adds entity to PLE calls in cloudwatch logs plugin when used in EKS with kubernetes filter #2

nathalapooja · 2024-10-16T20:16:15Z

Modified Kubernetes filter to extract additional resource attributes
Modified cloudwatch logs plugin to add entity in PLE calls

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

Example configuration file for the change

application-log.conf: |
          [INPUT]
            Name                tail
            Tag                 application.*
            Exclude_Path        /var/log/containers/cloudwatch-agent*, /var/log/containers/fluent-bit*, /var/log/containers/aws-node*, /var/log/containers/kube-proxy*
            Path                /var/log/containers/*.log
            multiline.parser    docker, cri
            DB                  /var/fluent-bit/state/flb_container.db
            Mem_Buf_Limit       50MB
            Skip_Long_Lines     On
            Refresh_Interval    10
            Rotate_Wait         30
            storage.type        filesystem
            Read_from_Head      ${READ_FROM_HEAD}
          
          [INPUT]
            Name                tail
            Tag                 application.*
            Path                /var/log/containers/fluent-bit*
            multiline.parser    docker, cri
            DB                  /var/fluent-bit/state/flb_log.db
            Mem_Buf_Limit       5MB
            Skip_Long_Lines     On
            Refresh_Interval    10
            Read_from_Head      ${READ_FROM_HEAD}
          
          [INPUT]
            Name                tail
            Tag                 application.*
            Path                /var/log/containers/cloudwatch-agent*
            multiline.parser    docker, cri
            DB                  /var/fluent-bit/state/flb_cwagent.db
            Mem_Buf_Limit       5MB
            Skip_Long_Lines     On
            Refresh_Interval    10
            Read_from_Head      ${READ_FROM_HEAD}
          
          [FILTER]
            Name                aws
            Match               application.*
          
          [FILTER]
            Name                kubernetes
            Match               application.*
            Kube_URL            https://kubernetes.default.svc:443
            Kube_Tag_Prefix     application.var.log.containers.
            Merge_Log           On
            Merge_Log_Key       log_processed
            K8S-Logging.Parser  On
            K8S-Logging.Exclude Off
            Labels              Off
            Annotations         Off
            Use_Kubelet         On
            Kubelet_Port        10250
            Buffer_Size         0
            Use_Pod_Association On
          
          [OUTPUT]
            Name                cloudwatch_logs
            Match               application.*
            region              ${AWS_REGION}
            log_group_name      /aws/containerinsights/${CLUSTER_NAME}/application
            log_stream_prefix   ${HOST_NAME}-
            auto_create_group   true
            extra_user_agent    container-insights
            add_entity          true

Debug log output from testing the change

│ [2024/10/15 19:40:54] [ info] [filter:kubernetes:kubernetes.1] fetch pod to service map  │
│ [2024/10/15 19:40:54] [ info] [filter:kubernetes:kubernetes.1] [kubernetes] upstream object for pod association is NULL. Making a new one now  │
│ [2024/10/15 19:40:54] [ info] [filter:kubernetes:kubernetes.1] Request (uri = /kubernetes/pod-to-service-env-map) http_do=0, HTTP Status: 200  │
│ [2024/10/15 19:40:54] [ info] [filter:kubernetes:kubernetes.1] HTTP response payload : {"billing-service-python-6cf6c77d6d-pxhjn":{"ServiceName":"billing-service-python","Environment":"eks:test-agent/default","ServiceNameSource":"Unknown"},"insurance-service-python-6b86f768f-k │
│ wlql":{"ServiceName":"insurance-service-python","Environment":"eks:test-agent/default","ServiceNameSource":"Unknown"},**"pet-clinic-frontend-java-6d9b8667d7-zc7cl":{"ServiceName":"pet-clinic-frontend-java","Environment":"eks:test-agent/default","ServiceNameSource":"K8sWorkload"**} │
│ ,"visits-service-java-655896dbd8-nmt77":{"ServiceName":"visits-service-java","Environment":"eks:test-agent/default","ServiceNameSource":"K8sWorkload"}}  │
│  │
│ [2024/10/15 19:40:54] [ info] [filter:kubernetes:kubernetes.1] Updating pod to service map after 60 seconds

Attached Valgrind output that shows no leaks or memory corruption was found

==8923== 
==8923== HEAP SUMMARY:
==8923==     in use at exit: 1,584 bytes in 1 blocks
==8923==   total heap usage: 2,292 allocs, 2,291 frees, 1,009,774 bytes allocated
==8923== 
==8923== LEAK SUMMARY:
==8923==    definitely lost: 0 bytes in 0 blocks
==8923==    indirectly lost: 0 bytes in 0 blocks
==8923==      possibly lost: 0 bytes in 0 blocks
==8923==    still reachable: 1,584 bytes in 1 blocks
==8923==         suppressed: 0 bytes in 0 blocks
==8923== Reachable blocks (those to which a pointer was found) are not shown.
==8923== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==8923== 
==8923== For lists of detected and suppressed errors, rerun with: -s
==8923== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
SUCCESS: All unit tests have passed.
==3470== 
==3470== HEAP SUMMARY:
==3470==     in use at exit: 0 bytes in 0 blocks
==3470==   total heap usage: 2 allocs, 2 frees, 2,608 bytes allocated
==3470== 
==3470== All heap blocks were freed -- no leaks are possible
==3470== 
==3470== For lists of detected and suppressed errors, rerun with: -s
==3470== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

Run local packaging test showing all targets (including any new ones) build.
Set ok-package-test label to test for all targets (requires maintainer to do).
N/A
Documentation

Documentation required for this feature

Backporting

Backport to latest stable release.
N/A

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

…uent#5929)" This reverts commit 300206a.

