fluent-plugin-kubernetes_metadata_filter-rh 2.6.1

data/README.md

@@ -0,0 +1,253 @@
+# fluent-plugin-kubernetes_metadata_filter, a plugin for [Fluentd](http://fluentd.org)
+[![Circle CI](https://circleci.com/gh/fabric8io/fluent-plugin-kubernetes_metadata_filter.svg?style=svg)](https://circleci.com/gh/fabric8io/fluent-plugin-kubernetes_metadata_filter)
+[![Code Climate](https://codeclimate.com/github/fabric8io/fluent-plugin-kubernetes_metadata_filter/badges/gpa.svg)](https://codeclimate.com/github/fabric8io/fluent-plugin-kubernetes_metadata_filter)
+[![Test Coverage](https://codeclimate.com/github/fabric8io/fluent-plugin-kubernetes_metadata_filter/badges/coverage.svg)](https://codeclimate.com/github/fabric8io/fluent-plugin-kubernetes_metadata_filter)
+[![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop-hq/rubocop)
+[![Ruby Style Guide](https://img.shields.io/badge/code_style-community-brightgreen.svg)](https://rubystyle.guide)
+
+The Kubernetes metadata plugin filter enriches container log records with pod and namespace metadata.
+
+This plugin derives basic metadata about the container that emitted a given log record using the source of the log record. Records from journald provide metadata about the
+container environment as named fields. Records from JSON files encode metadata about the container in the file name.  The initial metadata derived from the source is used
+to lookup additional metadata about the container's associated pod and namespace (e.g. UUIDs, labels, annotations) when the kubernetes_url is configured.  If the plugin cannot
+authoritatively determine the namespace of the container emitting a log record, it will use an 'orphan' namespace ID in the metadata. This behaviors supports multi-tenant systems
+that rely on the authenticity of the namespace for proper log isolation.
+
+## Requirements
+
+| fluent-plugin-kubernetes_metadata_filter  | fluentd | ruby |
+|-------------------|---------|------|
+| >= 2.5.0 | >= v1.10.0 | >= 2.5 |
+| >= 2.0.0 | >= v0.14.20 | >= 2.1 |
+|  < 2.0.0 | >= v0.12.0 | >= 1.9 |
+
+NOTE: For v0.12 version, you should use 1.x.y version. Please send patch into v0.12 branch if you encountered 1.x version's bug.
+
+NOTE: This documentation is for fluent-plugin-kubernetes_metadata_filter-plugin-elasticsearch 2.x or later. For 1.x documentation, please see [v0.12 branch](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/tree/v0.12).
+
+## Installation
+
+    gem install fluent-plugin-kubernetes_metadata_filter
+
+## Configuration
+
+Configuration options for fluent.conf are:
+
+* `kubernetes_url` - URL to the API server. Set this to retrieve further kubernetes metadata for logs from kubernetes API server. If not specified, environment variables `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` will be used if both are present which is typically true when running fluentd in a pod.
+* `apiVersion` - API version to use (default: `v1`)
+* `ca_file` - path to CA file for Kubernetes server certificate validation
+* `verify_ssl` - validate SSL certificates (default: `true`)
+* `client_cert` - path to a client cert file to authenticate to the API server
+* `client_key` - path to a client key file to authenticate to the API server
+* `bearer_token_file` - path to a file containing the bearer token to use for authentication
+* `tag_to_kubernetes_name_regexp` - the regular expression used to extract kubernetes metadata (pod name, container name, namespace) from the current fluentd tag.
+This must used named capture groups for `container_name`, `pod_name` & `namespace` default: See [code](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/blob/master/lib/fluent/plugin/filter_kubernetes_metadata.rb#L52)
+* `cache_size` - size of the cache of Kubernetes metadata to reduce requests to the API server (default: `1000`)
+* `cache_ttl` - TTL in seconds of each cached element. Set to negative value to disable TTL eviction (default: `3600` - 1 hour)
+* `watch` - set up a watch on pods on the API server for updates to metadata (default: `true`)
+* `de_dot` - replace dots in labels and annotations with configured `de_dot_separator`, required for ElasticSearch 2.x compatibility (default: `true`)
+* `de_dot_separator` - separator to use if `de_dot` is enabled (default: `_`)
+* *DEPRECATED* `use_journal` - If false, messages are expected to be formatted and tagged as if read by the fluentd in\_tail plugin with wildcard filename.  If true, messages are expected to be formatted as if read from the systemd journal.  The `MESSAGE` field has the full message.  The `CONTAINER_NAME` field has the encoded k8s metadata (see below).  The `CONTAINER_ID_FULL` field has the full container uuid.  This requires docker to use the `--log-driver=journald` log driver.  If unset (the default), the plugin will use the `CONTAINER_NAME` and `CONTAINER_ID_FULL` fields
+if available, otherwise, will use the tag in the `tag_to_kubernetes_name_regexp` format.
