From 986d60a094c87ebf82ad0e602b1e91015ddc710e Mon Sep 17 00:00:00 2001
From: Irbe Krumina <irbe@tailscale.com>
Date: Wed, 10 Jul 2024 14:00:42 +0100
Subject: [PATCH] cmd/k8s-operator: add metrics for attempted/uploaded session
 recordings (#12765)

Updates tailscale/corp#19821

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
---
 cmd/k8s-operator/proxy.go         | 12 +++++++++++-
 cmd/k8s-operator/spdy-hijacker.go |  1 +
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/cmd/k8s-operator/proxy.go b/cmd/k8s-operator/proxy.go
index 04ea11141..258a958fa 100644
--- a/cmd/k8s-operator/proxy.go
+++ b/cmd/k8s-operator/proxy.go
@@ -33,7 +33,16 @@ import (
 
 var whoIsKey = ctxkey.New("", (*apitype.WhoIsResponse)(nil))
 
-var counterNumRequestsProxied = clientmetric.NewCounter("k8s_auth_proxy_requests_proxied")
+var (
+	// counterNumRequestsproxies counts the number of API server requests proxied via this proxy.
+	counterNumRequestsProxied = clientmetric.NewCounter("k8s_auth_proxy_requests_proxied")
+
+	// counterSessionRecordingsAttempted counts the number of session recording attempts.
+	counterSessionRecordingsAttempted = clientmetric.NewCounter("k8s_auth_proxy__session_recordings_attempted")
+
+	// counterSessionRecordingsUploaded counts the number of successfully uploaded session recordings.
+	counterSessionRecordingsUploaded = clientmetric.NewCounter("k8s_auth_proxy_session_recordings_uploaded")
+)
 
 type apiServerProxyMode int
 
@@ -223,6 +232,7 @@ func (ap *apiserverProxy) serveExec(w http.ResponseWriter, r *http.Request) {
 		ap.rp.ServeHTTP(w, r.WithContext(whoIsKey.WithValue(r.Context(), who)))
 		return
 	}
+	counterSessionRecordingsAttempted.Add(1) // at this point we know that users intended for this session to be recorded
 	if !failOpen && len(addrs) == 0 {
 		msg := "forbidden: 'kubectl exec' session must be recorded, but no recorders are available."
 		ap.log.Error(msg)
diff --git a/cmd/k8s-operator/spdy-hijacker.go b/cmd/k8s-operator/spdy-hijacker.go
index 60a13bdd7..f74771e42 100644
--- a/cmd/k8s-operator/spdy-hijacker.go
+++ b/cmd/k8s-operator/spdy-hijacker.go
@@ -135,6 +135,7 @@ func (h *spdyHijacker) setUpRecording(ctx context.Context, conn net.Conn) (net.C
 		case err = <-errChan:
 		}
 		if err == nil {
+			counterSessionRecordingsUploaded.Add(1)
 			h.log.Info("finished uploading the recording")
 			return
 		}