Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add allowed/denied metrics for authorizers #123333

Merged
merged 1 commit into from Feb 18, 2024
Merged

Add allowed/denied metrics for authorizers #123333

merged 1 commit into from Feb 18, 2024
+301 −50

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Feb 16, 2024

What type of PR is this?

/kind feature

What this PR does / why we need it:

Records metrics for terminal decisions by all configured authorizers.

Which issue(s) this PR fixes:

Fixes #123324

Does this PR introduce a user-facing change?

kube-apiserver now reports metrics for authorization decisions in the `apiserver_authorization_decisions_total` metric, labeled by authorizer type, name, and decision.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3221-structured-authorization-configuration

/sig auth
/assign @ritazh @palnabarun @enj

@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Feb 16, 2024
@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 16, 2024
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. sig/auth Categorizes an issue or PR as relevant to SIG Auth. area/apiserver labels Feb 16, 2024
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. sig/testing Categorizes an issue or PR as relevant to SIG Testing. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Feb 16, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@liggitt liggitt mentioned this pull request Feb 16, 2024
Merged
@liggitt
Copy link
Member Author

liggitt commented Feb 16, 2024

/retest

@ping035627
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 18, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: eedb23ff2ffb4b1eb208dbf4f65c5504472eae5c

@k8s-ci-robot k8s-ci-robot merged commit 6ff6b51 into kubernetes:master Feb 18, 2024
16 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.30 milestone Feb 18, 2024
@alexzielenski
Copy link
Contributor

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 20, 2024
This was referenced Mar 2, 2024
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enj enj Awaiting requested review from enj

@ping035627 ping035627 Awaiting requested review from ping035627

Assignees

@ritazh ritazh

@enj enj

@palnabarun palnabarun

@ping035627 ping035627

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
Structured Authz Enhancement
Status: ✅ Done
Milestone
v1.30
Development

Successfully merging this pull request may close these issues.

Add metrics for general authz decisions
7 participants
@liggitt @k8s-ci-robot @ping035627 @alexzielenski @ritazh @enj @palnabarun