Skip to content

Commit

Permalink
[8.x] [EEM] Add built in definitions for core Kubernetes entities (#1…
Browse files Browse the repository at this point in the history
…96916) (#201660)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[EEM] Add built in definitions for core Kubernetes entities
(#196916)](#196916)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Milton
Hultgren","email":"milton.hultgren@elastic.co"},"sourceCommit":{"committedDate":"2024-11-19T21:23:52Z","message":"[EEM]
Add built in definitions for core Kubernetes entities (#196916)\n\n## 🍒
Summary\r\n\r\nThis PR adds the OTEL and ECS entity definition for
Kubernetes. This\r\ncovers the following datasets:\r\n- Cluster\r\n-
Service (ECS Only)\r\n- Pod\r\n- ReplicaSet\r\n- Deployment\r\n-
Statefulset\r\n- DaemonSet\r\n- Job\r\n- CronJob\r\n- Node\r\n\r\nThis
PR does not include Container per @roshan-elastic \r\n\r\n### ✅
TODO\r\n- [X] Use correct index pattern for SemConv
data\r\n(`metrics-k8sclusterreceiver.otel-default`,\r\n`metrics-kubeletstatsreceiver.otel-default`)\r\nUse
global IDs instead of local IDs\r\n- [X] Add minimal list of labels to
track beyond what was already added\r\n(wildcards are not supported,
example `container.image.name` for\r\ncontainers to allow to find all
\"redis\" containers)\r\n- [ ] Test with ECS data, SemConv data and
mixed data (to check if we\r\nget duplicates, with the container
definition for example).\r\n\r\n### 🐴 Follow up EEM features
\r\nhttps://github.com/elastic/elastic-entity-model/issues/170
(Add\r\ndedicated aggregation for display name and use that instead to
provide a\r\nbetter label than the global
ID)\r\nhttps://github.com/elastic/elastic-entity-model/issues/193 (Add
entity\r\ntype display label to allow UI to not hard code a user
friendly label)\r\n\r\n---------\r\n\r\nCo-authored-by: Chris Cowan
<chris@elastic.co>\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"080d0ff97f00bf564dedfd8fd37cdac0370e1349","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport:skip","v9.0.0","release_note:feature","v8.17.0"],"number":196916,"url":"https://github.com/elastic/kibana/pull/196916","mergeCommit":{"message":"[EEM]
Add built in definitions for core Kubernetes entities (#196916)\n\n## 🍒
Summary\r\n\r\nThis PR adds the OTEL and ECS entity definition for
Kubernetes. This\r\ncovers the following datasets:\r\n- Cluster\r\n-
Service (ECS Only)\r\n- Pod\r\n- ReplicaSet\r\n- Deployment\r\n-
Statefulset\r\n- DaemonSet\r\n- Job\r\n- CronJob\r\n- Node\r\n\r\nThis
PR does not include Container per @roshan-elastic \r\n\r\n### ✅
TODO\r\n- [X] Use correct index pattern for SemConv
data\r\n(`metrics-k8sclusterreceiver.otel-default`,\r\n`metrics-kubeletstatsreceiver.otel-default`)\r\nUse
global IDs instead of local IDs\r\n- [X] Add minimal list of labels to
track beyond what was already added\r\n(wildcards are not supported,
example `container.image.name` for\r\ncontainers to allow to find all
\"redis\" containers)\r\n- [ ] Test with ECS data, SemConv data and
mixed data (to check if we\r\nget duplicates, with the container
definition for example).\r\n\r\n### 🐴 Follow up EEM features
\r\nhttps://github.com/elastic/elastic-entity-model/issues/170
(Add\r\ndedicated aggregation for display name and use that instead to
provide a\r\nbetter label than the global
ID)\r\nhttps://github.com/elastic/elastic-entity-model/issues/193 (Add
entity\r\ntype display label to allow UI to not hard code a user
friendly label)\r\n\r\n---------\r\n\r\nCo-authored-by: Chris Cowan
<chris@elastic.co>\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"080d0ff97f00bf564dedfd8fd37cdac0370e1349"}},"sourceBranch":"main","suggestedTargetBranches":["8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/196916","number":196916,"mergeCommit":{"message":"[EEM]
Add built in definitions for core Kubernetes entities (#196916)\n\n## 🍒
Summary\r\n\r\nThis PR adds the OTEL and ECS entity definition for
Kubernetes. This\r\ncovers the following datasets:\r\n- Cluster\r\n-
Service (ECS Only)\r\n- Pod\r\n- ReplicaSet\r\n- Deployment\r\n-
Statefulset\r\n- DaemonSet\r\n- Job\r\n- CronJob\r\n- Node\r\n\r\nThis
PR does not include Container per @roshan-elastic \r\n\r\n### ✅
TODO\r\n- [X] Use correct index pattern for SemConv
data\r\n(`metrics-k8sclusterreceiver.otel-default`,\r\n`metrics-kubeletstatsreceiver.otel-default`)\r\nUse
global IDs instead of local IDs\r\n- [X] Add minimal list of labels to
track beyond what was already added\r\n(wildcards are not supported,
example `container.image.name` for\r\ncontainers to allow to find all
\"redis\" containers)\r\n- [ ] Test with ECS data, SemConv data and
mixed data (to check if we\r\nget duplicates, with the container
definition for example).\r\n\r\n### 🐴 Follow up EEM features
\r\nhttps://github.com/elastic/elastic-entity-model/issues/170
(Add\r\ndedicated aggregation for display name and use that instead to
provide a\r\nbetter label than the global
ID)\r\nhttps://github.com/elastic/elastic-entity-model/issues/193 (Add
entity\r\ntype display label to allow UI to not hard code a user
friendly label)\r\n\r\n---------\r\n\r\nCo-authored-by: Chris Cowan
<chris@elastic.co>\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"080d0ff97f00bf564dedfd8fd37cdac0370e1349"}},{"branch":"8.x","label":"v8.17.0","labelRegex":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Milton Hultgren <milton.hultgren@elastic.co>
  • Loading branch information
simianhacker and miltonhultgren authored Nov 26, 2024
1 parent c5b964e commit 456316b
Show file tree
Hide file tree
Showing 30 changed files with 802 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,13 @@ import { builtInServicesFromEcsEntityDefinition } from './services_from_ecs_data
import { builtInHostsFromEcsEntityDefinition } from './hosts_from_ecs_data';
import { builtInContainersFromEcsEntityDefinition } from './containers_from_ecs_data';

