Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add authentication metrics: failure, error count #81509

Merged

Conversation

@RainbowMango
Copy link
Member

commented Aug 16, 2019

What type of PR is this?
/kind feature

What this PR does / why we need it:

Which issue(s) this PR fixes:
Part of #81028.

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Added metrics 'authentication_attempts' that can be used to understand the attempts of authentication.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Aug 16, 2019

Hi @RainbowMango. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@yue9944882

This comment has been minimized.

Copy link
Member

commented Aug 16, 2019

/ok-to-test
/remove-sig api-machinery
/sig auth
/sig instrumentation

@RainbowMango

This comment has been minimized.

Copy link
Member Author

commented Aug 17, 2019

/retest

Seems flake.
`$ git init
Initialized empty Git repository in /home/prow/go/src/github.com/kubernetes/kubernetes/.git/
$ git config user.name ci-robot
$ git config user.email ci-robot@k8s.io
$ git fetch https://github.com/kubernetes/kubernetes.git --tags --prune
error: RPC failed; curl 18 transfer closed with outstanding read data remaining
fatal: The remote end hung up unexpectedly

Error: exit status 128`

@RainbowMango

This comment has been minimized.

Copy link
Member Author

commented Aug 19, 2019

kindly ping @mikedanese

@mikedanese

This comment has been minimized.

Copy link
Member

commented Aug 20, 2019

Copy link
Member

left a comment

Not sure how useful these metrics are (in cluster components will explode them pretty easily) but I guess it is a start.

@RainbowMango RainbowMango force-pushed the RainbowMango:pr_add_authentication_metrics branch from 03c8b8c to 63a5d27 Aug 21, 2019
@RainbowMango

This comment has been minimized.

Copy link
Member Author

commented Aug 21, 2019

/retest

@RainbowMango

This comment has been minimized.

Copy link
Member Author

commented Aug 22, 2019

@kubernetes/sig-auth-pr-reviews @enj
Let's hurry up the process.

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Aug 22, 2019

@RainbowMango: Reiterating the mentions to trigger a notification:
@kubernetes/sig-auth-pr-reviews

In response to this:

@kubernetes/sig-auth-pr-reviews @enj
Let's hurry up the process.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Copy link
Member

left a comment

one comment, otherwise lgtm

@RainbowMango RainbowMango force-pushed the RainbowMango:pr_add_authentication_metrics branch from 63a5d27 to d6d385d Aug 22, 2019
@RainbowMango RainbowMango force-pushed the RainbowMango:pr_add_authentication_metrics branch from d6d385d to 5be4cb6 Aug 28, 2019
@RainbowMango

This comment has been minimized.

Copy link
Member Author

commented Aug 28, 2019

Updated. Please take a look. @mikedanese @enj

Hope we can finish this before code freeze(August 29th). :)

@RainbowMango RainbowMango force-pushed the RainbowMango:pr_add_authentication_metrics branch from 5be4cb6 to 38b9b6c Aug 28, 2019
@RainbowMango

This comment has been minimized.

Copy link
Member Author

commented Aug 28, 2019

/retest
after fix format issue.

@RainbowMango RainbowMango force-pushed the RainbowMango:pr_add_authentication_metrics branch from 38b9b6c to d3ce7e1 Aug 28, 2019
@mikedanese

This comment has been minimized.

Copy link
Member

commented Aug 28, 2019

/lgtm
/approve

@mikedanese

This comment has been minimized.

Copy link
Member

commented Aug 28, 2019

@RainbowMango good to go but needs a rebase.

}

if !ok {
authenticatedAttemptsCounter.WithLabelValues(failureLabel).Inc()

This comment has been minimized.

Copy link
@liggitt

liggitt Aug 28, 2019

Member

this double counts an attempt that results in false, non-nil-err... is that intentional?

This comment has been minimized.

Copy link
@mikedanese

mikedanese Aug 28, 2019

Member

good catch, probably want this to be an else if

This comment has been minimized.

Copy link
@RainbowMango

RainbowMango Aug 28, 2019

Author Member

wonderful comments.

Done.

@RainbowMango RainbowMango force-pushed the RainbowMango:pr_add_authentication_metrics branch from d3ce7e1 to 71e5b68 Aug 28, 2019
@k8s-ci-robot k8s-ci-robot removed the lgtm label Aug 28, 2019
@@ -72,7 +87,11 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, failed
if err != nil || !ok {
if err != nil {
klog.Errorf("Unable to authenticate the request due to an error: %v", err)
authenticatedAttemptsCounter.WithLabelValues(errorLable).Inc()

This comment has been minimized.

Copy link
@liggitt

liggitt Aug 28, 2019

Member

typo? errorLabel?

@@ -72,7 +87,11 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, failed
if err != nil || !ok {
if err != nil {
klog.Errorf("Unable to authenticate the request due to an error: %v", err)
authenticatedAttemptsCounter.WithLabelValues(errorLable).Inc()
} else if !ok {
authenticatedAttemptsCounter.WithLabelValues(failureLable).Inc()

This comment has been minimized.

Copy link
@liggitt

liggitt Aug 28, 2019

Member

typo? failureLabel?

@@ -86,6 +105,7 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, failed
req = req.WithContext(genericapirequest.WithUser(req.Context(), resp.User))

authenticatedUserCounter.WithLabelValues(compressUsername(resp.User.GetName())).Inc()
authenticatedAttemptsCounter.WithLabelValues(successLable).Inc()

This comment has been minimized.

Copy link
@liggitt

liggitt Aug 28, 2019

Member

successLabel

@RainbowMango RainbowMango force-pushed the RainbowMango:pr_add_authentication_metrics branch from 71e5b68 to a7ac3b9 Aug 28, 2019
@RainbowMango

This comment has been minimized.

Copy link
Member Author

commented Aug 28, 2019

Sorry for my stupid mistake when rebase.

I changed prometheus.NewCounterVec to metrics.NewCounterVec for keep align with authenticatedUserCounter.

I can't clone k/k to my mac at home, you know, in China, i will check more details.

@RainbowMango

This comment has been minimized.

Copy link
Member Author

commented Aug 28, 2019

/retest

@liggitt

This comment has been minimized.

Copy link
Member

commented Aug 28, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm label Aug 28, 2019
@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Aug 28, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, mikedanese, RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 30f2545 into kubernetes:master Aug 29, 2019
24 checks passed
24 checks passed
cla/linuxfoundation RainbowMango authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-conformance-image-test Skipped.
pull-kubernetes-conformance-kind-ipv6 Skipped.
pull-kubernetes-cross Skipped.
pull-kubernetes-dependencies Job succeeded.
Details
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-csi-serial Skipped.
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gce-iscsi Skipped.
pull-kubernetes-e2e-gce-iscsi-serial Skipped.
pull-kubernetes-e2e-gce-storage-slow Skipped.
pull-kubernetes-godeps Skipped.
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped.
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-node-e2e-containerd Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
pull-publishing-bot-validate Skipped.
tide In merge pool.
Details
@RainbowMango RainbowMango referenced this pull request Aug 29, 2019
6 of 6 tasks complete
@RainbowMango RainbowMango deleted the RainbowMango:pr_add_authentication_metrics branch Sep 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.