Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filter_kubernetes: Add ability to change kubelet_host #5291

Merged
merged 1 commit into from
Jul 7, 2022
Merged

filter_kubernetes: Add ability to change kubelet_host #5291

merged 1 commit into from
Jul 7, 2022

Conversation

tumd
Copy link
Contributor

@tumd tumd commented Apr 12, 2022
edited
Loading

Allow the user to set kubelet_host when use_kubelet is true.
Defaults to '127.0.0.1'.

Fixes #5143

Signed-off-by: Thomas Danielsson thomas.danielsson@sharespine.com

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

  • Example configuration file for the change
[INPUT]
  Name dummy
  Dummy {"top": {".dotted": "value"}}

[FILTER]
  Name          kubernetes
  Match         *
  Use_Kubelet   true
  Kubelet_Host  ${KUBELET_HOST}
  Kubelet_Port  10250


[OUTPUT]
  Name stdout
  Match *
  • Debug log output from testing the change
[2022/04/12 10:12:30] [ info] [filter:kubernetes:kubernetes.0] https=1 host=10.132.15.210 port=10250
[2022/04/12 10:12:30] [ info] [filter:kubernetes:kubernetes.0] local POD info OK
[2022/04/12 10:12:30] [ info] [filter:kubernetes:kubernetes.0] testing connectivity with Kubelet...
[2022/04/12 10:12:30] [debug] [filter:kubernetes:kubernetes.0] Send out request to Kubelet for pods information.
[2022/04/12 10:12:30] [debug] [http_client] not using http_proxy for header
[2022/04/12 10:12:30] [debug] [http_client] server 10.132.15.210:10250 will close connection #67
[2022/04/12 10:12:30] [debug] [filter:kubernetes:kubernetes.0] Request (ns=logging, pod=fluent-bit-kt7hc) http_do=0, HTTP Status: 200
[2022/04/12 10:12:30] [ info] [filter:kubernetes:kubernetes.0] connectivity OK
  • [N/A] Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

Documentation

Backporting

  • [N/A] Backport to latest stable release.

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

tumd added a commit to tumd/fluent-bit-docs that referenced this pull request Apr 12, 2022
@tumd
pipeline: filters: kubernetes: Add kubelet_host
fc70159 
Related fluent/fluent-bit#5291

Signed-off-by: Thomas Danielsson <thomas.danielsson@sharespine.com>
@tumd tumd mentioned this pull request Apr 12, 2022
Merged
@patrick-stephens
Copy link
Contributor

Can you rebase as seems to be picking up a fixed error in linting?

@tumd
Copy link
Contributor Author

tumd commented May 16, 2022

@patrick-stephens Done!

@wmedlar
Copy link

wmedlar commented Jun 27, 2022

This is a very valuable addition for secure environments. Can we get the ball rolling on review again?

cc codeowners: @edsiper @leonardo-albertovich @fujimotos @koleini

@tumd
filter_kubernetes: Add ability to change kubelet_host
e19fbc0 
Allow the user to set kubelet_host when use_kubelet is true.
Defaults to '127.0.0.1'.

Fixes fluent#5143

Signed-off-by: Thomas Danielsson <thomas.danielsson@sharespine.com>
leonardo-albertovich
leonardo-albertovich approved these changes Jun 29, 2022
View reviewed changes
Copy link
Collaborator

@leonardo-albertovich leonardo-albertovich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know nearly enough about kubernetes to understand the rational of this but the code changes look harmless since the default behavior is retained through the default value in the configuration entry.

I'd say it's good as long as the tests pass.

@patrick-stephens patrick-stephens temporarily deployed to integration June 29, 2022 19:02 Inactive
@patrick-stephens patrick-stephens temporarily deployed to integration June 29, 2022 19:07 Inactive
@edsiper edsiper merged commit b2ad0f9 into fluent:master Jul 7, 2022
@lecaros lecaros added this to the Fluent Bit v1.9.6 milestone Jul 7, 2022
@cw-sakamoto cw-sakamoto mentioned this pull request Jul 11, 2022
Merged
1 task
lecaros pushed a commit to fluent/fluent-bit-docs that referenced this pull request Jul 29, 2022
@tumd
pipeline: filters: kubernetes: Add kubelet_host (#787)
3a5c0a6 
Related fluent/fluent-bit#5291

Signed-off-by: Thomas Danielsson <thomas.danielsson@sharespine.com>
nkinkade added a commit to m-lab/k8s-support that referenced this pull request Sep 20, 2022
@nkinkade
Sets Use_Kubelet=true for kubernetes plugin
7860aed 
We also need to specifiy the Kubelet_Host so that fluent-bit knows on
which address to contact the kubelet. See:

fluent/fluent-bit#5143
fluent/fluent-bit#5291
nkinkade added a commit to m-lab/k8s-support that referenced this pull request Sep 21, 2022
@nkinkade
Make fluent-bit fetch pod metadata from kubelet instead of api server (
fa2e957 
…#729)

* Sets Use_Kubelet=true for kubernetes plugin

We also need to specifiy the Kubelet_Host so that fluent-bit knows on
which address to contact the kubelet. See:

fluent/fluent-bit#5143
fluent/fluent-bit#5291

* Bumps fluent-bit to v1.9.8

* Gives fluentbit rights to "nodes" and "nodes/proxy"

This is apparently required of the "Use_Kubelet=true" configuration of
the kubernetes filter, allowing it to query the kubelet's /pods endpoint
for pod metadata instead of having to contact an api server.

* Disables TLS verification of kubelet self-signed cert
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leonardo-albertovich leonardo-albertovich leonardo-albertovich approved these changes

@edsiper edsiper Awaiting requested review from edsiper edsiper is a code owner

@fujimotos fujimotos Awaiting requested review from fujimotos fujimotos is a code owner

@koleini koleini Awaiting requested review from koleini koleini is a code owner

Assignees
No one assigned
Labels
ci/integration-docker-ok ci/integration-test-ok ok-to-test
Projects
None yet
Milestone
Fluent Bit v1.9.6
Development

Successfully merging this pull request may close these issues.

Allow specifying Kubelet host
6 participants
@tumd @patrick-stephens @wmedlar @leonardo-albertovich @edsiper @lecaros