From e2552441318fbaa8c269919b6c973229ff537af2 Mon Sep 17 00:00:00 2001 From: modulitos Date: Mon, 18 Nov 2024 14:39:34 -0800 Subject: [PATCH] Add metric to count SA cache misses --- pkg/handler/handler.go | 1 + pkg/handler/middleware.go | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/pkg/handler/handler.go b/pkg/handler/handler.go index 31f852654..a5df98090 100644 --- a/pkg/handler/handler.go +++ b/pkg/handler/handler.go @@ -503,6 +503,7 @@ func (m *Modifier) MutatePod(ar *v1beta1.AdmissionReview) *v1beta1.AdmissionResp patchConfig := m.buildPodPatchConfig(&pod) if patchConfig == nil { + missingSACounter.WithLabelValues().Inc() klog.V(4).Infof("Pod was not mutated. Reason: "+ "Service account did not have the right annotations or was not found in the cache. %s", logContext(pod.Name, pod.GenerateName, pod.Spec.ServiceAccountName, pod.Namespace)) return &v1beta1.AdmissionResponse{ diff --git a/pkg/handler/middleware.go b/pkg/handler/middleware.go index 1147dd953..07b19bd4f 100644 --- a/pkg/handler/middleware.go +++ b/pkg/handler/middleware.go @@ -56,6 +56,13 @@ var ( Help: "Indicator to how many pods are using sts web identity or container credentials", }, []string{"method"}, ) + missingSACounter = prometheus.NewCounterVec( + prometheus.CounterOpts{ + Name: "pod_identity_webhook_missing_sa_count", + Help: "Service account did not have the right annotations or was not found in the cache.", + }, + []string{}, + ) ) func register() { @@ -63,6 +70,7 @@ func register() { prometheus.MustRegister(requestLatencies) prometheus.MustRegister(requestLatenciesSummary) prometheus.MustRegister(webhookPodCount) + prometheus.MustRegister(missingSACounter) } func monitor(verb, path string, httpCode int, reqStart time.Time) {