From 85b3c849f192f066293043b0621b1b54d50f9516 Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Wed, 11 Dec 2024 10:30:38 -0800 Subject: [PATCH 1/3] docs/vault-k8s: updates for v1.6.0 release --- .../platform/k8s/injector/annotations.mdx | 2 +- .../docs/platform/k8s/injector/index.mdx | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/website/content/docs/platform/k8s/injector/annotations.mdx b/website/content/docs/platform/k8s/injector/annotations.mdx index 219b01b4177c..3937f4b1d889 100644 --- a/website/content/docs/platform/k8s/injector/annotations.mdx +++ b/website/content/docs/platform/k8s/injector/annotations.mdx @@ -28,7 +28,7 @@ them, optional commands to run, etc. - `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This value overrides the default image configured in the injector and is usually - not needed. Defaults to `hashicorp/vault:1.18.1`. + not needed. Defaults to `hashicorp/vault:1.18.2`. - `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent init container first if `true` (last if `false`). This is useful when other init diff --git a/website/content/docs/platform/k8s/injector/index.mdx b/website/content/docs/platform/k8s/injector/index.mdx index eafb61addf50..96a3126ba060 100644 --- a/website/content/docs/platform/k8s/injector/index.mdx +++ b/website/content/docs/platform/k8s/injector/index.mdx @@ -190,6 +190,27 @@ The configuration map must contain either one or both of the following files: An example of mounting a Vault Agent configmap [can be found here](/vault/docs/platform/k8s/injector/examples#configmap-example). +### Injector telemetry + +Vault Agent Injector collects the following Prometheus metrics (along with the +default set of golang metrics): + +- `vault_agent_injector_request_queue_length` - A gauge of webhook requests in + the injector's queue. + +- `vault_agent_injector_request_processing_duration_ms` - A histogram of webhook + request processing times in milliseconds. + +- `vault_agent_injector_injections_by_namespace_total` - The total count of + Agent container injections by Kubernetes `namespace` and `injection_type`, + where `injection_type` is `init_only`, `sidecar_only`, or `init_and_sidecar`. + +- `vault_agent_injector_failed_injections_by_namespace_total` - The total count + of failed Agent Sidecar injections by Kubernetes `namespace`. + +Enable metrics collection in the injector by setting [`injector.metrics.enabled: +true`](/vault/docs/platform/k8s/helm/configuration#metrics) in the Helm chart. + ## Tutorial Refer to the [Injecting Secrets into Kubernetes Pods via Vault Helm From 040368b59a6d66e2ddee584a4393d191c674168e Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Tue, 7 Jan 2025 22:29:31 -0800 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../docs/platform/k8s/injector/index.mdx | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/website/content/docs/platform/k8s/injector/index.mdx b/website/content/docs/platform/k8s/injector/index.mdx index ea5088126907..f0b095aa466a 100644 --- a/website/content/docs/platform/k8s/injector/index.mdx +++ b/website/content/docs/platform/k8s/injector/index.mdx @@ -191,24 +191,30 @@ An example of mounting a Vault Agent configmap [can be found here](/vault/docs/p ### Injector telemetry -Vault Agent Injector collects the following Prometheus metrics (along with the -default set of golang metrics): + -- `vault_agent_injector_request_queue_length` - A gauge of webhook requests in - the injector's queue. +Set [`injector.metrics.enabled`](/vault/docs/platform/k8s/helm/configuration#metrics) +to `true` in the Helm chart to start collecting injector metrics. + + +Vault Agent injector collects the following Prometheus metrics in addition to +the default set of `golang` metrics: + +- `vault_agent_injector_request_queue_length` - The number of pending webhook requests for the injector. - `vault_agent_injector_request_processing_duration_ms` - A histogram of webhook request processing times in milliseconds. - `vault_agent_injector_injections_by_namespace_total` - The total count of - Agent container injections by Kubernetes `namespace` and `injection_type`, - where `injection_type` is `init_only`, `sidecar_only`, or `init_and_sidecar`. + Agent container injections, grouped by Kubernetes `namespace` and `injection_type`. + Vault Agent counts the following injection types: + - `init_only` + - `sidecar_only` + - `init_and_sidecar`. - `vault_agent_injector_failed_injections_by_namespace_total` - The total count - of failed Agent Sidecar injections by Kubernetes `namespace`. + of failed Agent Sidecar injections, grouped by Kubernetes `namespace`. -Enable metrics collection in the injector by setting [`injector.metrics.enabled: -true`](/vault/docs/platform/k8s/helm/configuration#metrics) in the Helm chart. ## Tutorial From 999554342c5128c56ebb02f5e2dbdf01bcd8b4a0 Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Tue, 7 Jan 2025 22:42:41 -0800 Subject: [PATCH 3/3] updating whitespace and an extra "injector" --- website/content/docs/platform/k8s/injector/index.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/content/docs/platform/k8s/injector/index.mdx b/website/content/docs/platform/k8s/injector/index.mdx index f0b095aa466a..69914c82f739 100644 --- a/website/content/docs/platform/k8s/injector/index.mdx +++ b/website/content/docs/platform/k8s/injector/index.mdx @@ -197,6 +197,7 @@ Set [`injector.metrics.enabled`](/vault/docs/platform/k8s/helm/configuration#met to `true` in the Helm chart to start collecting injector metrics. + Vault Agent injector collects the following Prometheus metrics in addition to the default set of `golang` metrics: @@ -207,14 +208,13 @@ the default set of `golang` metrics: - `vault_agent_injector_injections_by_namespace_total` - The total count of Agent container injections, grouped by Kubernetes `namespace` and `injection_type`. - Vault Agent counts the following injection types: + Vault Agent injector counts the following injection types: - `init_only` - `sidecar_only` - - `init_and_sidecar`. + - `init_and_sidecar` - `vault_agent_injector_failed_injections_by_namespace_total` - The total count - of failed Agent Sidecar injections, grouped by Kubernetes `namespace`. - + of failed Agent sidecar injections, grouped by Kubernetes `namespace`. ## Tutorial