fluent-plugin-kubernetes_metadata_filter-rh 2.6.1

data/lib/fluent/plugin/kubernetes_metadata_cache_strategy.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+#
+# Fluentd Kubernetes Metadata Filter Plugin - Enrich Fluentd events with
+# Kubernetes metadata
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module KubernetesMetadata
+  module CacheStrategy
+    def get_pod_metadata(key, namespace_name, pod_name, record_create_time, batch_miss_cache)
+      metadata = {}
+      ids = @id_cache[key]
+      if ids.nil?
+        # FAST PATH
+        # Cache hit, fetch metadata from the cache
+        @stats.bump(:id_cache_miss)
+        return batch_miss_cache["#{namespace_name}_#{pod_name}"] if batch_miss_cache.key?("#{namespace_name}_#{pod_name}")
+
+        pod_metadata = fetch_pod_metadata(namespace_name, pod_name)
+        if @skip_namespace_metadata
+          ids = { pod_id: pod_metadata['pod_id'] }
+          @id_cache[key] = ids
+          return pod_metadata
+        end
+        namespace_metadata = fetch_namespace_metadata(namespace_name)
+        ids = { pod_id: pod_metadata['pod_id'], namespace_id: namespace_metadata['namespace_id'] }
+        if !ids[:pod_id].nil? && !ids[:namespace_id].nil?
+          # pod found and namespace found
+          metadata = pod_metadata
+          metadata.merge!(namespace_metadata)
+        else
+          if ids[:pod_id].nil? && !ids[:namespace_id].nil?
+            # pod not found, but namespace found
+            @stats.bump(:id_cache_pod_not_found_namespace)
+            ns_time = Time.parse(namespace_metadata['creation_timestamp'])
+            if ns_time <= record_create_time
+              # namespace is older then record for pod
+              ids[:pod_id] = key
+              metadata = @cache.fetch(ids[:pod_id]) do
+                { 'pod_id' => ids[:pod_id] }
+              end
+            end
+            metadata.merge!(namespace_metadata)
+          else
+            if !ids[:pod_id].nil? && ids[:namespace_id].nil?
+              # pod found, but namespace NOT found
+              # this should NEVER be possible since pod meta can
+              # only be retrieved with a namespace
+              @stats.bump(:id_cache_namespace_not_found_pod)
+            else
+              # nothing found
+              @stats.bump(:id_cache_orphaned_record)
+            end
+            if @allow_orphans
+              log.trace("orphaning message for: #{namespace_name}/#{pod_name} ") if log.trace?
+              metadata = {
+                'orphaned_namespace' => namespace_name,
+                'namespace_name' => @orphaned_namespace_name,
+                'namespace_id' => @orphaned_namespace_id
+              }
+            else
+              metadata = {}
+            end
+            batch_miss_cache["#{namespace_name}_#{pod_name}"] = metadata
+          end
+        end
+        @id_cache[key] = ids unless batch_miss_cache.key?("#{namespace_name}_#{pod_name}")
+      else
+        # SLOW PATH
+        metadata = @cache.fetch(ids[:pod_id]) do
+          @stats.bump(:pod_cache_miss)
+          m = fetch_pod_metadata(namespace_name, pod_name)
+          m.nil? || m.empty? ? { 'pod_id' => ids[:pod_id] } : m
+        end
+        metadata.merge!(@namespace_cache.fetch(ids[:namespace_id]) do
+          m = unless @skip_namespace_metadata
+                @stats.bump(:namespace_cache_miss)
+                fetch_namespace_metadata(namespace_name)
+              end
+          m.nil? || m.empty? ? { 'namespace_id' => ids[:namespace_id] } : m
+        end)
+      end
+
+      # remove namespace info that is only used for comparison
+      metadata.delete('creation_timestamp')
+      metadata.delete_if { |_k, v| v.nil? }
+    end
+  end
+end

