cmd/k8s-operator: add metrics for attempted/uploaded session recordings (#12765)

Updates tailscale/corp#19821 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2 years ago · 986d60a094
parent 6a982faa7d
commit 986d60a094
2 changed files with 12 additions and 1 deletions
--- a/cmd/k8s-operator/proxy.go
+++ b/cmd/k8s-operator/proxy.go
@ -33,7 +33,16 @@ import (

 var whoIsKey = ctxkey.New("", (*apitype.WhoIsResponse)(nil))

-var counterNumRequestsProxied = clientmetric.NewCounter("k8s_auth_proxy_requests_proxied")
+var (
+	// counterNumRequestsproxies counts the number of API server requests proxied via this proxy.
+	counterNumRequestsProxied = clientmetric.NewCounter("k8s_auth_proxy_requests_proxied")
+
+	// counterSessionRecordingsAttempted counts the number of session recording attempts.
+	counterSessionRecordingsAttempted = clientmetric.NewCounter("k8s_auth_proxy__session_recordings_attempted")
+
+	// counterSessionRecordingsUploaded counts the number of successfully uploaded session recordings.
+	counterSessionRecordingsUploaded = clientmetric.NewCounter("k8s_auth_proxy_session_recordings_uploaded")
+)

 type apiServerProxyMode int

@ -223,6 +232,7 @@ func (ap *apiserverProxy) serveExec(w http.ResponseWriter, r *http.Request) {
 		ap.rp.ServeHTTP(w, r.WithContext(whoIsKey.WithValue(r.Context(), who)))
 		return
 	}
+	counterSessionRecordingsAttempted.Add(1) // at this point we know that users intended for this session to be recorded
 	if !failOpen && len(addrs) == 0 {
 		msg := "forbidden: 'kubectl exec' session must be recorded, but no recorders are available."
 		ap.log.Error(msg)
--- a/cmd/k8s-operator/spdy-hijacker.go
+++ b/cmd/k8s-operator/spdy-hijacker.go
@ -135,6 +135,7 @@ func (h *spdyHijacker) setUpRecording(ctx context.Context, conn net.Conn) (net.C
 		case err = <-errChan:
 		}
 		if err == nil {
+			counterSessionRecordingsUploaded.Add(1)
 			h.log.Info("finished uploading the recording")
 			return
 		}