From 2d7664d9e57ba6c300d6f5ae9066179c512b1899 Mon Sep 17 00:00:00 2001 From: modulitos Date: Wed, 27 Nov 2024 15:27:32 -0800 Subject: [PATCH] fix missingSACounter metric --- pkg/handler/handler.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/handler/handler.go b/pkg/handler/handler.go index a5df98090..597465847 100644 --- a/pkg/handler/handler.go +++ b/pkg/handler/handler.go @@ -435,6 +435,9 @@ func (m *Modifier) buildPodPatchConfig(pod *corev1.Pod) *podPatchConfig { // Use the STS WebIdentity method if set request := cache.Request{Namespace: pod.Namespace, Name: pod.Spec.ServiceAccountName, RequestNotification: true} response := m.Cache.Get(request) + if !response.FoundInCache && m.saLookupGraceTime == 0 { + missingSACounter.WithLabelValues().Inc() + } if !response.FoundInCache && m.saLookupGraceTime > 0 { klog.Warningf("Service account %s not found in the cache. Waiting up to %s to be notified", request.CacheKey(), m.saLookupGraceTime) select { @@ -443,10 +446,12 @@ func (m *Modifier) buildPodPatchConfig(pod *corev1.Pod) *podPatchConfig { response = m.Cache.Get(request) if !response.FoundInCache { klog.Warningf("Service account %s not found in the cache after being notified. Not mutating.", request.CacheKey()) + missingSACounter.WithLabelValues().Inc() return nil } case <-time.After(m.saLookupGraceTime): klog.Warningf("Service account %s not found in the cache after %s. Not mutating.", request.CacheKey(), m.saLookupGraceTime) + missingSACounter.WithLabelValues().Inc() return nil } } @@ -503,7 +508,6 @@ func (m *Modifier) MutatePod(ar *v1beta1.AdmissionReview) *v1beta1.AdmissionResp patchConfig := m.buildPodPatchConfig(&pod) if patchConfig == nil { - missingSACounter.WithLabelValues().Inc() klog.V(4).Infof("Pod was not mutated. Reason: "+ "Service account did not have the right annotations or was not found in the cache. %s", logContext(pod.Name, pod.GenerateName, pod.Spec.ServiceAccountName, pod.Namespace)) return &v1beta1.AdmissionResponse{