+* `container_name_to_kubernetes_regexp` - The regular expression used to extract the k8s metadata encoded in the journal `CONTAINER_NAME` field default: See [code](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/blob/master/lib/fluent/plugin/filter_kubernetes_metadata.rb#L68)
+  * This corresponds to the definition [in the source](https://github.com/kubernetes/kubernetes/blob/release-1.6/pkg/kubelet/dockertools/docker.go#L317)
+* `annotation_match` - Array of regular expressions matching annotation field names. Matched annotations are added to a log record.
+* `allow_orphans` - Modify the namespace and namespace id to the values of `orphaned_namespace_name` and `orphaned_namespace_id`
+when true (default: `true`)
+* `orphaned_namespace_name` - The namespace to associate with records where the namespace can not be determined (default: `.orphaned`)
+* `orphaned_namespace_id` - The namespace id to associate with records where the namespace can not be determined (default: `orphaned`)
+* `lookup_from_k8s_field` - If the field `kubernetes` is present, lookup the metadata from the given subfields such as `kubernetes.namespace_name`, `kubernetes.pod_name`, etc.  This allows you to avoid having to pass in metadata to lookup in an explicitly formatted tag name or in an explicitly formatted `CONTAINER_NAME` value.  For example, set `kubernetes.namespace_name`, `kubernetes.pod_name`, `kubernetes.container_name`, and `docker.id` in the record, and the filter will fill in the rest. (default: `true`)
+* `ssl_partial_chain` - if `ca_file` is for an intermediate CA, or otherwise we do not have the root CA and want
+  to trust the intermediate CA certs we do have, set this to `true` - this corresponds to
+  the `openssl s_client -partial_chain` flag and `X509_V_FLAG_PARTIAL_CHAIN` (default: `false`)
+* `skip_labels` - Skip all label fields from the metadata.
+* `skip_container_metadata` - Skip some of the container data of the metadata. The metadata will not contain the container_image and container_image_id fields.
+* `skip_master_url` - Skip the master_url field from the metadata.
+* `skip_namespace_metadata` - Skip the namespace_id field from the metadata. The fetch_namespace_metadata function will be skipped. The plugin will be faster and cpu consumption will be less.
+* `watch_retry_interval` - The time interval in seconds for retry backoffs when watch connections fail. (default: `10`)
+
+**NOTE:** As of the release 2.1.x of this plugin, it no longer supports parsing the source message into JSON and attaching it to the
+payload.  The following configuration options are removed:
+
+* `merge_json_log`
+* `preserve_json_log`
+
+One way of preserving JSON logs can be through the [parser plugin](https://docs.fluentd.org/filter/parser)
+
+**NOTE** As of this release, the use of `use_journal` is **DEPRECATED**.  If this setting is not present, the plugin will
+attempt to figure out the source of the metadata fields from the following:
+- If `lookup_from_k8s_field true` (the default) and the following fields are present in the record:
+`docker.container_id`, `kubernetes.namespace_name`, `kubernetes.pod_name`, `kubernetes.container_name`,
+then the plugin will use those values as the source to use to lookup the metadata
+- If `use_journal true`, or `use_journal` is unset, and the fields `CONTAINER_NAME` and `CONTAINER_ID_FULL` are present in the record,
+then the plugin will parse those values using `container_name_to_kubernetes_regexp` and use those as the source to lookup the metadata
+- Otherwise, if the tag matches `tag_to_kubernetes_name_regexp`, the plugin will parse the tag and use those values to
+lookup the metdata
+
+Reading from the JSON formatted log files with `in_tail` and wildcard filenames while respecting the CRI-o log format with the same config you need the fluent-plugin "multi-format-parser":
+
+```
+fluent-gem install fluent-plugin-multi-format-parser
+```
+
+The config block could look like this:
+```
+<source>
+  @type tail
+  path /var/log/containers/*.log
