fluent-plugin-kubernetes_metadata_filter 2.1.5 → 2.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 4a83bf6d7f3f2f80e380d89a9aa78024c706a4312b971d8d53ffe79a67bdb322
|
|
4
|
+
data.tar.gz: 241adc577d1c9eb2bdb97ef2a7d7ef6511cbbe836e15b91301f04657e4345feb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2e3923244e262befe237d2f35cc8f54788558e22ff53cec53bd4edd044931ea35682bee853eda5775254df44026cfdedd16bda247aee2b2f443b1cb73e853514
|
|
7
|
+
data.tar.gz: bda740f2a37e0a2510277b84c32e469360b8652327d47b994b464942ab17e246b6eda6f16ad43c4b65b806b8928188886524684ae37199abf9cd58edab84445b
|
data/README.md
CHANGED
|
@@ -54,6 +54,9 @@ when true (default: `true`)
|
|
|
54
54
|
* `orphaned_namespace_name` - The namespace to associate with records where the namespace can not be determined (default: `.orphaned`)
|
|
55
55
|
* `orphaned_namespace_id` - The namespace id to associate with records where the namespace can not be determined (default: `orphaned`)
|
|
56
56
|
* `lookup_from_k8s_field` - If the field `kubernetes` is present, lookup the metadata from the given subfields such as `kubernetes.namespace_name`, `kubernetes.pod_name`, etc. This allows you to avoid having to pass in metadata to lookup in an explicitly formatted tag name or in an explicitly formatted `CONTAINER_NAME` value. For example, set `kubernetes.namespace_name`, `kubernetes.pod_name`, `kubernetes.container_name`, and `docker.id` in the record, and the filter will fill in the rest. (default: `true`)
|
|
57
|
+
* `ssl_partial_chain` - if `ca_file` is for an intermediate CA, or otherwise we do not have the root CA and want
|
|
58
|
+
to trust the intermediate CA certs we do have, set this to `true` - this corresponds to
|
|
59
|
+
the `openssl s_client -partial_chain` flag and `X509_V_FLAG_PARTIAL_CHAIN` (default: `false`)
|
|
57
60
|
|
|
58
61
|
**NOTE:** As of the release 2.1.x of this plugin, it no longer supports parsing the source message into JSON and attaching it to the
|
|
59
62
|
payload. The following configuration options are removed:
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |gem|
|
|
6
6
|
gem.name = "fluent-plugin-kubernetes_metadata_filter"
|
|
7
|
-
gem.version = "2.1.
|
|
7
|
+
gem.version = "2.1.6"
|
|
8
8
|
gem.authors = ["Jimmi Dyson"]
|
|
9
9
|
gem.email = ["jimmidyson@gmail.com"]
|
|
10
10
|
gem.description = %q{Filter plugin to add Kubernetes metadata}
|
|
@@ -72,6 +72,10 @@ module Fluent::Plugin
|
|
|
72
72
|
config_param :orphaned_namespace_name, :string, default: '.orphaned'
|
|
73
73
|
config_param :orphaned_namespace_id, :string, default: 'orphaned'
|
|
74
74
|
config_param :lookup_from_k8s_field, :bool, default: true
|
|
75
|
+
# if `ca_file` is for an intermediate CA, or otherwise we do not have the root CA and want
|
|
76
|
+
# to trust the intermediate CA certs we do have, set this to `true` - this corresponds to
|
|
77
|
+
# the openssl s_client -partial_chain flag and X509_V_FLAG_PARTIAL_CHAIN
|
|
78
|
+
config_param :ssl_partial_chain, :bool, default: false
|
|
75
79
|
|
|
76
80
|
def fetch_pod_metadata(namespace_name, pod_name)
|
|
77
81
|
log.trace("fetching pod metadata: #{namespace_name}/#{pod_name}") if log.trace?
|
|
@@ -219,6 +223,21 @@ module Fluent::Plugin
|
|
|
219
223
|
verify_ssl: @verify_ssl ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
|
|
220
224
|
}
|
|
221
225
|
|
|
226
|
+
if @ssl_partial_chain
|
|
227
|
+
# taken from the ssl.rb OpenSSL::SSL::SSLContext code for DEFAULT_CERT_STORE
|
|
228
|
+
require 'openssl'
|
|
229
|
+
ssl_store = OpenSSL::X509::Store.new
|
|
230
|
+
ssl_store.set_default_paths
|
|
231
|
+
if defined? OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
|
|
232
|
+
flagval = OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
|
|
233
|
+
else
|
|
234
|
+
# this version of ruby does not define OpenSSL::X509::V_FLAG_PARTIAL_CHAIN
|
|
235
|
+
flagval = 0x80000
|
|
236
|
+
end
|
|
237
|
+
ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | flagval
|
|
238
|
+
ssl_options[:cert_store] = ssl_store
|
|
239
|
+
end
|
|
240
|
+
|
|
222
241
|
auth_options = {}
|
|
223
242
|
|
|
224
243
|
if @bearer_token_file.present?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-kubernetes_metadata_filter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jimmi Dyson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-12-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|
|
@@ -256,7 +256,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
256
256
|
version: '0'
|
|
257
257
|
requirements: []
|
|
258
258
|
rubyforge_project:
|
|
259
|
-
rubygems_version: 2.6
|
|
259
|
+
rubygems_version: 2.7.6
|
|
260
260
|
signing_key:
|
|
261
261
|
specification_version: 4
|
|
262
262
|
summary: Fluentd filter plugin to add Kubernetes metadata
|