data/lib/fluent/plugin/kubernetes_metadata_common.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+#
+# Fluentd Kubernetes Metadata Filter Plugin - Enrich Fluentd events with
+# Kubernetes metadata
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module KubernetesMetadata
+  module Common
+    class GoneError < StandardError
+      def initialize(msg = '410 Gone')
+        super
+      end
+    end
+
+    def match_annotations(annotations)
+      result = {}
+      @annotations_regexps.each do |regexp|
+        annotations.each do |key, value|
+          if ::Fluent::StringUtil.match_regexp(regexp, key.to_s)
+            result[key] = value
+          end
+        end
+      end
+      result
+    end
+
+    def parse_namespace_metadata(namespace_object)
+      labels = ''
+      labels = syms_to_strs(namespace_object[:metadata][:labels].to_h) unless @skip_labels
+
+      annotations = match_annotations(syms_to_strs(namespace_object[:metadata][:annotations].to_h))
+      if @de_dot
+        de_dot!(labels) unless @skip_labels
+        de_dot!(annotations)
+      end
+      kubernetes_metadata = {
+        'namespace_id' => namespace_object[:metadata][:uid],
+        'creation_timestamp' => namespace_object[:metadata][:creationTimestamp]
+      }
+      kubernetes_metadata['namespace_labels'] = labels unless labels.empty?
+      kubernetes_metadata['namespace_annotations'] = annotations unless annotations.empty?
+      kubernetes_metadata
+    end
+
+    def parse_pod_metadata(pod_object)
+      labels = ''
+      labels = syms_to_strs(pod_object[:metadata][:labels].to_h) unless @skip_labels
+
+      annotations = match_annotations(syms_to_strs(pod_object[:metadata][:annotations].to_h))
+      if @de_dot
+        de_dot!(labels) unless @skip_labels
+        de_dot!(annotations)
+      end
+
+      # collect container information
+      container_meta = {}
+      begin
+        pod_object[:status][:containerStatuses].each do |container_status|
+          # get plain container id (eg. docker://hash -> hash)
+          container_id = container_status[:containerID].sub(%r{^[-_a-zA-Z0-9]+://}, '')
+          container_meta[container_id] = if @skip_container_metadata
+                                           {
+                                             'name' => container_status[:name]
+                                           }
+                                         else
+                                           {
+                                             'name' => container_status[:name],
+                                             'image' => container_status[:image],
+                                             'image_id' => container_status[:imageID]
+                                           }
+                                         end
+        end
+      rescue StandardError
+        log.debug("parsing container meta information failed for: #{pod_object[:metadata][:namespace]}/#{pod_object[:metadata][:name]} ")
+      end
+
+      kubernetes_metadata = {
+        'namespace_name' => pod_object[:metadata][:namespace],
+        'pod_id' => pod_object[:metadata][:uid],
+        'pod_name' => pod_object[:metadata][:name],
+        'pod_ip' => pod_object[:status][:podIP],
+        'containers' => syms_to_strs(container_meta),
+        'host' => pod_object[:spec][:nodeName]
+      }
+      kubernetes_metadata['annotations'] = annotations unless annotations.empty?
+      kubernetes_metadata['labels'] = labels unless labels.empty?
+      kubernetes_metadata['master_url'] = @kubernetes_url unless @skip_master_url
+      kubernetes_metadata
+    end
+
+    def syms_to_strs(hsh)
+      newhsh = {}
+      hsh.each_pair do |kk, vv|
+        if vv.is_a?(Hash)
+          vv = syms_to_strs(vv)
+        end
+        if kk.is_a?(Symbol)
+          newhsh[kk.to_s] = vv
+        else
+          newhsh[kk] = vv
+        end
+      end
+      newhsh
+    end
+  end
+end

data/lib/fluent/plugin/kubernetes_metadata_stats.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+#
+# Fluentd Kubernetes Metadata Filter Plugin - Enrich Fluentd events with
+# Kubernetes metadata
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'lru_redux'
+module KubernetesMetadata
+  class Stats
+    def initialize
+      @stats = ::LruRedux::TTL::ThreadSafeCache.new(1000, 3600)
+    end
+
+    def bump(key)
+      @stats[key] = @stats.getset(key) { 0 } + 1
+    end
+
+    def set(key, value)
+      @stats[key] = value
+    end
+
+    def [](key)
+      @stats[key]
+    end
+
+    def to_s
+      'stats - ' + [].tap do |a|
+        @stats.each { |k, v| a << "#{k}: #{v}" }
+      end.join(', ')
+    end
+  end
+end

data/lib/fluent/plugin/kubernetes_metadata_util.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+#
+# Fluentd Kubernetes Metadata Filter Plugin - Enrich Fluentd events with
+# Kubernetes metadata
+#
+# Copyright 2021 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+module KubernetesMetadata
+  module Util
+    def create_time_from_record(record, internal_time)
+      time_key = @time_fields.detect { |ii| record.key?(ii) }
+      time = record[time_key]
+      if time.nil? || time.is_a?(String) && time.chop.empty?
+        # `internal_time` is a Fluent::EventTime, it can't compare with Time.
+        return Time.at(internal_time.to_f)
+      end
+
+      if ['_SOURCE_REALTIME_TIMESTAMP', '__REALTIME_TIMESTAMP'].include?(time_key)
+        timei = time.to_i
+        return Time.at(timei / 1_000_000, timei % 1_000_000)
+      end
+      return Time.at(time) if time.is_a?(Numeric)
+
+      Time.parse(time)
+    end
+  end
+end