+  pos_file fluentd-docker.pos
+  read_from_head true
+  tag kubernetes.*
+  <parse>
+    @type multi_format
+    <pattern>
+      format json
+      time_key time
+      time_type string
+      time_format "%Y-%m-%dT%H:%M:%S.%NZ"
+      keep_time_key false
+    </pattern>
+    <pattern>
+      format regexp
+      expression /^(?<time>.+) (?<stream>stdout|stderr)( (?<logtag>.))? (?<log>.*)$/
+      time_format '%Y-%m-%dT%H:%M:%S.%N%:z'
+      keep_time_key false
+    </pattern>
+  </parse>
+</source>
+
+<filter kubernetes.var.log.containers.**.log>
+  @type kubernetes_metadata
+</filter>
+
+<match **>
+  @type stdout
+</match>
+```
+
+Reading from the systemd journal (requires the fluentd `fluent-plugin-systemd` and `systemd-journal` plugins, and requires docker to use the `--log-driver=journald` log driver):
+```
+<source>
+  @type systemd
+  path /run/log/journal
+  pos_file journal.pos
+  tag journal
+  read_from_head true
+</source>
+
+# probably want to use something like fluent-plugin-rewrite-tag-filter to
+# retag entries from k8s
+<match journal>
+  @type rewrite_tag_filter
+  rewriterule1 CONTAINER_NAME ^k8s_ kubernetes.journal.container
+  ...
+</match>
+
+<filter kubernetes.**>
+  @type kubernetes_metadata
+  use_journal true
+</filter>
+
+<match **>
+  @type stdout
+</match>
+```
+## Log content as JSON
+In former versions this plugin parsed the value of the key log as JSON. In the current version this feature was removed, to avoid duplicate features in the fluentd plugin ecosystem. It can parsed with the parser plugin like this:
+```
+<filter kubernetes.**>
+  @type parser
+  key_name log
+  <parse>
+    @type json
+    json_parser json
+  </parse>
+  replace_invalid_sequence true
+  reserve_data true # this preserves unparsable log lines
+  emit_invalid_record_to_error false # In case of unparsable log lines keep the error log clean
+  reserve_time # the time was already parsed in the source, we don't want to overwrite it with current time.
+</filter>
+```
+
+## Environment variables for Kubernetes
+
+If the name of the Kubernetes node the plugin is running on is set as
+an environment variable with the name `K8S_NODE_NAME`, it will reduce cache
+misses and needless calls to the Kubernetes API.
+
+In the Kubernetes container definition, this is easily accomplished by:
+
+```yaml
+env:
+- name: K8S_NODE_NAME
+  valueFrom:
+    fieldRef:
+      fieldPath: spec.nodeName
+```
+
+## Example input/output
+
+Kubernetes creates symlinks to Docker log files in `/var/log/containers/*.log`. Docker logs in JSON format.
+
+Assuming following inputs are coming from a log file named `/var/log/containers/fabric8-console-controller-98rqc_default_fabric8-console-container-df14e0d5ae4c07284fa636d739c8fc2e6b52bc344658de7d3f08c36a2e804115.log`:
+
+```
+{
+  "log": "2015/05/05 19:54:41 \n",
+  "stream": "stderr",
+  "time": "2015-05-05T19:54:41.240447294Z"
+}
+```
+
+Then output becomes as belows
+```
+{
+  "log": "2015/05/05 19:54:41 \n",
+  "stream": "stderr",
+  "docker": {
+    "id": "df14e0d5ae4c07284fa636d739c8fc2e6b52bc344658de7d3f08c36a2e804115",
+  }
+  "kubernetes": {
+    "host": "jimmi-redhat.localnet",
+    "pod_name":"fabric8-console-controller-98rqc",
+    "pod_id": "c76927af-f563-11e4-b32d-54ee7527188d",
+    "pod_ip": "172.17.0.8",
+    "container_name": "fabric8-console-container",
+    "namespace_name": "default",
+    "namespace_id": "23437884-8e08-4d95-850b-e94378c9b2fd",
+    "namespace_annotations": {
+      "fabric8.io/git-commit": "5e1116f63df0bac2a80bdae2ebdc563577bbdf3c"
+    },
+    "namespace_labels": {
+      "product_version": "v1.0.0"
+    },
+    "labels": {
+      "component": "fabric8Console"
+    }
+  }
+}
+```
+
+If using journal input, from docker configured with `--log-driver=journald`, the input looks like the `journalctl -o export` format:
+```
+# The stream identification is encoded into the PRIORITY field as an
+# integer: 6, or github.com/coreos/go-systemd/journal.Info, marks stdout,
+# while 3, or github.com/coreos/go-systemd/journal.Err, marks stderr.
