package sessionrecording

tailscale.com – tailscale.com/k8s-operator/sessionrecording Index | Files | Directories

package sessionrecording

import "tailscale.com/k8s-operator/sessionrecording"

Package sessionrecording contains functionality for recording Kubernetes API server proxy 'kubectl exec' sessions.

func New(opts HijackerOpts) *Hijacker
func (h *Hijacker) Hijack() (net.Conn, *bufio.ReadWriter, error)

type HijackerOpts
type Protocol
type RecorderDialFn

Variables ¶

var (
	// CounterSessionRecordingsAttempted counts the number of session recording attempts.
	CounterSessionRecordingsAttempted = clientmetric.NewCounter("k8s_auth_proxy_session_recordings_attempted")
)

Types ¶

type Hijacker ¶

type Hijacker struct {
	http.ResponseWriter
	// contains filtered or unexported fields
}

Hijacker implements net/http.Hijacker interface. It must be configured with an http request for a 'kubectl exec' session that needs to be recorded. It knows how to hijack the connection and configure for the session contents to be sent to a tsrecorder instance.

func New ¶

func New(opts HijackerOpts) *Hijacker

func (*Hijacker) Hijack ¶

func (h *Hijacker) Hijack() (net.Conn, *bufio.ReadWriter, error)

Hijack hijacks a 'kubectl exec' session and configures for the session contents to be sent to a recorder.

type HijackerOpts ¶

type HijackerOpts struct {
	TS        *tsnet.Server
	Req       *http.Request
	W         http.ResponseWriter
	Who       *apitype.WhoIsResponse
	Addrs     []netip.AddrPort
	Log       *zap.SugaredLogger
	Pod       string
	Namespace string
	FailOpen  bool
	Proto     Protocol
}

type Protocol ¶

type Protocol string

Protocol is the streaming protocol of the hijacked session. Supported protocols are SPDY and WebSocket.

const (
	SPDYProtocol Protocol = "SPDY"
	WSProtocol   Protocol = "WebSocket"
)

type RecorderDialFn ¶

type RecorderDialFn func(context.Context, []netip.AddrPort, netx.DialFunc) (io.WriteCloser, []*tailcfg.SSHRecordingAttempt, <-chan error, error)

RecorderDialFn dials the specified netip.AddrPorts that should be tsrecorder addresses. It tries to connect to recorder endpoints one by one, till one connection succeeds. In case of success, returns a list with a single successful recording attempt and an error channel. If the connection errors after having been established, an error is sent down the channel.

Source Files ¶

hijacker.go

Directories ¶

Path	Synopsis
k8s-operator/sessionrecording/fakes	Package fakes contains mocks used for testing 'kubectl exec' session recording functionality.
k8s-operator/sessionrecording/spdy	Package spdy contains functionality for parsing SPDY streaming sessions.
k8s-operator/sessionrecording/tsrecorder	Package tsrecorder contains functionality for connecting to a tsrecorder instance.
k8s-operator/sessionrecording/ws	package ws has functionality to parse 'kubectl exec' sessions streamed using WebSocket protocol.

Version: v1.84.1 (latest)
Published: May 29, 2025
Platform: linux/amd64
Imports: 23 packages
Last checked: 15 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples