Merge pull request #246 from modulitos/sa-cache-miss-metric

Add metric to count SA cache misses
aws · Nov 19, 2024 · bb56f02 · bb56f02
2 parents feac6cc + e255244
commit bb56f02
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/pkg/handler/handler.go b/pkg/handler/handler.go
@@ -503,6 +503,7 @@ func (m *Modifier) MutatePod(ar *v1beta1.AdmissionReview) *v1beta1.AdmissionResp
 
 	patchConfig := m.buildPodPatchConfig(&pod)
 	if patchConfig == nil {
+		missingSACounter.WithLabelValues().Inc()
 		klog.V(4).Infof("Pod was not mutated. Reason: "+
 			"Service account did not have the right annotations or was not found in the cache. %s", logContext(pod.Name, pod.GenerateName, pod.Spec.ServiceAccountName, pod.Namespace))
 		return &v1beta1.AdmissionResponse{

diff --git a/pkg/handler/middleware.go b/pkg/handler/middleware.go
@@ -56,13 +56,21 @@ var (
 			Help: "Indicator to how many pods are using sts web identity or container credentials",
 		}, []string{"method"},
 	)
+	missingSACounter = prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Name: "pod_identity_webhook_missing_sa_count",
+			Help: "Service account did not have the right annotations or was not found in the cache.",
+		},
+		[]string{},
+	)
 )
 
 func register() {
 	prometheus.MustRegister(requestCounter)
 	prometheus.MustRegister(requestLatencies)
 	prometheus.MustRegister(requestLatenciesSummary)
 	prometheus.MustRegister(webhookPodCount)
+	prometheus.MustRegister(missingSACounter)
 }
 
 func monitor(verb, path string, httpCode int, reqStart time.Time) {