+PRIORITY=6
+CONTAINER_ID=b6cbb6e73c0a
+CONTAINER_ID_FULL=b6cbb6e73c0ad63ab820e4baa97cdc77cec729930e38a714826764ac0491341a
+CONTAINER_NAME=k8s_registry.a49f5318_docker-registry-1-hhoj0_default_ae3a9bdc-1f66-11e6-80a2-fa163e2fff3a_799e4035
+MESSAGE=172.17.0.1 - - [21/May/2016:16:52:05 +0000] "GET /healthz HTTP/1.1" 200 0 "" "Go-http-client/1.1"
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Test it (`GEM_HOME=vendor bundle install; GEM_HOME=vendor bundle exec rake test`)
+5. Push to the branch (`git push origin my-new-feature`)
+6. Create new Pull Request
+
+## Copyright
+  Copyright (c) 2015 jimmidyson

data/Rakefile

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+require 'bump/tasks'
+require 'rubocop/rake_task'
+
+task test: [:base_test]
+task default: [:test, :build, :rubocop]
+
+RuboCop::RakeTask.new
+
+desc 'Run test_unit based test'
+Rake::TestTask.new(:base_test) do |t|
+  # To run test for only one file (or file path pattern)
+  #  $ bundle exec rake base_test TEST=test/test_specified_path.rb
+  #  $ bundle exec rake base_test TEST=test/test_*.rb
+  t.libs << 'test'
+  t.test_files = Dir['test/**/test_*.rb'].sort
+  t.warning = false
+end
+
+desc 'Add copyright headers'
+task :headers do
+  require 'rubygems'
+  require 'copyright_header'
+
+  args = {
+    license: 'Apache-2.0',
+    copyright_software: 'Fluentd Kubernetes Metadata Filter Plugin',
+    copyright_software_description: 'Enrich Fluentd events with Kubernetes metadata',
+    copyright_holders: ['Red Hat, Inc.'],
+    copyright_years: ['2015-2021'],
+    add_path: 'lib:test',
+    output_dir: '.'
+  }
+
+  command_line = CopyrightHeader::CommandLine.new(args)
+  command_line.execute
+end

data/fluent-plugin-kubernetes_metadata_filter.gemspec

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |gem|
+  gem.name          = 'fluent-plugin-kubernetes_metadata_filter-rh'
+  gem.version       = '2.6.1'
+  gem.authors       = ['Stan Kwong']
+  gem.email         = ['jpdstan@gmail.com']
+  gem.description   = 'Filter plugin to add Kubernetes metadata'
+  gem.summary       = 'Fluentd filter plugin to add Kubernetes metadata'
+  gem.homepage      = 'https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter'
+  gem.license       = 'Apache-2.0'
+
+  gem.files         = `git ls-files`.split($/)
+
+  gem.required_ruby_version = '>= 2.5.0'
+
+  gem.add_runtime_dependency 'fluentd', ['>= 0.14.0', '< 1.13']
+  gem.add_runtime_dependency 'kubeclient', '< 5'
+  gem.add_runtime_dependency 'lru_redux'
+
+  gem.add_development_dependency 'bump'
+  gem.add_development_dependency 'bundler', '~> 2.0'
+  gem.add_development_dependency 'copyright-header'
+  gem.add_development_dependency 'minitest', '~> 4.0'
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'test-unit', '~> 3.0.2'
+  gem.add_development_dependency 'test-unit-rr', '~> 1.0.3'
+  gem.add_development_dependency 'vcr'
+  gem.add_development_dependency 'webmock'
+  gem.add_development_dependency 'yajl-ruby'
+end

data/lib/fluent/plugin/filter_kubernetes_metadata.rb

@@ -0,0 +1,378 @@
+# frozen_string_literal: true
+
+#
+# Fluentd Kubernetes Metadata Filter Plugin - Enrich Fluentd events with
+# Kubernetes metadata
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative 'kubernetes_metadata_cache_strategy'
+require_relative 'kubernetes_metadata_common'
+require_relative 'kubernetes_metadata_stats'
+require_relative 'kubernetes_metadata_util'
+require_relative 'kubernetes_metadata_watch_namespaces'
