sessionrecording

package

v1.86.4 Latest Latest Go to latest Published: Aug 7, 2025 License: BSD-3-Clause Imports: 23 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tailscale/tailscale

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sessionrecording contains functionality for recording Kubernetes API server proxy 'kubectl exec/attach' sessions.

Index ¶

Constants
Variables
type Hijacker
- func NewHijacker(opts HijackerOpts) *Hijacker
- func (h *Hijacker) Hijack() (net.Conn, *bufio.ReadWriter, error)
type HijackerOpts
type Protocol
type RecorderDialFn
type SessionType

Constants ¶

View Source

const (
	SPDYProtocol      Protocol    = "SPDY"
	WSProtocol        Protocol    = "WebSocket"
	ExecSessionType   SessionType = "exec"
	AttachSessionType SessionType = "attach"
)

Variables ¶

View Source

var (
	// CounterSessionRecordingsAttempted counts the number of session recording attempts.
	CounterSessionRecordingsAttempted = clientmetric.NewCounter("k8s_auth_proxy_session_recordings_attempted")
)

Functions ¶

This section is empty.

Types ¶

type Hijacker ¶

type Hijacker struct {
	http.ResponseWriter
	// contains filtered or unexported fields
}

Hijacker implements net/http.Hijacker interface. It must be configured with an http request for a 'kubectl exec/attach' session that needs to be recorded. It knows how to hijack the connection and configure for the session contents to be sent to a tsrecorder instance.

func NewHijacker ¶ added in v1.86.0

func NewHijacker(opts HijackerOpts) *Hijacker

func (*Hijacker) Hijack ¶

func (h *Hijacker) Hijack() (net.Conn, *bufio.ReadWriter, error)

Hijack hijacks a 'kubectl exec/attach' session and configures for the session contents to be sent to a recorder.

type HijackerOpts ¶

type HijackerOpts struct {
	TS          *tsnet.Server
	Req         *http.Request
	W           http.ResponseWriter
	Who         *apitype.WhoIsResponse
	Addrs       []netip.AddrPort
	Log         *zap.SugaredLogger
	Pod         string
	Namespace   string
	FailOpen    bool
	Proto       Protocol
	SessionType SessionType
}

type Protocol ¶

type Protocol string

Protocol is the streaming protocol of the hijacked session. Supported protocols are SPDY and WebSocket.

type RecorderDialFn ¶

type RecorderDialFn func(context.Context, []netip.AddrPort, netx.DialFunc) (io.WriteCloser, []*tailcfg.SSHRecordingAttempt, <-chan error, error)

RecorderDialFn dials the specified netip.AddrPorts that should be tsrecorder addresses. It tries to connect to recorder endpoints one by one, till one connection succeeds. In case of success, returns a list with a single successful recording attempt and an error channel. If the connection errors after having been established, an error is sent down the channel.

type SessionType ¶ added in v1.86.0

type SessionType string

SessionType is the type of session initiated with `kubectl` (`exec` or `attach`)

Source Files ¶

View all Source files

hijacker.go

Directories ¶

Path	Synopsis
fakes Package fakes contains mocks used for testing 'kubectl exec' session recording functionality.	Package fakes contains mocks used for testing 'kubectl exec' session recording functionality.
spdy Package spdy contains functionality for parsing SPDY streaming sessions.	Package spdy contains functionality for parsing SPDY streaming sessions.
tsrecorder Package tsrecorder contains functionality for connecting to a tsrecorder instance.	Package tsrecorder contains functionality for connecting to a tsrecorder instance.
ws package ws has functionality to parse 'kubectl exec/attach' sessions streamed using WebSocket protocol.	package ws has functionality to parse 'kubectl exec/attach' sessions streamed using WebSocket protocol.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL