^{Originally posted by pdf December 2, 2022}
Looking at the recently added seccomp metrics, it looks like the syscalls label has essentially unbounded cardinality, since it appears that syscalls and counts are concatenated as a string value, e.g.:

container_runtime_crio_containers_seccomp_notifier_count_total{name="…",syscalls="chroot (1x)"} 1
container_runtime_crio_containers_seccomp_notifier_count_total{name="…",syscalls="chroot (2x), swapoff (2x)"} 1
container_runtime_crio_containers_seccomp_notifier_count_total{name="…",syscalls="chroot (1x), swapoff (2x)"} 1
container_runtime_crio_containers_seccomp_notifier_count_total{name="...",syscalls="swapoff (5x)"} 1

So, every possible combination of syscall and count may published to this label, making the possible value permutations infinite.

I'm not sure what the ideal structure for these metrics should be, but I don't think the current metrics should stand as they are.