+require_relative 'kubernetes_metadata_watch_pods'
+
+require 'fluent/plugin/filter'
+require 'resolv'
+
+module Fluent::Plugin
+  class KubernetesMetadataFilter < Fluent::Plugin::Filter
+    K8_POD_CA_CERT = 'ca.crt'
+    K8_POD_TOKEN = 'token'
+
+    include KubernetesMetadata::CacheStrategy
+    include KubernetesMetadata::Common
+    include KubernetesMetadata::Util
+    include KubernetesMetadata::WatchNamespaces
+    include KubernetesMetadata::WatchPods
+
+    Fluent::Plugin.register_filter('kubernetes_metadata', self)
+
+    config_param :kubernetes_url, :string, default: nil
+    config_param :cache_size, :integer, default: 1000
+    config_param :cache_ttl, :integer, default: 60 * 60
+    config_param :watch, :bool, default: true
+    config_param :apiVersion, :string, default: 'v1'
+    config_param :client_cert, :string, default: nil
+    config_param :client_key, :string, default: nil
+    config_param :ca_file, :string, default: nil
+    config_param :verify_ssl, :bool, default: true
+    config_param :tag_to_kubernetes_name_regexp,
+                 :string,
+                 default: 'var\.log\.containers\.(?<pod_name>[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$'
+    config_param :bearer_token_file, :string, default: nil
+    config_param :secret_dir, :string, default: '/var/run/secrets/kubernetes.io/serviceaccount'
+    config_param :de_dot, :bool, default: true
+    config_param :de_dot_separator, :string, default: '_'
+    # if reading from the journal, the record will contain the following fields in the following
+    # format:
+    # CONTAINER_NAME=k8s_$containername.$containerhash_$podname_$namespacename_$poduuid_$rand32bitashex
+    # CONTAINER_FULL_ID=dockeridassha256hexvalue
+    config_param :use_journal, :bool, default: nil
+    # Field 2 is the container_hash, field 5 is the pod_id, and field 6 is the pod_randhex
+    # I would have included them as named groups, but you can't have named groups that are
+    # non-capturing :P
+    # parse format is defined here: https://github.com/kubernetes/kubernetes/blob/release-1.6/pkg/kubelet/dockertools/docker.go#L317
+    config_param :container_name_to_kubernetes_regexp,
+                 :string,
+                 default: '^(?<name_prefix>[^_]+)_(?<container_name>[^\._]+)(\.(?<container_hash>[^_]+))?_(?<pod_name>[^_]+)_(?<namespace>[^_]+)_[^_]+_[^_]+$'
+
+    config_param :annotation_match, :array, default: []
+    config_param :stats_interval, :integer, default: 30
+    config_param :allow_orphans, :bool, default: true
+    config_param :orphaned_namespace_name, :string, default: '.orphaned'
+    config_param :orphaned_namespace_id, :string, default: 'orphaned'
+    config_param :lookup_from_k8s_field, :bool, default: true
+    # if `ca_file` is for an intermediate CA, or otherwise we do not have the root CA and want
+    # to trust the intermediate CA certs we do have, set this to `true` - this corresponds to
+    # the openssl s_client -partial_chain flag and X509_V_FLAG_PARTIAL_CHAIN
+    config_param :ssl_partial_chain, :bool, default: false
+    config_param :skip_labels, :bool, default: false
+    config_param :skip_container_metadata, :bool, default: false
+    config_param :skip_master_url, :bool, default: false
+    config_param :skip_namespace_metadata, :bool, default: false
+    # The time interval in seconds for retry backoffs when watch connections fail.
+    config_param :watch_retry_interval, :integer, default: 1
+    # The base number of exponential backoff for retries.