import * as kubernetes from './kubernetes';

export { BUILT_IN_ID_PREFIX } from './constants';

export const builtInDefinitions: EntityDefinition[] = [
builtInServicesFromEcsEntityDefinition,
builtInHostsFromEcsEntityDefinition,
builtInContainersFromEcsEntityDefinition,
...Object.values(kubernetes),
];
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export const commonEcsIndexPatterns = ['metrics-kubernetes*', 'logs-*'];
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { MetadataField } from '@kbn/entities-schema';
import { globalMetadata } from './global_metadata';

export const commonEcsMetadata: MetadataField[] = [
...globalMetadata,
{
source: 'orchestrator.namespace',
destination: 'orchestrator.namespace',
aggregation: { type: 'terms', limit: 10 },
},
{
source: 'orchestrator.cluster_ip',
destination: 'orchestrator.cluster_id',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
{
source: 'orchestrator.cluster_name',
destination: 'orchestrator.cluster_name',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
];
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { MetadataField } from '@kbn/entities-schema';

export const globalMetadata: MetadataField[] = [
{
source: '_index',
destination: 'source_index',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
{
source: 'data_stream.type',
destination: 'source_data_stream.type',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
{
source: 'data_stream.dataset',
destination: 'source_data_stream.dataset',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
];
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export const commonOtelIndexPatterns = ['metrics-*otel*', 'logs-*'];
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { MetadataField } from '@kbn/entities-schema';
import { globalMetadata } from './global_metadata';

