fluent-plugin-kubernetes_metadata_filter 2.1.5 → 2.1.6
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 4a83bf6d7f3f2f80e380d89a9aa78024c706a4312b971d8d53ffe79a67bdb322
|
|
4
|
+
data.tar.gz: 241adc577d1c9eb2bdb97ef2a7d7ef6511cbbe836e15b91301f04657e4345feb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2e3923244e262befe237d2f35cc8f54788558e22ff53cec53bd4edd044931ea35682bee853eda5775254df44026cfdedd16bda247aee2b2f443b1cb73e853514
|
|
7
|
+
data.tar.gz: bda740f2a37e0a2510277b84c32e469360b8652327d47b994b464942ab17e246b6eda6f16ad43c4b65b806b8928188886524684ae37199abf9cd58edab84445b
|
data/README.md
CHANGED
|
@@ -54,6 +54,9 @@ when true (default: `true`)
|
|
|
54
54
|
* `orphaned_namespace_name` - The namespace to associate with records where the namespace can not be determined (default: `.orphaned`)
|
|
55
55
|
* `orphaned_namespace_id` - The namespace id to associate with records where the namespace can not be determined (default: `orphaned`)
|
|
56
56
|
* `lookup_from_k8s_field` - If the field `kubernetes` is present, lookup the metadata from the given subfields such as `kubernetes.namespace_name`, `kubernetes.pod_name`, etc. This allows you to avoid having to pass in metadata to lookup in an explicitly formatted tag name or in an explicitly formatted `CONTAINER_NAME` value. For example, set `kubernetes.namespace_name`, `kubernetes.pod_name`, `kubernetes.container_name`, and `docker.id` in the record, and the filter will fill in the rest. (default: `true`)
|
|
57
|
+
* `ssl_partial_chain` - if `ca_file` is for an intermediate CA, or otherwise we do not have the root CA and want
|
|
58
|
+
to trust the intermediate CA certs we do have, set this to `true` - this corresponds to
|
|
59
|
+
the `openssl s_client -partial_chain` flag and `X509_V_FLAG_PARTIAL_CHAIN` (default: `false`)
|
|
57
60
|
|
|
58
61
|
**NOTE:** As of the release 2.1.x of this plugin, it no longer supports parsing the source message into JSON and attaching it to the
|
|
59
62
|
payload. The following configuration options are removed:
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |gem|
|
|
6
6
|
gem.name = "fluent-plugin-kubernetes_metadata_filter"
|
|
7
|
-
gem.version = "2.1.
|
|
7
|
+
gem.version = "2.1.6"
|
|
8
8
|
gem.authors = ["Jimmi Dyson"]
|
|
9
9
|
gem.email = ["jimmidyson@gmail.com"]
|
|
10
10
|
gem.description = %q{Filter plugin to add Kubernetes metadata}
|
|
@@ -72,6 +72,10 @@ module Fluent::Plugin
|
|
|
72
72
|
config_param :orphaned_namespace_name, :string, default: '.orphaned'
|
|
73
73
|
config_param :orphaned_namespace_id, :string, default: 'orphaned'
|
|
74
74
|
config_param :lookup_from_k8s_field, :bool, default: true
|
|
75
|
+
# if `ca_file` is for an intermediate CA, or otherwise we do not have the root CA and want
|
|
76
|
+
# to trust the intermediate CA certs we do have, set this to `true` - this corresponds to
|
|
77
|
+
# the openssl s_client -partial_chain flag and X509_V_FLAG_PARTIAL_CHAIN
|
|
78
|
+
config_param :ssl_partial_chain, :bool, default: false
|
|
75
79
|
|
|
76
80
|
def fetch_pod_metadata(namespace_name, pod_name)
|
|
77
81
|
log.trace("fetching pod metadata: #{namespace_name}/#{pod_name}") if log.trace?
|
|
@@ -219,6 +223,21 @@ module Fluent::Plugin
|
|
|
219
223
|
verify_ssl: @verify_ssl ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
|
|
220
224
|
}
|
|
221
225
|
|
|
226
|
+
if @ssl_partial_chain
|
|
227
|
+
# taken from the ssl.rb OpenSSL::SSL::SSLContext code for DEFAULT_CERT_STORE
|
|
228
|
+
require 'openssl'
|
|
229
|
+
ssl_store = OpenSSL::X509::Store.new
|
|
230
|
+
ssl_store.set_default_paths
|
|
231
|
+
if defined? OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
|
|
232
|
+
flagval = OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
|
|
233
|
+
else
|
|
234
|
+
# this version of ruby does not define OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
|
|
235
|
+
flagval = 0x80000
|
|
236
|
+
end
|
|
237
|
+
ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | flagval
|
|
238
|
+
ssl_options[:cert_store] = ssl_store
|
|
239
|
+
end
|
|
240
|
+
|
|
222
241
|
auth_options = {}
|
|
223
242
|
|
|
224
243
|
if @bearer_token_file.present?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-kubernetes_metadata_filter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jimmi Dyson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-12-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|
|
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
256
|
version: '0'
|
|
257
257
|
requirements: []
|
|
258
258
|
rubyforge_project:
|
|
259
|
-
rubygems_version: 2.6
|
|
259
|
+
rubygems_version: 2.7.6
|
|
260
260
|
signing_key:
|
|
261
261
|
specification_version: 4
|
|
262
262
|
summary: Fluentd filter plugin to add Kubernetes metadata
|