Signed-off-by: Matthew Fala <[email protected]>

Signed-off-by: Clay Cheng <[email protected]>

…e output. Signed-off-by: Clay Cheng <[email protected]>

…me output. Signed-off-by: Clay Cheng <[email protected]>

Signed-off-by: Wesley Pettit <[email protected]>

fluent#6614 1.9 based branch Signed-off-by: Wesley Pettit <[email protected]>

Signed-off-by: Matthew Fala <[email protected]>

Signed-off-by: Wesley Pettit <[email protected]>

Resolves this issue: fluent#6821 Signed-off-by: Wesley Pettit <[email protected]>

prepare_destroy_conn calls mk_list_del on the event in the priority bucket queue, so for safety, we inject it after this covers us against the case where the event was triggered and waiting, but we also reached the timeout. Signed-off-by: Wesley Pettit <[email protected]>

… everywhere with MK_EVENT_ZERO Signed-off-by: Wesley Pettit <[email protected]>

this message is very useful in debugging Fluent Bit log loss or frozen. But it needs context on which input the append happened for. Signed-off-by: Wesley Pettit <[email protected]>

These messages are useful for debugging except with only the inode, it you have to do work to match this with specific files. Signed-off-by: Wesley Pettit <[email protected]>

Signed-off-by: Wesley Pettit <[email protected]>

…t#6719) Signed-off-by: Wesley Pettit <[email protected]>

Signed-off-by: Wesley Pettit <[email protected]>

Signed-off-by: Matthew Fala <[email protected]>

Signed-off-by: Wesley Pettit <[email protected]>

…etes (fluent#21)

…ernetes filter

…te-fluent-bit into add-entity

swapneils

Some blocking questions and code-changes, please take a look.

Non-blocking points are prefixed as "Nit"

plugins/filter_aws/aws.c

plugins/filter_kubernetes/kube_meta.c

plugins/out_cloudwatch_logs/cloudwatch_api.c

plugins/out_cloudwatch_logs/cloudwatch_logs.c

tests/runtime/filter_kubernetes.c

…t#25)

…nt#26)

…te-fluent-bit into add-entity

…ch Agent Adds Use_Pod_association option. When running in a kubernetes container, setting this option to On vends an `entity` object with pod metadata from CWA to a cloudwatch_logs output with the new `add_entity` option set to true. (PR #2 in amazon-contributing/upstream-to-fluent-bit)

matthewfala and others added 30 commits August 20, 2024 04:29

Revert "out_datadog: fix/add error handling for all flb_sds calls (fl…

efed0b6

…uent#5929)" This reverts commit 300206a.

aws: add excluded_headers option to signv4 function

71143a8

Signed-off-by: Matthew Fala <[email protected]>

out_es: aoss authentication support

3de95b3

Signed-off-by: Matthew Fala <[email protected]>

out_opensearch: aoss authentication support

947b13e

Signed-off-by: Matthew Fala <[email protected]>

flb_aws_util: added function flb_aws_strftime_precision for time output.

6a9be1b

Signed-off-by: Clay Cheng <[email protected]>

out_kinesis_streams: used function flb_aws_strftime_precision for tim…

6e8e335

…e output. Signed-off-by: Clay Cheng <[email protected]>

out_kinesis_firehose: used function flb_aws_strftime_precision for ti…

fefa130

…me output. Signed-off-by: Clay Cheng <[email protected]>

out_s3: fix logic in log_key warn message

2ceb7ad

Signed-off-by: Wesley Pettit <[email protected]>

filter_ecs: all fixes from December 2022 in these PRs:

88f4952

fluent#6614 1.9 based branch Signed-off-by: Wesley Pettit <[email protected]>

edr-chunk-length-scraper

c2b00bd

edr-buffer-resize-logic

7f76a49

datadog: resolve tag buffer resize bug

ba4b5a2

Signed-off-by: Matthew Fala <[email protected]>

core: sync scheduler resolve multi task user issue

8510a94

Signed-off-by: Matthew Fala <[email protected]>

aws: util: extra_user_agent is always type flb_sds_t

cf65f13

Signed-off-by: Wesley Pettit <[email protected]>

out_cloudwatch_logs: aws client extra_user_agent is always flb_sds_t

65c4e32

Signed-off-by: Wesley Pettit <[email protected]>

include: aws: remove unneeeded free_user_agent

d872675

Signed-off-by: Wesley Pettit <[email protected]>

upstream_conn: clean up keepalive event in sync case

2c763cf

Resolves this issue: fluent#6821 Signed-off-by: Wesley Pettit <[email protected]>

