotFound",os_type="linux",provider=""} 4
-# HELP total_node_unpublish Total number of node unpublish calls
-# TYPE total_node_unpublish counter
-total_node_unpublish{os_type="linux"} 1
-# HELP total_sync_k8s_secret Total number of k8s secrets synced
-# TYPE total_sync_k8s_secret counter
-total_sync_k8s_secret{os_type="linux",provider="azure"} 1
+# HELP k8s_secret_duration_sec Distribution of how long it took to sync k8s secret
+# TYPE k8s_secret_duration_sec histogram
+k8s_secret_duration_sec_bucket{os_type="linux",le="0.1"} 0
+k8s_secret_duration_sec_bucket{os_type="linux",le="0.2"} 0
+k8s_secret_duration_sec_bucket{os_type="linux",le="0.3"} 0
+k8s_secret_duration_sec_bucket{os_type="linux",le="0.4"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="0.5"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="1"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="1.5"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="2"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="2.5"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="3"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="5"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="10"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="15"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="30"} 1
+k8s_secret_duration_sec_bucket{os_type="linux",le="+Inf"} 1
+k8s_secret_duration_sec_sum{os_type="linux"} 0.3115892
+k8s_secret_duration_sec_count{os_type="linux"} 1
+# HELP node_publish_total Total number of node publish calls
+# TYPE node_publish_total counter
+node_publish_total{os_type="linux",provider="azure"} 1
+# HELP node_publish_error_total Total number of node publish calls with error
+# TYPE node_publish_error_total counter
+node_publish_error_total{error_type="ProviderBinaryNotFound",os_type="linux",provider="azure"} 2
+node_publish_error_total{error_type="SecretProviderClassNotFound",os_type="linux",provider=""} 4
+# HELP node_unpublish_total Total number of node unpublish calls
+# TYPE node_unpublish_total counter
+node_unpublish_total{os_type="linux"} 1
+# HELP sync_k8s_secret_total Total number of k8s secrets synced
+# TYPE sync_k8s_secret_total counter
+sync_k8s_secret_total{os_type="linux",provider="azure"} 1
 ```