From 452d08d5e8e40c0710a2042dd1d67b8eaa5fe43d Mon Sep 17 00:00:00 2001 From: Ronald Ekambi Date: Tue, 20 Jun 2023 12:33:24 -0400 Subject: [PATCH 1/4] [NET-3095] add jwt-authn metrics docs --- .../connect/config-entries/jwt-provider.mdx | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx index b31427af4fff..ba7d4a28bf92 100644 --- a/website/content/docs/connect/config-entries/jwt-provider.mdx +++ b/website/content/docs/connect/config-entries/jwt-provider.mdx @@ -952,6 +952,22 @@ Defines behavior for caching the validation result of previously encountered JWT +## Metrics + +The following `envoy` metrics can be used to track jwt authentication details. + +~> **Note:** Envoy does not currently provide any documentation on these metrics. + +```yaml +http.ingress_http.jwt_authn.allowed +http.ingress_http.jwt_authn.cors_preflight_bypassed +http.ingress_http.jwt_authn.denied +http.ingress_http.jwt_authn.jwks_fetch_failed +http.ingress_http.jwt_authn.jwks_fetch_success +http.ingress_http.jwt_authn.jwt_cache_hit +http.ingress_http.jwt_authn.jwt_cache_miss +``` + ## Examples The following examples demonstrate common JWT provider configuration patterns for specific use cases. @@ -1023,4 +1039,4 @@ spec: ``` - \ No newline at end of file + From 1f1f222c97f981a23de44be2afdef37c25f4a91a Mon Sep 17 00:00:00 2001 From: Ronald Ekambi Date: Tue, 20 Jun 2023 14:29:39 -0400 Subject: [PATCH 2/4] fix public_listener url --- .../docs/connect/config-entries/jwt-provider.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx index ba7d4a28bf92..f003106a3304 100644 --- a/website/content/docs/connect/config-entries/jwt-provider.mdx +++ b/website/content/docs/connect/config-entries/jwt-provider.mdx @@ -959,13 +959,13 @@ The following `envoy` metrics can be used to track jwt authentication details. ~> **Note:** Envoy does not currently provide any documentation on these metrics. ```yaml -http.ingress_http.jwt_authn.allowed -http.ingress_http.jwt_authn.cors_preflight_bypassed -http.ingress_http.jwt_authn.denied -http.ingress_http.jwt_authn.jwks_fetch_failed -http.ingress_http.jwt_authn.jwks_fetch_success -http.ingress_http.jwt_authn.jwt_cache_hit -http.ingress_http.jwt_authn.jwt_cache_miss +http.public_listener.jwt_authn.allowed +http.public_listener.jwt_authn.cors_preflight_bypassed +http.public_listener.jwt_authn.denied +http.public_listener.jwt_authn.jwks_fetch_failed +http.public_listener.jwt_authn.jwks_fetch_success +http.public_listener.jwt_authn.jwt_cache_hit +http.public_listener.jwt_authn.jwt_cache_miss ``` ## Examples From 28e7e77d675c43b0c0e6ed4f19126456505c29ca Mon Sep 17 00:00:00 2001 From: Ronald Date: Tue, 20 Jun 2023 14:46:46 -0400 Subject: [PATCH 3/4] Update website/content/docs/connect/config-entries/jwt-provider.mdx Co-authored-by: Paul Glass --- website/content/docs/connect/config-entries/jwt-provider.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx index f003106a3304..ae8a962a3c4d 100644 --- a/website/content/docs/connect/config-entries/jwt-provider.mdx +++ b/website/content/docs/connect/config-entries/jwt-provider.mdx @@ -954,7 +954,7 @@ Defines behavior for caching the validation result of previously encountered JWT ## Metrics -The following `envoy` metrics can be used to track jwt authentication details. +The following `envoy` metrics can be used to track JWT authentication details. ~> **Note:** Envoy does not currently provide any documentation on these metrics. From 4c377108b84ba13897912290b7673bd56af0df73 Mon Sep 17 00:00:00 2001 From: Ronald Ekambi Date: Tue, 20 Jun 2023 15:20:52 -0400 Subject: [PATCH 4/4] fix wording with PR feedback --- .../content/docs/connect/config-entries/jwt-provider.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/content/docs/connect/config-entries/jwt-provider.mdx b/website/content/docs/connect/config-entries/jwt-provider.mdx index ae8a962a3c4d..8867a3e4f972 100644 --- a/website/content/docs/connect/config-entries/jwt-provider.mdx +++ b/website/content/docs/connect/config-entries/jwt-provider.mdx @@ -954,9 +954,7 @@ Defines behavior for caching the validation result of previously encountered JWT ## Metrics -The following `envoy` metrics can be used to track JWT authentication details. - -~> **Note:** Envoy does not currently provide any documentation on these metrics. +Envoy proxies expose metrics that can track JWT authentication details. Use the following Envoy metrics: ```yaml http.public_listener.jwt_authn.allowed @@ -968,6 +966,8 @@ http.public_listener.jwt_authn.jwt_cache_hit http.public_listener.jwt_authn.jwt_cache_miss ``` +~> **Note:** Currently, Envoy does not reference these metrics in their documentation. Refer to [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/) for more information about exposed metrics. + ## Examples The following examples demonstrate common JWT provider configuration patterns for specific use cases.