From 5f7aa8c8b03a3e6acd6405568370a7292e08c749 Mon Sep 17 00:00:00 2001 From: Michael Voelker Date: Mon, 20 Dec 2021 19:49:22 +0100 Subject: [PATCH 1/3] filter_kubernetes: add option kube_token_ttl The option sets the re-read frequency of the token for the defauld method and for option Kube_Token_Command. Default is 600 seconds. Signed-off-by: Michael Voelker --- plugins/filter_kubernetes/kube_conf.h | 1 + plugins/filter_kubernetes/kube_meta.c | 31 +++++++++++--------------- plugins/filter_kubernetes/kubernetes.c | 5 +++++ 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/plugins/filter_kubernetes/kube_conf.h b/plugins/filter_kubernetes/kube_conf.h index f67b79516a9..81b692b70fc 100644 --- a/plugins/filter_kubernetes/kube_conf.h +++ b/plugins/filter_kubernetes/kube_conf.h @@ -83,6 +83,7 @@ struct flb_kube { int dummy_meta; int tls_debug; int tls_verify; + int kube_token_ttl; flb_sds_t meta_preload_cache_dir; /* Configuration proposed through Annotations (boolean) */ diff --git a/plugins/filter_kubernetes/kube_meta.c b/plugins/filter_kubernetes/kube_meta.c index ec1ee0f6cc1..f2227f731d4 100644 --- a/plugins/filter_kubernetes/kube_meta.c +++ b/plugins/filter_kubernetes/kube_meta.c @@ -46,7 +46,6 @@ #define FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY_LEN \ (sizeof(FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY) - 1) #define FLB_KUBE_TOKEN_BUF_SIZE 8192 /* 8KB */ -#define FLB_KUBE_TOKEN_TTL 600 /* 10 minutes */ static int file_to_buffer(const char *path, char **out_buf, size_t *out_size) @@ -162,17 +161,15 @@ static int get_http_auth_header(struct flb_kube *ctx) if (ret == -1) { flb_plg_warn(ctx->ins, "failed to run command %s", ctx->kube_token_command); } - ctx->kube_token_create = time(NULL); - } + } else { ret = file_to_buffer(ctx->token_file, &tk, &tk_size); if (ret == -1) { flb_plg_warn(ctx->ins, "cannot open %s", FLB_KUBE_TOKEN); } - /* Token from token file will not expire */ - /* Set the creation time to 0 to aviod refresh */ - ctx->kube_token_create = 0; + flb_plg_info(ctx->ins, " token updated", FLB_KUBE_TOKEN); } + ctx->kube_token_create = time(NULL); /* Token */ if (ctx->token != NULL) { @@ -211,19 +208,17 @@ static int refresh_token_if_needed(struct flb_kube *ctx) int expired = 0; int ret; - if (ctx->kube_token_command != NULL) { - if (ctx->kube_token_create > 0) { - if (time(NULL) > ctx->kube_token_create + FLB_KUBE_TOKEN_TTL) { - expired = FLB_TRUE; - } + if (ctx->kube_token_create > 0) { + if (time(NULL) > ctx->kube_token_create + ctx->kube_token_ttl) { + expired = FLB_TRUE; } - - if (expired || ctx->kube_token_create == 0) { - ret = get_http_auth_header(ctx); - if (ret == -1) { - flb_plg_warn(ctx->ins, "failed to set http auth header"); - return -1; - } + } + + if (expired || ctx->kube_token_create == 0) { + ret = get_http_auth_header(ctx); + if (ret == -1) { + flb_plg_warn(ctx->ins, "failed to set http auth header"); + return -1; } } diff --git a/plugins/filter_kubernetes/kubernetes.c b/plugins/filter_kubernetes/kubernetes.c index 2a8763185ff..a788b2a7902 100644 --- a/plugins/filter_kubernetes/kubernetes.c +++ b/plugins/filter_kubernetes/kubernetes.c @@ -847,6 +847,11 @@ static struct flb_config_map config_map[] = { 0, FLB_TRUE, offsetof(struct flb_kube, kubelet_port), "kubelet port to connect with when using kubelet" }, + { + FLB_CONFIG_MAP_INT, "kube_token_ttl", "60", + 0, FLB_TRUE, offsetof(struct flb_kube, kube_token_ttl), + "kubelet token ttl" + }, /* * Set TTL for K8s cached metadata */ From c9944738e199b48ba3d7323355d6bf1cb9f85bb4 Mon Sep 17 00:00:00 2001 From: Michael Voelker Date: Wed, 12 Jan 2022 19:35:29 +0100 Subject: [PATCH 2/3] filter_kubernetes: set kube_token_ttl default to 600s Signed-off-by: Michael Voelker --- plugins/filter_kubernetes/kubernetes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/filter_kubernetes/kubernetes.c b/plugins/filter_kubernetes/kubernetes.c index a788b2a7902..1d0cd43c1f5 100644 --- a/plugins/filter_kubernetes/kubernetes.c +++ b/plugins/filter_kubernetes/kubernetes.c @@ -848,7 +848,7 @@ static struct flb_config_map config_map[] = { "kubelet port to connect with when using kubelet" }, { - FLB_CONFIG_MAP_INT, "kube_token_ttl", "60", + FLB_CONFIG_MAP_INT, "kube_token_ttl", "600", 0, FLB_TRUE, offsetof(struct flb_kube, kube_token_ttl), "kubelet token ttl" }, From 75446d861dd55e70062a1428dd069c383b94cdce Mon Sep 17 00:00:00 2001 From: Michael Voelker Date: Thu, 12 May 2022 19:43:32 +0200 Subject: [PATCH 3/3] filter_kubernetes: use FLB_CONFIG_MAP_TIME for kube_token_ttl config Signed-off-by: Michael Voelker --- plugins/filter_kubernetes/kubernetes.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/filter_kubernetes/kubernetes.c b/plugins/filter_kubernetes/kubernetes.c index 1d0cd43c1f5..f6568e3e4ac 100644 --- a/plugins/filter_kubernetes/kubernetes.c +++ b/plugins/filter_kubernetes/kubernetes.c @@ -848,9 +848,9 @@ static struct flb_config_map config_map[] = { "kubelet port to connect with when using kubelet" }, { - FLB_CONFIG_MAP_INT, "kube_token_ttl", "600", + FLB_CONFIG_MAP_TIME, "kube_token_ttl", "10m", 0, FLB_TRUE, offsetof(struct flb_kube, kube_token_ttl), - "kubelet token ttl" + "kubernetes token ttl, until it is reread from the token file. Default: 10m" }, /* * Set TTL for K8s cached metadata