mk_event: fix bucket queue corruption in mk_event_add and init events…

b9d990f

… everywhere with MK_EVENT_ZERO Signed-off-by: Wesley Pettit <[email protected]>

input_chunk: add context for chunk append debug message

88f2778

this message is very useful in debugging Fluent Bit log loss or frozen. But it needs context on which input the append happened for. Signed-off-by: Wesley Pettit <[email protected]>

in_tail: add file name context to inotify debug event mask

29996cb

These messages are useful for debugging except with only the inode, it you have to do work to match this with specific files. Signed-off-by: Wesley Pettit <[email protected]>

in_tail: fix ordering of args in tail debug message

cf37e73

Signed-off-by: Wesley Pettit <[email protected]>

out_s3: fix s3 key tag bug by using sds string

3ceaeff

Signed-off-by: Wesley Pettit <[email protected]>

input_chunk: info level instead of debug for chunk removal msg (fluen…

af46799

…t#6719) Signed-off-by: Wesley Pettit <[email protected]>

input_chunk: use total_chunks_up in overlimit warn message (fluent#6714)

33e5c86

Signed-off-by: Wesley Pettit <[email protected]>

out_cloudwatch_logs: support tls verify and port options

6343e98

Signed-off-by: Matthew Fala <[email protected]>

go plugins: separate exit and deregister into separate functions

c8ea7f2

Signed-off-by: Wesley Pettit <[email protected]>

proxy: go: fix build by removing return value for void proxy_go_destroy

1c4c8a0

Signed-off-by: Wesley Pettit <[email protected]>

sds: fix off by 1 bug in flb_sds_printf

eb4ccc8

Signed-off-by: Wesley Pettit <[email protected]>

sds: flb_sds_printf: flb_sds_increase increases by not to

1d7c0f6

Signed-off-by: Wesley Pettit <[email protected]>

zhihonl and others added 5 commits October 3, 2024 17:07

Fix fluentbit failure when running without permissions (fluent#19)

af03117

Add environment fallback for different kubernetes platforms (fluent#20)

9875b8c

Fix incorrect kubernetes platform and missing entity in native Kubern…

8e6d48c

…etes (fluent#21)

Fix to not send entity when flag is disabled (fluent#23)

ca0749b

adds entity to PLE calls in cloudwatch logs when used in EKS with kub…

fac95cb

…ernetes filter

nathalapooja requested a review from swapneils October 16, 2024 20:16

nathalapooja had a problem deploying to pr October 16, 2024 20:16 — with GitHub Actions Failure

nathalapooja temporarily deployed to pr October 16, 2024 20:16 — with GitHub Actions Inactive

zhihonl and others added 2 commits October 17, 2024 11:40

Remove entity related log messages and rename entity fields (fluent#22)

dc025f8

Merge branch 'aws-fluent-bit-cherry-pick' of github.com:zhihonl/priva…

740a57a

…te-fluent-bit into add-entity

nathalapooja had a problem deploying to pr October 17, 2024 17:40 — with GitHub Actions Failure

nathalapooja temporarily deployed to pr October 17, 2024 17:40 — with GitHub Actions Inactive

zhihonl and others added 2 commits October 18, 2024 14:24

Remove entity related fields on top-level message pack map (fluent#24)

526512e

Merge branch 'aws-fluent-bit-cherry-pick' of github.com:zhihonl/priva…

5dc2e63

…te-fluent-bit into add-entity

nathalapooja had a problem deploying to pr October 21, 2024 16:27 — with GitHub Actions Failure

nathalapooja temporarily deployed to pr October 21, 2024 16:27 — with GitHub Actions Inactive

chadpatel approved these changes Oct 21, 2024

View reviewed changes

swapneils requested changes Oct 21, 2024

View reviewed changes

zhihonl and others added 4 commits October 22, 2024 10:36

Increment filter count when dynamic entity fields are modified (fluen…

f46721f

…t#25)

Move messagepack destroy to later stage to prevent memory issue (flue…

ba00160

…nt#26)

House cleaning changes to address upstream merge blockers (fluent#27)

a24118a

Merge branch 'aws-fluent-bit-cherry-pick' of github.com:zhihonl/priva…

9de7ed7

…te-fluent-bit into add-entity

nathalapooja had a problem deploying to pr October 22, 2024 17:38 — with GitHub Actions Failure

nathalapooja temporarily deployed to pr October 22, 2024 17:38 — with GitHub Actions Inactive

swapneils merged commit 027f63c into 1.9.10 Oct 22, 2024
9 of 15 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

adds entity to PLE calls in cloudwatch logs plugin when used in EKS with kubernetes filter #2

adds entity to PLE calls in cloudwatch logs plugin when used in EKS with kubernetes filter #2

nathalapooja commented Oct 16, 2024

swapneils left a comment

adds entity to PLE calls in cloudwatch logs plugin when used in EKS with kubernetes filter #2

adds entity to PLE calls in cloudwatch logs plugin when used in EKS with kubernetes filter #2

Conversation

nathalapooja commented Oct 16, 2024

swapneils left a comment

Choose a reason for hiding this comment