+    config_param :watch_retry_exponential_backoff_base, :integer, default: 2
+    # The maximum number of times to retry pod and namespace watches.
+    config_param :watch_retry_max_times, :integer, default: 10
+
+    def fetch_pod_metadata(namespace_name, pod_name)
+      log.trace("fetching pod metadata: #{namespace_name}/#{pod_name}") if log.trace?
+      options = {
+        resource_version: '0' # Fetch from API server cache instead of etcd quorum read
+      }
+      pod_object = @client.get_pod(pod_name, namespace_name, options)
+      log.trace("raw metadata for #{namespace_name}/#{pod_name}: #{pod_object}") if log.trace?
+      metadata = parse_pod_metadata(pod_object)
+      @stats.bump(:pod_cache_api_updates)
+      log.trace("parsed metadata for #{namespace_name}/#{pod_name}: #{metadata}") if log.trace?
+      @cache[metadata['pod_id']] = metadata
+    rescue StandardError => e
+      @stats.bump(:pod_cache_api_nil_error)
+      log.debug "Exception '#{e}' encountered fetching pod metadata from Kubernetes API #{@apiVersion} endpoint #{@kubernetes_url}"
+      {}
+    end
+
+    def dump_stats
+      @curr_time = Time.now
+      return if @curr_time.to_i - @prev_time.to_i < @stats_interval
+
+      @prev_time = @curr_time
+      @stats.set(:pod_cache_size, @cache.count)
+      @stats.set(:namespace_cache_size, @namespace_cache.count) if @namespace_cache
+      log.info(@stats)
+      if log.level == Fluent::Log::LEVEL_TRACE
+        log.trace("       id cache: #{@id_cache.to_a}")
+        log.trace("      pod cache: #{@cache.to_a}")
+        log.trace("namespace cache: #{@namespace_cache.to_a}")
+      end
+    end
+
+    def fetch_namespace_metadata(namespace_name)
+      log.trace("fetching namespace metadata: #{namespace_name}") if log.trace?
+      options = {
+        resource_version: '0' # Fetch from API server cache instead of etcd quorum read
+      }
+      namespace_object = @client.get_namespace(namespace_name, nil, options)
+      log.trace("raw metadata for #{namespace_name}: #{namespace_object}") if log.trace?
+      metadata = parse_namespace_metadata(namespace_object)
+      @stats.bump(:namespace_cache_api_updates)
+      log.trace("parsed metadata for #{namespace_name}: #{metadata}") if log.trace?
+      @namespace_cache[metadata['namespace_id']] = metadata
+    rescue StandardError => e
+      @stats.bump(:namespace_cache_api_nil_error)
+      log.debug "Exception '#{e}' encountered fetching namespace metadata from Kubernetes API #{@apiVersion} endpoint #{@kubernetes_url}"
+      {}
+    end
+
+    def initialize
+      super
+      @prev_time = Time.now
+    end
+
+    def configure(conf)
+      super
+
+      def log.trace?
+        level == Fluent::Log::LEVEL_TRACE
+      end
+
+      require 'kubeclient'
+      require 'lru_redux'
+      @stats = KubernetesMetadata::Stats.new
+
+      if @de_dot && @de_dot_separator.include?('.')
+        raise Fluent::ConfigError, "Invalid de_dot_separator: cannot be or contain '.'"
+      end
+
+      if @cache_ttl < 0
+        log.info 'Setting the cache TTL to :none because it was <= 0'
+        @cache_ttl = :none
+      end
+
+      # Caches pod/namespace UID tuples for a given container UID.
+      @id_cache = LruRedux::TTL::ThreadSafeCache.new(@cache_size, @cache_ttl)
+
+      # Use the container UID as the key to fetch a hash containing pod metadata
+      @cache = LruRedux::TTL::ThreadSafeCache.new(@cache_size, @cache_ttl)
+
+      # Use the namespace UID as the key to fetch a hash containing namespace metadata
+      @namespace_cache = LruRedux::TTL::ThreadSafeCache.new(@cache_size, @cache_ttl)
+
+      @tag_to_kubernetes_name_regexp_compiled = Regexp.compile(@tag_to_kubernetes_name_regexp)
+      @container_name_to_kubernetes_regexp_compiled = Regexp.compile(@container_name_to_kubernetes_regexp)
+
+      # Use Kubernetes default service account if we're in a pod.
