From 439b808c6944d847f20e3188eb5f1417de979558 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 24 Mar 2021 15:26:08 +0100 Subject: [PATCH] Disable cleanup_timeout by default in docker and kubernetes autodiscover (#24681) It is kept to 60 seconds in Filebeat, to give a time to collect logs. Keeping configurations running for some time after containers have stopped is needed in some cases to complete the collection of logs. But in the rest of cases it is not usually needed, and leads to errors when querying endpoints known to be down. It can also lead to query IPs that are being reused in newer containers, what can be misleading if the newer pod answers because these events will still have the metadata of the old container. --- CHANGELOG.next.asciidoc | 1 + filebeat/autodiscover/defaults.go | 30 +++++++++++++++++++ filebeat/autodiscover/imports.go | 22 ++++++++++++++ filebeat/beater/filebeat.go | 4 +-- .../autodiscover/providers/docker/config.go | 5 +++- .../providers/kubernetes/config.go | 5 +++- libbeat/docs/shared-autodiscover.asciidoc | 16 ++++++++-- 7 files changed, 77 insertions(+), 6 deletions(-) create mode 100644 filebeat/autodiscover/defaults.go create mode 100644 filebeat/autodiscover/imports.go diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index cdfa2073453..1981b0119e2 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -32,6 +32,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Update to ECS 1.7.0. {pull}22571[22571] - Add support for SCRAM-SHA-512 and SCRAM-SHA-256 in Kafka output. {pull}12867[12867] - Use alias to report container image in k8s metadata. {pull}24380[24380] +- Set `cleanup_timeout` to zero by default in docker and kubernetes autodiscover in all beats except Filebeat where it is kept to 60 seconds. {pull}24681[24681] *Auditbeat* diff --git a/filebeat/autodiscover/defaults.go b/filebeat/autodiscover/defaults.go new file mode 100644 index 00000000000..701241ba625 --- /dev/null +++ b/filebeat/autodiscover/defaults.go @@ -0,0 +1,30 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package autodiscover + +import ( + "time" + + "github.com/elastic/beats/v7/libbeat/autodiscover/providers/docker" + "github.com/elastic/beats/v7/libbeat/autodiscover/providers/kubernetes" +) + +func init() { + docker.DefaultCleanupTimeout = 60 * time.Second + kubernetes.DefaultCleanupTimeout = 60 * time.Second +} diff --git a/filebeat/autodiscover/imports.go b/filebeat/autodiscover/imports.go new file mode 100644 index 00000000000..561c2395ac4 --- /dev/null +++ b/filebeat/autodiscover/imports.go @@ -0,0 +1,22 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package autodiscover + +import ( + _ "github.com/elastic/beats/v7/filebeat/autodiscover/builder/hints" +) diff --git a/filebeat/beater/filebeat.go b/filebeat/beater/filebeat.go index 837fc341a79..41b15b1543c 100644 --- a/filebeat/beater/filebeat.go +++ b/filebeat/beater/filebeat.go @@ -54,8 +54,8 @@ import ( _ "github.com/elastic/beats/v7/filebeat/processor/add_kubernetes_metadata" _ "github.com/elastic/beats/v7/libbeat/processors/decode_csv_fields" - // include all filebeat specific builders - _ "github.com/elastic/beats/v7/filebeat/autodiscover/builder/hints" + // include all filebeat specific autodiscover features + _ "github.com/elastic/beats/v7/filebeat/autodiscover" ) const pipelinesWarning = "Filebeat is unable to load the Ingest Node pipelines for the configured" + diff --git a/libbeat/autodiscover/providers/docker/config.go b/libbeat/autodiscover/providers/docker/config.go index 4780addecbd..0af6c2791dd 100644 --- a/libbeat/autodiscover/providers/docker/config.go +++ b/libbeat/autodiscover/providers/docker/config.go @@ -40,12 +40,15 @@ type Config struct { CleanupTimeout time.Duration `config:"cleanup_timeout" validate:"positive"` } +// Public variable, so specific beats (as Filebeat) can set a different cleanup timeout if they need it. +var DefaultCleanupTimeout time.Duration = 0 + func defaultConfig() *Config { return &Config{ Host: "unix:///var/run/docker.sock", Prefix: "co.elastic", Dedot: true, - CleanupTimeout: 60 * time.Second, + CleanupTimeout: DefaultCleanupTimeout, } } diff --git a/libbeat/autodiscover/providers/kubernetes/config.go b/libbeat/autodiscover/providers/kubernetes/config.go index 84672659f74..82e115527aa 100644 --- a/libbeat/autodiscover/providers/kubernetes/config.go +++ b/libbeat/autodiscover/providers/kubernetes/config.go @@ -57,11 +57,14 @@ type Config struct { AddResourceMetadata *metadata.AddResourceMetadataConfig `config:"add_resource_metadata"` } +// Public variable, so specific beats (as Filebeat) can set a different cleanup timeout if they need it. +var DefaultCleanupTimeout time.Duration = 0 + func defaultConfig() *Config { return &Config{ SyncPeriod: 10 * time.Minute, Resource: "pod", - CleanupTimeout: 60 * time.Second, + CleanupTimeout: DefaultCleanupTimeout, Prefix: "co.elastic", Unique: false, } diff --git a/libbeat/docs/shared-autodiscover.asciidoc b/libbeat/docs/shared-autodiscover.asciidoc index 90ff07ea762..ba8fed0a2e6 100644 --- a/libbeat/docs/shared-autodiscover.asciidoc +++ b/libbeat/docs/shared-autodiscover.asciidoc @@ -117,7 +117,13 @@ It has the following settings: `ssl`:: (Optional) SSL configuration to use when connecting to the Docker socket. `cleanup_timeout`:: (Optional) Specify the time of inactivity before stopping the -running configuration for a container, 60s by default. +running configuration for a container, +ifeval::["{beatname_lc}"=="filebeat"] + 60s by default. +endif::[] +ifeval::["{beatname_lc}"!="filebeat"] + disabled by default. +endif::[] `labels.dedot`:: (Optional) Default to be false. If set to true, replace dots in labels with `_`. @@ -218,7 +224,13 @@ The `kubernetes` autodiscover provider has the following configuration settings: namespaces. It is unset by default. The namespace configuration only applies to kubernetes resources that are namespace scoped. `cleanup_timeout`:: (Optional) Specify the time of inactivity before stopping the -running configuration for a container, 60s by default. +running configuration for a container, +ifeval::["{beatname_lc}"=="filebeat"] + 60s by default. +endif::[] +ifeval::["{beatname_lc}"!="filebeat"] + disabled by default. +endif::[] `kube_config`:: (Optional) Use given config file as configuration for Kubernetes client. If kube_config is not set, KUBECONFIG environment variable will be checked and if not present it will fall back to InCluster.