From 5a4d40715d92a3f285c76120f2e9cbe06a0efdf5 Mon Sep 17 00:00:00 2001 From: marqc Date: Wed, 4 Nov 2020 18:38:43 +0100 Subject: [PATCH] Autodiscover ephemeral containers in kubernetes (#22389) --- CHANGELOG.next.asciidoc | 1 + .../autodiscover/providers/kubernetes/pod.go | 9 ++ .../providers/kubernetes/pod_test.go | 114 ++++++++++++++++++ 3 files changed, 124 insertions(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index ec7a7951c49c..ad0b9a610455 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -26,6 +26,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Update to Golang 1.12.1. {pull}11330[11330] - Disable Alibaba Cloud and Tencent Cloud metadata providers by default. {pull}13812[12812] - API address is a required setting in `add_cloudfoundry_metadata`. {pull}21759[21759] +- Autodiscover kubernetes provider will find ephemeral containers. {pull}22389[22389] *Auditbeat* diff --git a/libbeat/autodiscover/providers/kubernetes/pod.go b/libbeat/autodiscover/providers/kubernetes/pod.go index b8679f59ef9a..0fb9d53d6a22 100644 --- a/libbeat/autodiscover/providers/kubernetes/pod.go +++ b/libbeat/autodiscover/providers/kubernetes/pod.go @@ -271,6 +271,15 @@ func (p *pod) emit(pod *kubernetes.Pod, flag string) { // Emit events for all initContainers p.emitEvents(pod, flag, pod.Spec.InitContainers, pod.Status.InitContainerStatuses) + + // Emit events for all ephemeralContainers + // Ephemeral containers are alpha feature in k8s and this code may require some changes, if their + // api change in the future. + var mappedEphemeralsAsContainers []kubernetes.Container + for _, c := range pod.Spec.EphemeralContainers { + mappedEphemeralsAsContainers = append(mappedEphemeralsAsContainers, kubernetes.Container(c.EphemeralContainerCommon)) + } + p.emitEvents(pod, flag, mappedEphemeralsAsContainers, pod.Status.EphemeralContainerStatuses) } func (p *pod) emitEvents(pod *kubernetes.Pod, flag string, containers []kubernetes.Container, diff --git a/libbeat/autodiscover/providers/kubernetes/pod_test.go b/libbeat/autodiscover/providers/kubernetes/pod_test.go index f8213c5612f7..1c4ec983b825 100644 --- a/libbeat/autodiscover/providers/kubernetes/pod_test.go +++ b/libbeat/autodiscover/providers/kubernetes/pod_test.go @@ -1024,6 +1024,120 @@ func TestEmitEvent(t *testing.T) { }, }, }, + { + Message: "Test ephemeral container in common pod", + Flag: "start", + Pod: &kubernetes.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + UID: types.UID(uid), + Namespace: namespace, + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + TypeMeta: typeMeta, + Status: v1.PodStatus{ + PodIP: podIP, + EphemeralContainerStatuses: []kubernetes.PodContainerStatus{ + { + Name: name, + ContainerID: containerID, + State: v1.ContainerState{ + Running: &v1.ContainerStateRunning{}, + }, + }, + }, + }, + Spec: v1.PodSpec{ + NodeName: node, + EphemeralContainers: []v1.EphemeralContainer{ + v1.EphemeralContainer{ + EphemeralContainerCommon: v1.EphemeralContainerCommon{ + Image: containerImage, + Name: name, + }, + }, + }, + }, + }, + Expected: []bus.Event{ + { + "start": true, + "host": "127.0.0.1", + "id": uid, + "provider": UUID, + "ports": common.MapStr{}, + "kubernetes": common.MapStr{ + "pod": common.MapStr{ + "name": "filebeat", + "uid": "005f3b90-4b9d-12f8-acf0-31020a840133", + }, + "node": common.MapStr{ + "name": "node", + }, + "namespace": "default", + "annotations": common.MapStr{}, + }, + "meta": common.MapStr{ + "kubernetes": common.MapStr{ + "namespace": "default", + "pod": common.MapStr{ + "name": "filebeat", + "uid": "005f3b90-4b9d-12f8-acf0-31020a840133", + }, "node": common.MapStr{ + "name": "node", + }, + }, + }, + "config": []*common.Config{}, + }, + { + "start": true, + "host": "127.0.0.1", + "port": 0, + "id": cid, + "provider": UUID, + "kubernetes": common.MapStr{ + "container": common.MapStr{ + "id": "foobar", + "name": "filebeat", + "image": "elastic/filebeat:6.3.0", + "runtime": "docker", + }, + "pod": common.MapStr{ + "name": "filebeat", + "uid": "005f3b90-4b9d-12f8-acf0-31020a840133", + }, + "node": common.MapStr{ + "name": "node", + }, + "namespace": "default", + "annotations": common.MapStr{}, + }, + "meta": common.MapStr{ + "kubernetes": common.MapStr{ + "namespace": "default", + "pod": common.MapStr{ + "name": "filebeat", + "uid": "005f3b90-4b9d-12f8-acf0-31020a840133", + }, "node": common.MapStr{ + "name": "node", + }, + "container": common.MapStr{ + "name": "filebeat", + "image": "elastic/filebeat:6.3.0", + }, + }, + "container": common.MapStr{ + "image": common.MapStr{"name": "elastic/filebeat:6.3.0"}, + "id": "foobar", + "runtime": "docker", + }, + }, + "config": []*common.Config{}, + }, + }, + }, } for _, test := range tests {