add metric for when roles were denied

jtblin / kube2iam

kube2iam provides different AWS IAM roles for pods running on Kubernetes

BSD 3-Clause "New" or "Revised" License

1.98k stars 319 forks source link

Closed grosser closed 4 years ago

grosser commented 4 years ago

atm all we have is looking at logs, would be nice to have a metric we can alert on

this seems to be not covered:

{"level":"error","msg":"Error assuming role AccessDenied

whereas this is kube2iam_http_request_duration_seconds_count{code="500",handler="roleHandler",method="GET"} 3

{"level":"info","msg":"GET /latest/meta-data/iam/security-credentials/ * (500)

Screen Shot 2020-03-02 at 9 33 51 AM

grosser commented 4 years ago

ah nvm that's not possible since the actual requests don't go through kube2iam