Merge pull request #114497 from dgrisonnet/pod-logs-metrics

Remove redundant subsystem in kube-apiserver pod logs metrics name
2025-07-21 10:51:29 +00:00 · 2023-03-10 12:40:41 -08:00 · 2023-03-10 12:40:41 -08:00 · 94e30facdb
commit 94e30facdb
parent 211291222b 1efa1a65ee
3 changed files with 51 additions and 9 deletions
--- a/pkg/registry/core/pod/rest/log.go
+++ b/pkg/registry/core/pod/rest/log.go
@ -101,6 +101,7 @@ func (r *LogREST) Get(ctx context.Context, name string, opts runtime.Object) (ru
 		ResponseChecker:                       genericrest.NewGenericHttpResponseChecker(api.Resource("pods/log"), name),
 		RedirectChecker:                       genericrest.PreventRedirects,
 		TLSVerificationErrorCounter:           podLogsTLSFailure,
+		DeprecatedTLSVerificationErrorCounter: deprecatedPodLogsTLSFailure,
 	}, nil
 }

@ -116,6 +117,13 @@ func countSkipTLSMetric(insecureSkipTLSVerifyBackend bool) {
 		return
 	}
 	counter.Inc()
+
+	deprecatedCounter, err := deprecatedPodLogsUsage.GetMetricWithLabelValues(usageType)
+	if err != nil {
+		utilruntime.HandleError(err)
+		return
+	}
+	deprecatedCounter.Inc()
 }

 // NewGetOptions creates a new options object
--- a/pkg/registry/core/pod/rest/metrics.go
+++ b/pkg/registry/core/pod/rest/metrics.go
@ -34,24 +34,49 @@ const (
 var (
 	// podLogsUsage counts and categorizes how the insecure backend skip TLS option is used and allowed.
 	podLogsUsage = metrics.NewCounterVec(
+		&metrics.CounterOpts{
+			Namespace:      namespace,
+			Subsystem:      subsystem,
+			Name:           "insecure_backend_total",
+			Help:           "Total number of requests for pods/logs sliced by usage type: enforce_tls, skip_tls_allowed, skip_tls_denied",
+			StabilityLevel: metrics.ALPHA,
+		},
+		[]string{"usage"},
+	)
+
+	// deprecatedPodLogsUsage counts and categorizes how the insecure backend skip TLS option is used and allowed.
+	deprecatedPodLogsUsage = metrics.NewCounterVec(
 		&metrics.CounterOpts{
 			Namespace:         namespace,
 			Subsystem:         subsystem,
 			Name:              "pods_logs_insecure_backend_total",
 			Help:              "Total number of requests for pods/logs sliced by usage type: enforce_tls, skip_tls_allowed, skip_tls_denied",
 			StabilityLevel:    metrics.ALPHA,
+			DeprecatedVersion: "1.27.0",
 		},
 		[]string{"usage"},
 	)

 	// podLogsTLSFailure counts how many attempts to get pod logs fail on tls verification
 	podLogsTLSFailure = metrics.NewCounter(
+		&metrics.CounterOpts{
+			Namespace:      namespace,
+			Subsystem:      subsystem,
+			Name:           "backend_tls_failure_total",
+			Help:           "Total number of requests for pods/logs that failed due to kubelet server TLS verification",
+			StabilityLevel: metrics.ALPHA,
+		},
+	)
+
+	// deprecatedPodLogsTLSFailure counts how many attempts to get pod logs fail on tls verification
+	deprecatedPodLogsTLSFailure = metrics.NewCounter(
 		&metrics.CounterOpts{
 			Namespace:         namespace,
 			Subsystem:         subsystem,
 			Name:              "pods_logs_backend_tls_failure_total",
 			Help:              "Total number of requests for pods/logs that failed due to kubelet server TLS verification",
 			StabilityLevel:    metrics.ALPHA,
+			DeprecatedVersion: "1.27.0",
 		},
 	)
 )
@ -62,5 +87,7 @@ func registerMetrics() {
 	registerMetricsOnce.Do(func() {
 		legacyregistry.MustRegister(podLogsUsage)
 		legacyregistry.MustRegister(podLogsTLSFailure)
+		legacyregistry.MustRegister(deprecatedPodLogsUsage)
+		legacyregistry.MustRegister(deprecatedPodLogsTLSFailure)
 	})
 }
--- a/staging/src/k8s.io/apiserver/pkg/registry/generic/rest/streamer.go
+++ b/staging/src/k8s.io/apiserver/pkg/registry/generic/rest/streamer.go
@ -46,6 +46,10 @@ type LocationStreamer struct {
 	// TLSVerificationErrorCounter is an optional value that will Inc every time a TLS error is encountered.  This can
 	// be wired a single prometheus counter instance to get counts overall.
 	TLSVerificationErrorCounter CounterMetric
+	// DeprecatedTLSVerificationErrorCounter is a temporary field used to rename
+	// the kube_apiserver_pod_logs_pods_logs_backend_tls_failure_total metric
+	// with a one release deprecation period in 1.27.0.
+	DeprecatedTLSVerificationErrorCounter CounterMetric
 }

 // a LocationStreamer must implement a rest.ResourceStreamer
@ -87,6 +91,9 @@ func (s *LocationStreamer) InputStream(ctx context.Context, apiVersion, acceptHe
 		// TODO prefer segregate TLS errors more reliably, but we do want to increment a count
 		if strings.Contains(err.Error(), "x509:") && s.TLSVerificationErrorCounter != nil {
 			s.TLSVerificationErrorCounter.Inc()
+			if s.DeprecatedTLSVerificationErrorCounter != nil {
+				s.DeprecatedTLSVerificationErrorCounter.Inc()
+			}
 		}
 		return nil, false, "", err
 	}