pkg/registry: rename pod logs metrics

The pod_logs subsystem was inadvertently made redundant in the following kube-apiserver metrics: - kube_apiserver_pod_logs_pods_logs_backend_tls_failure_total - kube_apiserver_pod_logs_pods_logs_insecure_backend_total To safely rename them, it is required to deprecate them in 1.27 whilst introducing the new metrics replacing them. Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>
2025-10-31 05:40:42 +00:00 · 2022-12-14 23:40:21 +01:00
parent c7d47e4c94
commit 1efa1a65ee
3 changed files with 51 additions and 9 deletions
--- a/pkg/registry/core/pod/rest/log.go
+++ b/pkg/registry/core/pod/rest/log.go
@@ -101,6 +101,7 @@ func (r *LogREST) Get(ctx context.Context, name string, opts runtime.Object) (ru
 		ResponseChecker:                       genericrest.NewGenericHttpResponseChecker(api.Resource("pods/log"), name),
 		RedirectChecker:                       genericrest.PreventRedirects,
 		TLSVerificationErrorCounter:           podLogsTLSFailure,
+		DeprecatedTLSVerificationErrorCounter: deprecatedPodLogsTLSFailure,
 	}, nil
 }

@@ -116,6 +117,13 @@ func countSkipTLSMetric(insecureSkipTLSVerifyBackend bool) {
 		return
 	}
 	counter.Inc()
+
+	deprecatedCounter, err := deprecatedPodLogsUsage.GetMetricWithLabelValues(usageType)
+	if err != nil {
+		utilruntime.HandleError(err)
+		return
+	}
+	deprecatedCounter.Inc()
 }

 // NewGetOptions creates a new options object
--- a/pkg/registry/core/pod/rest/metrics.go
+++ b/pkg/registry/core/pod/rest/metrics.go
@@ -34,24 +34,49 @@ const (
 var (
 	// podLogsUsage counts and categorizes how the insecure backend skip TLS option is used and allowed.
 	podLogsUsage = metrics.NewCounterVec(
+		&metrics.CounterOpts{
+			Namespace:      namespace,
+			Subsystem:      subsystem,
+			Name:           "insecure_backend_total",
+			Help:           "Total number of requests for pods/logs sliced by usage type: enforce_tls, skip_tls_allowed, skip_tls_denied",
+			StabilityLevel: metrics.ALPHA,
+		},
+		[]string{"usage"},
+	)
+
+	// deprecatedPodLogsUsage counts and categorizes how the insecure backend skip TLS option is used and allowed.
+	deprecatedPodLogsUsage = metrics.NewCounterVec(
 		&metrics.CounterOpts{
 			Namespace:         namespace,
 			Subsystem:         subsystem,
 			Name:              "pods_logs_insecure_backend_total",
 			Help:              "Total number of requests for pods/logs sliced by usage type: enforce_tls, skip_tls_allowed, skip_tls_denied",
 			StabilityLevel:    metrics.ALPHA,
+			DeprecatedVersion: "1.27.0",
 		},
 		[]string{"usage"},
 	)

 	// podLogsTLSFailure counts how many attempts to get pod logs fail on tls verification
 	podLogsTLSFailure = metrics.NewCounter(
+		&metrics.CounterOpts{
+			Namespace:      namespace,
+			Subsystem:      subsystem,
+			Name:           "backend_tls_failure_total",
+			Help:           "Total number of requests for pods/logs that failed due to kubelet server TLS verification",
+			StabilityLevel: metrics.ALPHA,
+		},
+	)
+
+	// deprecatedPodLogsTLSFailure counts how many attempts to get pod logs fail on tls verification
+	deprecatedPodLogsTLSFailure = metrics.NewCounter(
 		&metrics.CounterOpts{
 			Namespace:         namespace,
 			Subsystem:         subsystem,
 			Name:              "pods_logs_backend_tls_failure_total",
 			Help:              "Total number of requests for pods/logs that failed due to kubelet server TLS verification",
 			StabilityLevel:    metrics.ALPHA,
+			DeprecatedVersion: "1.27.0",
 		},
 	)
 )
@@ -62,5 +87,7 @@ func registerMetrics() {
 	registerMetricsOnce.Do(func() {
 		legacyregistry.MustRegister(podLogsUsage)
 		legacyregistry.MustRegister(podLogsTLSFailure)
+		legacyregistry.MustRegister(deprecatedPodLogsUsage)
+		legacyregistry.MustRegister(deprecatedPodLogsTLSFailure)
 	})
 }
--- a/staging/src/k8s.io/apiserver/pkg/registry/generic/rest/streamer.go
+++ b/staging/src/k8s.io/apiserver/pkg/registry/generic/rest/streamer.go
@@ -46,6 +46,10 @@ type LocationStreamer struct {
 	// TLSVerificationErrorCounter is an optional value that will Inc every time a TLS error is encountered.  This can
 	// be wired a single prometheus counter instance to get counts overall.
 	TLSVerificationErrorCounter CounterMetric
+	// DeprecatedTLSVerificationErrorCounter is a temporary field used to rename
+	// the kube_apiserver_pod_logs_pods_logs_backend_tls_failure_total metric
+	// with a one release deprecation period in 1.27.0.
+	DeprecatedTLSVerificationErrorCounter CounterMetric
 }

 // a LocationStreamer must implement a rest.ResourceStreamer
@@ -87,6 +91,9 @@ func (s *LocationStreamer) InputStream(ctx context.Context, apiVersion, acceptHe
 		// TODO prefer segregate TLS errors more reliably, but we do want to increment a count
 		if strings.Contains(err.Error(), "x509:") && s.TLSVerificationErrorCounter != nil {
 			s.TLSVerificationErrorCounter.Inc()
+			if s.DeprecatedTLSVerificationErrorCounter != nil {
+				s.DeprecatedTLSVerificationErrorCounter.Inc()
+			}
 		}
 		return nil, false, "", err
 	}