+      if @kubernetes_url.nil?
+        log.debug 'Kubernetes URL is not set - inspecting environ'
+
+        env_host = ENV['KUBERNETES_SERVICE_HOST']
+        env_port = ENV['KUBERNETES_SERVICE_PORT']
+        if present?(env_host) && present?(env_port)
+          if env_host =~ Resolv::IPv6::Regex
+            # Brackets are needed around IPv6 addresses
+            env_host = "[#{env_host}]"
+          end
+          @kubernetes_url = "https://#{env_host}:#{env_port}/api"
+          log.debug "Kubernetes URL is now '#{@kubernetes_url}'"
+        else
+          log.debug 'No Kubernetes URL could be found in config or environ'
+        end
+      end
+
+      # Use SSL certificate and bearer token from Kubernetes service account.
+      if Dir.exist?(@secret_dir)
+        log.debug "Found directory with secrets: #{@secret_dir}"
+        ca_cert = File.join(@secret_dir, K8_POD_CA_CERT)
+        pod_token = File.join(@secret_dir, K8_POD_TOKEN)
+
+        if !present?(@ca_file) && File.exist?(ca_cert)
+          log.debug "Found CA certificate: #{ca_cert}"
+          @ca_file = ca_cert
+        end
+
+        if !present?(@bearer_token_file) && File.exist?(pod_token)
+          log.debug "Found pod token: #{pod_token}"
+          @bearer_token_file = pod_token
+        end
+      end
+
+      if present?(@kubernetes_url)
+        ssl_options = {
+          client_cert: present?(@client_cert) ? OpenSSL::X509::Certificate.new(File.read(@client_cert)) : nil,
+          client_key: present?(@client_key) ? OpenSSL::PKey::RSA.new(File.read(@client_key)) : nil,
+          ca_file: @ca_file,
+          verify_ssl: @verify_ssl ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
+        }
+
+        if @ssl_partial_chain
+          # taken from the ssl.rb OpenSSL::SSL::SSLContext code for DEFAULT_CERT_STORE
+          require 'openssl'
+          ssl_store = OpenSSL::X509::Store.new
+          ssl_store.set_default_paths
+          flagval = if defined? OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
+                      OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
+                    else
+                      # this version of ruby does not define OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
+                      0x80000
+                    end
+          ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | flagval
+          ssl_options[:cert_store] = ssl_store
+        end
+
+        auth_options = {}
+
+        if present?(@bearer_token_file)
+          bearer_token = File.read(@bearer_token_file)
+          auth_options[:bearer_token] = bearer_token
+        end
+
+        log.debug 'Creating K8S client'
+        @client = Kubeclient::Client.new(
+          @kubernetes_url,
+          @apiVersion,
+          ssl_options: ssl_options,
+          auth_options: auth_options,
+          as: :parsed_symbolized
+        )
+
+        begin
+          @client.api_valid?
+        rescue KubeException => e
+          raise Fluent::ConfigError, "Invalid Kubernetes API #{@apiVersion} endpoint #{@kubernetes_url}: #{e.message}"
+        end
+
+        if @watch
+          if ENV['K8S_NODE_NAME'].nil? || ENV['K8S_NODE_NAME'].strip.empty?
+            log.warn("!! The environment variable 'K8S_NODE_NAME' is not set to the node name which can affect the API server and watch efficiency !!")
+          end
+
+          pod_thread = Thread.new(self, &:set_up_pod_thread)
+          pod_thread.abort_on_exception = true
+
+          namespace_thread = Thread.new(self, &:set_up_namespace_thread)
+          namespace_thread.abort_on_exception = true
+        end
+      end
+      @time_fields = []
+      @time_fields.push('_SOURCE_REALTIME_TIMESTAMP', '__REALTIME_TIMESTAMP') if @use_journal || @use_journal.nil?
