sessionrecording

package

v1.80.0 Latest Latest Go to latest Published: Jan 30, 2025 License: BSD-3-Clause Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tailscale/tailscale

Documentation ¶

Overview ¶

Package sessionrecording contains functionality for recording Kubernetes API server proxy 'kubectl exec' sessions.

Index ¶

Variables
type Hijacker
- func New(opts HijackerOpts) *Hijacker
- func (h *Hijacker) Hijack() (net.Conn, *bufio.ReadWriter, error)
type HijackerOpts
type Protocol
type RecorderDialFn

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// CounterSessionRecordingsAttempted counts the number of session recording attempts.
	CounterSessionRecordingsAttempted = clientmetric.NewCounter("k8s_auth_proxy_session_recordings_attempted")
)

Functions ¶

This section is empty.

Types ¶

type Hijacker ¶

type Hijacker struct {
	http.ResponseWriter
	// contains filtered or unexported fields
}

Hijacker implements net/http.Hijacker interface. It must be configured with an http request for a 'kubectl exec' session that needs to be recorded. It knows how to hijack the connection and configure for the session contents to be sent to a tsrecorder instance.

func New ¶

func New(opts HijackerOpts) *Hijacker

func (*Hijacker) Hijack ¶

func (h *Hijacker) Hijack() (net.Conn, *bufio.ReadWriter, error)

Hijack hijacks a 'kubectl exec' session and configures for the session contents to be sent to a recorder.

type HijackerOpts ¶

type HijackerOpts struct {
	TS        *tsnet.Server
	Req       *http.Request
	W         http.ResponseWriter
	Who       *apitype.WhoIsResponse
	Addrs     []netip.AddrPort
	Log       *zap.SugaredLogger
	Pod       string
	Namespace string
	FailOpen  bool
	Proto     Protocol
}

type Protocol ¶

type Protocol string

Protocol is the streaming protocol of the hijacked session. Supported protocols are SPDY and WebSocket.

const (
	SPDYProtocol Protocol = "SPDY"
	WSProtocol   Protocol = "WebSocket"
)

type RecorderDialFn ¶

type RecorderDialFn func(context.Context, []netip.AddrPort, sessionrecording.DialFunc) (io.WriteCloser, []*tailcfg.SSHRecordingAttempt, <-chan error, error)

RecorderDialFn dials the specified netip.AddrPorts that should be tsrecorder addresses. It tries to connect to recorder endpoints one by one, till one connection succeeds. In case of success, returns a list with a single successful recording attempt and an error channel. If the connection errors after having been established, an error is sent down the channel.

Source Files ¶

View all Source files

hijacker.go

Directories ¶

Path	Synopsis
fakes Package fakes contains mocks used for testing 'kubectl exec' session recording functionality.	Package fakes contains mocks used for testing 'kubectl exec' session recording functionality.
spdy Package spdy contains functionality for parsing SPDY streaming sessions.	Package spdy contains functionality for parsing SPDY streaming sessions.
tsrecorder Package tsrecorder contains functionality for connecting to a tsrecorder instance.	Package tsrecorder contains functionality for connecting to a tsrecorder instance.
ws package ws has functionality to parse 'kubectl exec' sessions streamed using WebSocket protocol.	package ws has functionality to parse 'kubectl exec' sessions streamed using WebSocket protocol.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL