Kubernetes processor

This PR adds support for Kubernetes as a processor for Beats. The Kubernetes processor allows Beats to enrich events with metadata coming from the Kubernetes Pod from which the event originated. Metadata might include: * pod name * pod namespace * container name The Kubernetes processor relies on two constructs: * Indexers - used to generate metadata from Pods and store them with unique keys. Example of keys might be container IDs, IP:Port combinations, PodName. * Matchers - used to generate a lookup key from an event. Example of a matcher might be a log_path matcher that looks at the source field of an event, extract the container ID from the log path and use it as a lookup key to retrieve metadata about the Pod from which the log message originated.
elastic · Apr 18, 2017 · 2b9db99 · 2b9db99
1 parent a9b5334
commit 2b9db99
Show file tree

Hide file tree

Showing 169 changed files with 184,909 additions and 213 deletions.
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -94,6 +94,7 @@ https://github.com/elastic/beats/compare/v5.1.1...master[Check the HEAD diff]
 - Initialize a beats UUID from file on startup. {pull}3615[3615]
 - Add new `add_locale` processor to export the local timezone with an event. {pull}3902[3902]
 - Add http endpoint. {pull}3717[3717]
+- Add kubernetes processor {pull}3888[3888]
 
 *Filebeat*
 

diff --git a/NOTICE b/NOTICE
@@ -246,12 +246,72 @@ Copyright 2014-2015 The Prometheus Authors
 This product includes software developed at
 SoundCloud Ltd. (http://soundcloud.com/).
 
+--------------------------------------------------------------------
+github.com/ericchiang/k8s
+--------------------------------------------------------------------
+Apache License
+
+
 --------------------------------------------------------------------
 github.com/garyburd/redigo
 --------------------------------------------------------------------
 Apache License
 
 
+--------------------------------------------------------------------
+github.com/ghodss/yaml
+--------------------------------------------------------------------
+The MIT License (MIT)
+
+Copyright (c) 2014 Sam Ghods
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+
+Copyright (c) 2012 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 --------------------------------------------------------------------
 github.com/gocarina/gocsv
 --------------------------------------------------------------------
@@ -276,6 +336,41 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+--------------------------------------------------------------------
+github.com/golang/protobuf
+--------------------------------------------------------------------
+Go support for Protocol Buffers - Google's data interchange format
+
+Copyright 2010 The Go Authors.  All rights reserved.
+https://github.com/golang/protobuf
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+    * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
 --------------------------------------------------------------------
 github.com/golang/snappy
 --------------------------------------------------------------------
@@ -967,6 +1062,37 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+--------------------------------------------------------------------
+golang.org/x/tools
+--------------------------------------------------------------------
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
 --------------------------------------------------------------------
 gopkg.in/mgo.v2/bson
 --------------------------------------------------------------------

diff --git a/filebeat/beater/filebeat.go b/filebeat/beater/filebeat.go
@@ -17,6 +17,9 @@ import (
 	"github.com/elastic/beats/filebeat/publisher"
 	"github.com/elastic/beats/filebeat/registrar"
 	"github.com/elastic/beats/filebeat/spooler"
+
+	//Add filebeat level processors
+	_ "github.com/elastic/beats/filebeat/processor/annotate/kubernetes"
 )
 
 var (

diff --git a/filebeat/processor/annotate/kubernetes/indexing.go b/filebeat/processor/annotate/kubernetes/indexing.go
@@ -0,0 +1,91 @@
+package kubernetes
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/elastic/beats/libbeat/common"
+	"github.com/elastic/beats/libbeat/logp"
+	"github.com/elastic/beats/libbeat/processors/annotate/kubernetes"
+)
+
+func init() {
+	kubernetes.Indexing.AddMatcher(LogPathMatcherName, newLogsPathMatcher)
+
+	indexer := kubernetes.Indexing.GetIndexer(kubernetes.ContainerIndexerName)
+	//Add a container indexer by default.
+	if indexer != nil {
+		cfg := common.NewConfig()
+		container, err := indexer(*cfg)
+
+		if err == nil {
+			kubernetes.Indexing.AddDefaultIndexer(container)
+		} else {
+			logp.Err("Unable to load indexer plugin due to error: %v", err)
+		}
+	} else {
+		logp.Err("Unable to get indexer plugin %s", kubernetes.ContainerIndexerName)
+	}
+
+	//Add a log path matcher which can extract container ID from the "source" field.
+	matcher := kubernetes.Indexing.GetMatcher(LogPathMatcherName)
+
+	if matcher != nil {
+		cfg := common.NewConfig()
+		logsPathMatcher, err := matcher(*cfg)
+		if err == nil {
+			kubernetes.Indexing.AddDefaultMatcher(logsPathMatcher)
+		} else {
+			logp.Err("Unable to load matcher plugin due to error: %v", err)
+		}
+	} else {
+		logp.Err("Unable to get matcher plugin %s", LogPathMatcherName)
+	}
+
+}
+
+const LogPathMatcherName = "logs_path"
+
+type LogPathMatcher struct {
+	LogsPath string
+}
+
+func newLogsPathMatcher(cfg common.Config) (kubernetes.Matcher, error) {
+	config := struct {
+		LogsPath string `config:"logs_path"`
+	}{
+		LogsPath: "/var/lib/docker/containers/",
+	}
+
+	err := cfg.Unpack(&config)
+	if err != nil || config.LogsPath == "" {
+		return nil, fmt.Errorf("fail to unpack the `logs_path` configuration: %s", err)
+	}
+
+	logPath := config.LogsPath
+	if logPath[len(logPath)-1:] != "/" {
+		logPath = logPath + "/"
+	}
+
+	return &LogPathMatcher{LogsPath: logPath}, nil
+}
+
+func (f *LogPathMatcher) MetadataIndex(event common.MapStr) string {
+
+	if value, ok := event["source"]; ok {
+		source := value.(string)
+		logp.Debug("kubernetes", "Incoming source value: ", source)
+		cid := ""
+		if strings.Contains(source, f.LogsPath) {
+			//Docker container is 64 chars in length
+			cid = source[len(f.LogsPath) : len(f.LogsPath)+64]
+		}
+		logp.Debug("kubernetes", "Using container id: ", cid)
+
+		if cid != "" {
+			return cid
+		}
+	}
+
+	return ""
+}
diff --git a/filebeat/processor/annotate/kubernetes/indexing_test.go b/filebeat/processor/annotate/kubernetes/indexing_test.go
@@ -0,0 +1,31 @@
+package kubernetes
+
+import (
+	"fmt"
+	"github.com/elastic/beats/libbeat/common"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestLogsPathMatcher(t *testing.T) {
+	var testConfig = common.NewConfig()
+
+	logMatcher, err := newLogsPathMatcher(*testConfig)
+	assert.Nil(t, err)
+
+	cid := "0069869de9adf97f574c62029aeba65d1ecd85a2a112e87fbc28afe4dec2b843"
+	logPath := fmt.Sprintf("/var/lib/docker/containers/%s/%s-json.log", cid, cid)
+
+	input := common.MapStr{
+		"source": "/var/log/messages",
+	}
+
+	output := logMatcher.MetadataIndex(input)
+	assert.Equal(t, output, "")
+
+	input["source"] = logPath
+	output = logMatcher.MetadataIndex(input)
+
+	assert.Equal(t, output, cid)
+
+}
diff --git a/libbeat/beat/beat.go b/libbeat/beat/beat.go
@@ -64,6 +64,7 @@ import (
 	_ "github.com/elastic/beats/libbeat/processors/actions"
 	_ "github.com/elastic/beats/libbeat/processors/add_cloud_metadata"
 	_ "github.com/elastic/beats/libbeat/processors/add_locale"
+	_ "github.com/elastic/beats/libbeat/processors/annotate/kubernetes"
 
 	// Register default monitoring reporting
 	_ "github.com/elastic/beats/libbeat/monitoring/report/elasticsearch"