+      @time_fields.push('time') unless @use_journal
+      @time_fields.push('@timestamp') if @lookup_from_k8s_field
+
+      @annotations_regexps = []
+      @annotation_match.each do |regexp|
+        @annotations_regexps << Regexp.compile(regexp)
+      rescue RegexpError => e
+        log.error "Error: invalid regular expression in annotation_match: #{e}"
+      end
+    end
+
+    def get_metadata_for_record(namespace_name, pod_name, container_name, container_id, create_time, batch_miss_cache)
+      metadata = {
+        'docker' => { 'container_id' => container_id },
+        'kubernetes' => {
+          'container_name' => container_name,
+          'namespace_name' => namespace_name,
+          'pod_name' => pod_name
+        }
+      }
+      if present?(@kubernetes_url)
+        pod_metadata = get_pod_metadata(container_id, namespace_name, pod_name, create_time, batch_miss_cache)
+
+        if (pod_metadata.include? 'containers') && (pod_metadata['containers'].include? container_id) && !@skip_container_metadata
+          metadata['kubernetes']['container_image'] = pod_metadata['containers'][container_id]['image']
+          metadata['kubernetes']['container_image_id'] = pod_metadata['containers'][container_id]['image_id']
+        end
+
+        metadata['kubernetes'].merge!(pod_metadata) if pod_metadata
+        metadata['kubernetes'].delete('containers')
+      end
+      metadata
+    end
+
+    def filter_stream(tag, es)
+      return es if (es.respond_to?(:empty?) && es.empty?) || !es.is_a?(Fluent::EventStream)
+
+      new_es = Fluent::MultiEventStream.new
+      tag_match_data = tag.match(@tag_to_kubernetes_name_regexp_compiled) unless @use_journal
+      tag_metadata = nil
+      batch_miss_cache = {}
+      es.each do |time, record|
+        if tag_match_data && tag_metadata.nil?
+          tag_metadata = get_metadata_for_record(tag_match_data['namespace'], tag_match_data['pod_name'], tag_match_data['container_name'],
+                                                 tag_match_data['docker_id'], create_time_from_record(record, time), batch_miss_cache)
+        end
+        metadata = Marshal.load(Marshal.dump(tag_metadata)) if tag_metadata
+        if (@use_journal || @use_journal.nil?) &&
+           (j_metadata = get_metadata_for_journal_record(record, time, batch_miss_cache))
+          metadata = j_metadata
+        end
+        if @lookup_from_k8s_field && record.key?('kubernetes') && record.key?('docker') &&
+           record['kubernetes'].respond_to?(:has_key?) && record['docker'].respond_to?(:has_key?) &&
+           record['kubernetes'].key?('namespace_name') &&
+           record['kubernetes'].key?('pod_name') &&
+           record['kubernetes'].key?('container_name') &&
+           record['docker'].key?('container_id') &&
+           (k_metadata = get_metadata_for_record(record['kubernetes']['namespace_name'], record['kubernetes']['pod_name'],
+                                                 record['kubernetes']['container_name'], record['docker']['container_id'],
+                                                 create_time_from_record(record, time), batch_miss_cache))
+          metadata = k_metadata
+        end
+
+        record = record.merge(metadata) if metadata
+        new_es.add(time, record)
+      end
+      dump_stats
+      new_es
+    end
+
+    def get_metadata_for_journal_record(record, time, batch_miss_cache)
+      metadata = nil
+      if record.key?('CONTAINER_NAME') && record.key?('CONTAINER_ID_FULL')
+        metadata = record['CONTAINER_NAME'].match(@container_name_to_kubernetes_regexp_compiled) do |match_data|
+          get_metadata_for_record(match_data['namespace'], match_data['pod_name'], match_data['container_name'],
+                                  record['CONTAINER_ID_FULL'], create_time_from_record(record, time), batch_miss_cache)
+        end
+        unless metadata
+          log.debug "Error: could not match CONTAINER_NAME from record #{record}"
+          @stats.bump(:container_name_match_failed)
+        end
+      elsif record.key?('CONTAINER_NAME') && record['CONTAINER_NAME'].start_with?('k8s_')
+        log.debug "Error: no container name and id in record #{record}"
+        @stats.bump(:container_name_id_missing)
+      end
+      metadata
+    end
+
+    def de_dot!(h)
+      h.keys.each do |ref|
+        next unless h[ref] && ref =~ /\./
+
+        v = h.delete(ref)
+        newref = ref.to_s.gsub('.', @de_dot_separator)
+        h[newref] = v
+      end
+    end
+
+    # copied from activesupport
+    def present?(object)
+      object.respond_to?(:empty?) ? !object.empty? : !!object
+    end
+  end
+end