data/lib/fluent/plugin/kubernetes_metadata_watch_namespaces.rb

@@ -0,0 +1,154 @@
+# frozen_string_literal: true
+
+#
+# Fluentd Kubernetes Metadata Filter Plugin - Enrich Fluentd events with
+# Kubernetes metadata
+#
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# TODO: this is mostly copy-paste from kubernetes_metadata_watch_pods.rb unify them
+require_relative 'kubernetes_metadata_common'
+
+module KubernetesMetadata
+  module WatchNamespaces
+    include ::KubernetesMetadata::Common
+
+    def set_up_namespace_thread
+      # Any failures / exceptions in the initial setup should raise
+      # Fluent:ConfigError, so that users can inspect potential errors in
+      # the configuration.
+      namespace_watcher = start_namespace_watch
+      Thread.current[:namespace_watch_retry_backoff_interval] = @watch_retry_interval
+      Thread.current[:namespace_watch_retry_count] = 0
+
+      # Any failures / exceptions in the followup watcher notice
+      # processing will be swallowed and retried. These failures /
+      # exceptions could be caused by Kubernetes API being temporarily
+      # down. We assume the configuration is correct at this point.
+      loop do
+        namespace_watcher ||= get_namespaces_and_start_watcher
+        process_namespace_watcher_notices(namespace_watcher)
+      rescue GoneError => e
+        # Expected error. Quietly go back through the loop in order to
+        # start watching from the latest resource versions
+        @stats.bump(:namespace_watch_gone_errors)
+        log.info('410 Gone encountered. Restarting namespace watch to reset resource versions.', e)
+        namespace_watcher = nil
+      rescue StandardError => e
+        @stats.bump(:namespace_watch_failures)
+        if Thread.current[:namespace_watch_retry_count] < @watch_retry_max_times
+          # Instead of raising exceptions and crashing Fluentd, swallow
+          # the exception and reset the watcher.
+          log.info(
+            'Exception encountered parsing namespace watch event. ' \
+            'The connection might have been closed. Sleeping for ' \
+            "#{Thread.current[:namespace_watch_retry_backoff_interval]} " \
+            'seconds and resetting the namespace watcher.', e
+          )
+          sleep(Thread.current[:namespace_watch_retry_backoff_interval])
+          Thread.current[:namespace_watch_retry_count] += 1
+          Thread.current[:namespace_watch_retry_backoff_interval] *= @watch_retry_exponential_backoff_base
+          namespace_watcher = nil
+        else
+          # Since retries failed for many times, log as errors instead
+          # of info and raise exceptions and trigger Fluentd to restart.
+          message =
+            'Exception encountered parsing namespace watch event. The ' \
+            'connection might have been closed. Retried ' \
+            "#{@watch_retry_max_times} times yet still failing. Restarting."
+          log.error(message, e)
+          raise Fluent::UnrecoverableError, message
+        end
+      end
+    end
+
+    def start_namespace_watch
+      get_namespaces_and_start_watcher
+    rescue StandardError => e
+      message = 'start_namespace_watch: Exception encountered setting up ' \
+                "namespace watch from Kubernetes API #{@apiVersion} endpoint " \
+                "#{@kubernetes_url}: #{e.message}"
+      message += " (#{e.response})" if e.respond_to?(:response)
+      log.debug(message)
+
+      raise Fluent::ConfigError, message
+    end
+
+    # List all namespaces, record the resourceVersion and return a watcher
+    # starting from that resourceVersion.
+    def get_namespaces_and_start_watcher
+      options = {
+        resource_version: '0' # Fetch from API server cache instead of etcd quorum read
+      }
+      namespaces = @client.get_namespaces(options)
+      namespaces[:items].each do |namespace|
+        cache_key = namespace[:metadata][:uid]
+        @namespace_cache[cache_key] = parse_namespace_metadata(namespace)
+        @stats.bump(:namespace_cache_host_updates)
+      end
+
+      # continue watching from most recent resourceVersion
+      options[:resource_version] = namespaces[:metadata][:resourceVersion]
+
+      watcher = @client.watch_namespaces(options)
+      reset_namespace_watch_retry_stats
+      watcher
+    end
+
+    # Reset namespace watch retry count and backoff interval as there is a
+    # successful watch notice.
+    def reset_namespace_watch_retry_stats
+      Thread.current[:namespace_watch_retry_count] = 0
+      Thread.current[:namespace_watch_retry_backoff_interval] = @watch_retry_interval
+    end
+
+    # Process a watcher notice and potentially raise an exception.
+    def process_namespace_watcher_notices(watcher)
+      watcher.each do |notice|
+        case notice[:type]
+        when 'MODIFIED'
+          reset_namespace_watch_retry_stats
+          cache_key = notice[:object][:metadata][:uid]
+          cached    = @namespace_cache[cache_key]
+          if cached
+            @namespace_cache[cache_key] = parse_namespace_metadata(notice[:object])
+            @stats.bump(:namespace_cache_watch_updates)
+          else
+            @stats.bump(:namespace_cache_watch_misses)
+          end
+        when 'DELETED'
+          reset_namespace_watch_retry_stats
+          # ignore and let age out for cases where
+          # deleted but still processing logs
+          @stats.bump(:namespace_cache_watch_deletes_ignored)
+        when 'ERROR'
+          if notice[:object] && notice[:object][:code] == 410
+            @stats.bump(:namespace_watch_gone_notices)
+            raise GoneError
+          else
+            @stats.bump(:namespace_watch_error_type_notices)
+            message = notice[:object][:message] if notice[:object] && notice[:object][:message]
+            raise "Error while watching namespaces: #{message}"
+          end
+        else
+          reset_namespace_watch_retry_stats
+          # Don't pay attention to creations, since the created namespace may not
+          # be used by any namespace on this node.
+          @stats.bump(:namespace_cache_watch_ignored)
+        end
+      end
+    end
+  end
+end