Prom metrics for db secrets errors

Signed-off-by: Sergio Rua <sergio@rua.me.uk>
digitalis-io · Jul 7, 2023 · 770ba72 · 770ba72
1 parent 72d7ca3
commit 770ba72
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/controllers/dbsecret_controller.go b/controllers/dbsecret_controller.go
@@ -113,17 +113,20 @@ func (r *DbSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
 			err := r.revokeLease(&dbSecret, currentSecret)
 			if err != nil {
 				// log the error but continue
-				r.Log.Error(err, "Lease cannot be revoked")
+				r.Log.Error(err, "Lease cannot be revoked", "name", dbSecret.Name, "namespace", dbSecret.Namespace)
+				dmetrics.DbSecretRevokationError.WithLabelValues(dbSecret.Name, dbSecret.Namespace).SetToCurrentTime()
 			}
 			// our finalizer is present, so lets handle any external dependency
 			if err := r.deleteSecret(ctx, &dbSecret); err != nil {
-				r.Log.Error(err, "Error deleting from Vals-Secret", "name", dbSecret.Name, "namespace", dbSecret.Namespace)
+				r.Log.Error(err, "Error deleting from database secret", "name", dbSecret.Name, "namespace", dbSecret.Namespace)
+				dmetrics.DbSecretDeletionError.WithLabelValues(dbSecret.Name, dbSecret.Namespace).SetToCurrentTime()
 				return ctrl.Result{}, client.IgnoreNotFound(err)
 			}
 
 			// remove our finalizer from the list and update it.
 			dbSecret.SetFinalizers(utils.RemoveString(dbSecret.GetFinalizers(), valsDbSecretFinalizerName))
 			if err := r.Update(context.Background(), &dbSecret); err != nil {
+				dmetrics.DbSecretDeletionError.WithLabelValues(dbSecret.Name, dbSecret.Namespace).SetToCurrentTime()
 				return ctrl.Result{}, err
 			}
 			/* mark as deleted in prom */
@@ -236,10 +239,11 @@ func (r *DbSecretReconciler) revokeLease(sDef *digitalisiov1beta1.DbSecret, curr
 		return nil
 	}
 
-	r.Log.Info(fmt.Sprintf("Revoking lease for %s", currentSecret.Name))
+	r.Log.Info(fmt.Sprintf("Revoking lease for %s in namespace %s", currentSecret.Name, currentSecret.Namespace))
 
 	if currentSecret.ObjectMeta.Annotations[leaseIdLabel] == "" {
-		return fmt.Errorf("cannot revoke credentials without lease Id")
+		return fmt.Errorf("cannot revoke credentials without lease Id: secret %s in namespace %s",
+			currentSecret.Name, currentSecret.Namespace)
 	}
 	leaseId := fmt.Sprintf("%s/creds/%s/%s",
 		sDef.Spec.Vault.Mount,

diff --git a/main.go b/main.go
@@ -69,6 +69,8 @@ func init() {
 		dmetrics.VaultTokenError,
 		dmetrics.SecretRetrieveTime,
 		dmetrics.SecretCreationTime,
+		dmetrics.DbSecretRevokationError,
+		dmetrics.DbSecretDeletionError,
 	)
 	//+kubebuilder:scaffold:scheme
 }

diff --git a/metrics/metrics.go b/metrics/metrics.go
@@ -76,4 +76,14 @@ var (
 			Name: "vals_operator_secret_creation_time",
 			Help: "Time in ms it took to create the secret",
 		}, []string{"secret", "namespace"})
+	DbSecretRevokationError = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name: "vals_operator_dbsecret_revokation_error",
+			Help: "Timestamp of when the lease could not be revoked",
+		}, []string{"secret", "namespace"})
+	DbSecretDeletionError = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name: "vals_operator_dbsecret_deletion_error",
+			Help: "Timestamp of when the secret could not be deleted",
+		}, []string{"secret", "namespace"})
 )