export const commonOtelMetadata: MetadataField[] = [
...globalMetadata,
{
source: 'k8s.namespace.name',
destination: 'k8s.namespace.name',
aggregation: { type: 'terms', limit: 10 },
},
{
source: 'k8s.cluster.name',
destination: 'k8s.cluster.name',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
];
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { globalMetadata } from '../common/global_metadata';

export const builtInKubernetesClusterEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_cluster_ecs`,
filter: 'orchestrator.cluster.name: *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Clusters from ECS data',
description:
'This definition extracts Kubernetes cluster entities from the Kubernetes integration data streams',
type: 'k8s.cluster.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['orchestrator.cluster.name'],
displayNameTemplate: '{{orchestrator.cluster.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: [
...globalMetadata,
{
source: 'orchestrator.namespace',
destination: 'orchestrator.namespace',
aggregation: { type: 'terms', limit: 10 },
},
{
source: 'orchestrator.cluster_ip',
destination: 'orchestrator.cluster_id',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
],
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { commonEcsMetadata } from '../common/ecs_metadata';

export const builtInKubernetesCronJobEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_cron_job_ecs`,
filter: 'kubernetes.cronjob.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes CronJob from ECS data',
description:
'This definition extracts Kubernetes cron job entities from the Kubernetes integration data streams',
type: 'k8s.cronjob.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.cronjob.uid'],
displayNameTemplate: '{{kubernetes.cronjob.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { commonEcsMetadata } from '../common/ecs_metadata';

export const builtInKubernetesDaemonSetEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_daemon_set_ecs`,
filter: 'kubernetes.daemonset.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes DaemonSet from ECS data',
description:
'This definition extracts Kubernetes daemon set entities from the Kubernetes integration data streams',
type: 'k8s.daemonset.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.daemonset.name'],
displayNameTemplate: '{{kubernetes.daemonset.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsMetadata } from '../common/ecs_metadata';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';

export const builtInKubernetesDeploymentEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_deployment_ecs`,
filter: 'kubernetes.deployment.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Deployment from ECS data',
description:
'This definition extracts Kubernetes deployment entities from the Kubernetes integration data streams',
type: 'k8s.deployment.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.deployment.uid'],
displayNameTemplate: '{{kubernetes.deployment.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export { builtInKubernetesClusterEcsEntityDefinition } from './cluster';
export { builtInKubernetesNodeEcsEntityDefinition } from './node';
export { builtInKubernetesPodEcsEntityDefinition } from './pod';
export { builtInKubernetesReplicaSetEcsEntityDefinition } from './replica_set';
export { builtInKubernetesDeploymentEcsEntityDefinition } from './deployment';
export { builtInKubernetesStatefulSetEcsEntityDefinition } from './stateful_set';
export { builtInKubernetesDaemonSetEcsEntityDefinition } from './daemon_set';
export { builtInKubernetesJobEcsEntityDefinition } from './job';
export { builtInKubernetesCronJobEcsEntityDefinition } from './cron_job';
export { builtInKubernetesServiceEcsEntityDefinition } from './service';
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { commonEcsMetadata } from '../common/ecs_metadata';

export const builtInKubernetesJobEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_job_ecs`,
filter: 'kubernetes.job.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Job from ECS data',
description:
'This definition extracts Kubernetes job entities from the Kubernetes integration data streams',
type: 'k8s.job.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.job.uid'],
displayNameTemplate: '{{kubernetes.job.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { commonEcsMetadata } from '../common/ecs_metadata';

export const builtInKubernetesNodeEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_node_ecs`,
filer: 'kubernetes.node.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Node from ECS data',
description:
'This definition extracts Kubernetes node entities from the Kubernetes integration data streams',
type: 'k8s.node.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.node.uid'],
displayNameTemplate: '{{kubernetes.node.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsMetadata } from '../common/ecs_metadata';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';

export const builtInKubernetesPodEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_pod_ecs`,
filter: 'kubernetes.pod.uid: *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Pod from ECS data',
description:
'This definition extracts Kubernetes pod entities from the Kubernetes integration data streams',
type: 'k8s.pod.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.pod.name'],
displayNameTemplate: '{{kubernetes.pod.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
Loading

0 comments on commit 456316b

Please sign in to comment.