From d97609f217980bd5f5416b2ccc5d203b2625e395 Mon Sep 17 00:00:00 2001 From: Theron Voran Date: Fri, 10 Jan 2025 04:54:21 +0000 Subject: [PATCH] backport of commit dac2ffca81468424a3ea7f27fc50ae5eb758db43 --- .../platform/k8s/injector/annotations.mdx | 2 +- .../docs/platform/k8s/injector/index.mdx | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/website/content/docs/platform/k8s/injector/annotations.mdx b/website/content/docs/platform/k8s/injector/annotations.mdx index 1f52b4044bb4..da38b72f4629 100644 --- a/website/content/docs/platform/k8s/injector/annotations.mdx +++ b/website/content/docs/platform/k8s/injector/annotations.mdx @@ -28,7 +28,7 @@ them, optional commands to run, etc. - `vault.hashicorp.com/agent-image` - name of the Vault docker image to use. This value overrides the default image configured in the injector and is usually - not needed. Defaults to `hashicorp/vault:1.18.1`. + not needed. Defaults to `hashicorp/vault:1.18.2`. - `vault.hashicorp.com/agent-init-first` - configures the pod to run the Vault Agent init container first if `true` (last if `false`). This is useful when other init diff --git a/website/content/docs/platform/k8s/injector/index.mdx b/website/content/docs/platform/k8s/injector/index.mdx index b7426fa6538a..69914c82f739 100644 --- a/website/content/docs/platform/k8s/injector/index.mdx +++ b/website/content/docs/platform/k8s/injector/index.mdx @@ -189,6 +189,33 @@ The configuration map must contain either one or both of the following files: An example of mounting a Vault Agent configmap [can be found here](/vault/docs/platform/k8s/injector/examples#configmap-example). +### Injector telemetry + + + +Set [`injector.metrics.enabled`](/vault/docs/platform/k8s/helm/configuration#metrics) +to `true` in the Helm chart to start collecting injector metrics. + + + +Vault Agent injector collects the following Prometheus metrics in addition to +the default set of `golang` metrics: + +- `vault_agent_injector_request_queue_length` - The number of pending webhook requests for the injector. + +- `vault_agent_injector_request_processing_duration_ms` - A histogram of webhook + request processing times in milliseconds. + +- `vault_agent_injector_injections_by_namespace_total` - The total count of + Agent container injections, grouped by Kubernetes `namespace` and `injection_type`. + Vault Agent injector counts the following injection types: + - `init_only` + - `sidecar_only` + - `init_and_sidecar` + +- `vault_agent_injector_failed_injections_by_namespace_total` - The total count + of failed Agent sidecar injections, grouped by Kubernetes `namespace`. + ## Tutorial Refer to the [Injecting Secrets into Kubernetes Pods via Vault Helm