From ffb308c3a385b38d1f5086e4b4271a9eb71bfb80 Mon Sep 17 00:00:00 2001 From: Greg <2653109+glinton@users.noreply.github.com> Date: Tue, 15 Jan 2019 16:26:18 -0700 Subject: [PATCH] Support passing bearer token directly in k8s input (#5295) --- plugins/inputs/kubernetes/README.md | 82 +++++++++++++------------ plugins/inputs/kubernetes/kubernetes.go | 29 +++++---- 2 files changed, 57 insertions(+), 54 deletions(-) diff --git a/plugins/inputs/kubernetes/README.md b/plugins/inputs/kubernetes/README.md index 37d713d18f1b0..33cca8590e46b 100644 --- a/plugins/inputs/kubernetes/README.md +++ b/plugins/inputs/kubernetes/README.md @@ -29,8 +29,10 @@ avoid cardinality issues: ## URL for the kubelet url = "http://127.0.0.1:10255" - ## Use bearer token for authorization - # bearer_token = /path/to/bearer/token + ## Use bearer token for authorization. ('bearer_token' takes priority) + # bearer_token = "/path/to/bearer/token" + ## OR + # bearer_token_string = "abc_123" ## Set response_timeout (default 5 seconds) # response_timeout = "5s" @@ -54,45 +56,45 @@ Architecture][k8s-telegraf] or view the [Helm charts][tick-charts]. - tags: - node_name - fields: - - cpu_usage_nanocores - - cpu_usage_core_nanoseconds - - memory_available_bytes - - memory_usage_bytes - - memory_working_set_bytes - - memory_rss_bytes - - memory_page_faults - - memory_major_page_faults - - network_rx_bytes - - network_rx_errors - - network_tx_bytes - - network_tx_errors - - fs_available_bytes - - fs_capacity_bytes - - fs_used_bytes - - runtime_image_fs_available_bytes - - runtime_image_fs_capacity_bytes - - runtime_image_fs_used_bytes - -- kubernetes_pod_container + - cpu_usage_nanocores + - cpu_usage_core_nanoseconds + - memory_available_bytes + - memory_usage_bytes + - memory_working_set_bytes + - memory_rss_bytes + - memory_page_faults + - memory_major_page_faults + - network_rx_bytes + - network_rx_errors + - network_tx_bytes + - network_tx_errors + - fs_available_bytes + - fs_capacity_bytes + - fs_used_bytes + - runtime_image_fs_available_bytes + - runtime_image_fs_capacity_bytes + - runtime_image_fs_used_bytes + ++ kubernetes_pod_container - tags: - container_name - namespace - node_name - pod_name - fields: - - cpu_usage_nanocores - - cpu_usage_core_nanoseconds - - memory_usage_bytes - - memory_working_set_bytes - - memory_rss_bytes - - memory_page_faults - - memory_major_page_faults - - rootfs_available_bytes - - rootfs_capacity_bytes - - rootfs_used_bytes - - logsfs_avaialble_bytes - - logsfs_capacity_bytes - - logsfs_used_bytes + - cpu_usage_nanocores + - cpu_usage_core_nanoseconds + - memory_usage_bytes + - memory_working_set_bytes + - memory_rss_bytes + - memory_page_faults + - memory_major_page_faults + - rootfs_available_bytes + - rootfs_capacity_bytes + - rootfs_used_bytes + - logsfs_avaialble_bytes + - logsfs_capacity_bytes + - logsfs_used_bytes - kubernetes_pod_volume - tags: @@ -105,7 +107,7 @@ Architecture][k8s-telegraf] or view the [Helm charts][tick-charts]. - capacity_bytes - used_bytes -- kubernetes_pod_network ++ kubernetes_pod_network - tags: - namespace - node_name @@ -119,9 +121,11 @@ Architecture][k8s-telegraf] or view the [Helm charts][tick-charts]. ### Example Output ``` -kubernetes_pod_container,host=ip-10-0-0-0.ec2.internal,container_name=deis-controller,namespace=deis,node_name=ip-10-0-0-0.ec2.internal,pod_name=deis-controller-3058870187-xazsr cpu_usage_core_nanoseconds=2432835i,cpu_usage_nanocores=0i,logsfs_avaialble_bytes=121128271872i,logsfs_capacity_bytes=153567944704i,logsfs_used_bytes=20787200i,memory_major_page_faults=0i,memory_page_faults=175i,memory_rss_bytes=0i,memory_usage_bytes=0i,memory_working_set_bytes=0i,rootfs_available_bytes=121128271872i,rootfs_capacity_bytes=153567944704i,rootfs_used_bytes=1110016i 1476477530000000000 -kubernetes_pod_volume,host=ip-10-0-0-0.ec2.internal,name=default-token-f7wts,namespace=kube-system,node_name=ip-10-0-0-0.ec2.internal,pod_name=kubernetes-dashboard-v1.1.1-t4x4t available_bytes=8415240192i,capacity_bytes=8415252480i,used_bytes=12288i 1476477530000000000 -kubernetes_pod_network,host=ip-10-0-0-0.ec2.internal,namespace=deis,node_name=ip-10-0-0-0.ec2.internal,pod_name=deis-controller-3058870187-xazsr rx_bytes=120671099i,rx_errors=0i,tx_bytes=102451983i,tx_errors=0i 1476477530000000000 +kubernetes_node +kubernetes_pod_container,container_name=deis-controller,namespace=deis,node_name=ip-10-0-0-0.ec2.internal,pod_name=deis-controller-3058870187-xazsr cpu_usage_core_nanoseconds=2432835i,cpu_usage_nanocores=0i,logsfs_avaialble_bytes=121128271872i,logsfs_capacity_bytes=153567944704i,logsfs_used_bytes=20787200i,memory_major_page_faults=0i,memory_page_faults=175i,memory_rss_bytes=0i,memory_usage_bytes=0i,memory_working_set_bytes=0i,rootfs_available_bytes=121128271872i,rootfs_capacity_bytes=153567944704i,rootfs_used_bytes=1110016i 1476477530000000000 +kubernetes_pod_network,namespace=deis,node_name=ip-10-0-0-0.ec2.internal,pod_name=deis-controller-3058870187-xazsr rx_bytes=120671099i,rx_errors=0i,tx_bytes=102451983i,tx_errors=0i 1476477530000000000 +kubernetes_pod_volume,volume_name=default-token-f7wts,namespace=default,node_name=ip-172-17-0-1.internal,pod_name=storage-7 available_bytes=8415240192i,capacity_bytes=8415252480i,used_bytes=12288i 1546910783000000000 +kubernetes_system_container ``` [metric filtering]: https://github.com/influxdata/telegraf/blob/master/docs/CONFIGURATION.md#metric-filtering diff --git a/plugins/inputs/kubernetes/kubernetes.go b/plugins/inputs/kubernetes/kubernetes.go index 870524a80317d..fdeb78ec48939 100644 --- a/plugins/inputs/kubernetes/kubernetes.go +++ b/plugins/inputs/kubernetes/kubernetes.go @@ -6,7 +6,7 @@ import ( "io/ioutil" "net/http" "net/url" - "sync" + "strings" "time" "github.com/influxdata/telegraf" @@ -20,7 +20,8 @@ type Kubernetes struct { URL string // Bearer Token authorization file path - BearerToken string `toml:"bearer_token"` + BearerToken string `toml:"bearer_token"` + BearerTokenString string `toml:"bearer_token_string"` // HTTP Timeout specified as a string - 3s, 1m, 1h ResponseTimeout internal.Duration @@ -32,10 +33,12 @@ type Kubernetes struct { var sampleConfig = ` ## URL for the kubelet - url = "http://1.1.1.1:10255" + url = "http://127.0.0.1:10255" - ## Use bearer token for authorization - # bearer_token = /path/to/bearer/token + ## Use bearer token for authorization. ('bearer_token' takes priority) + # bearer_token = "/path/to/bearer/token" + ## OR + # bearer_token_string = "abc_123" ## Set response_timeout (default 5 seconds) # response_timeout = "5s" @@ -70,13 +73,7 @@ func (k *Kubernetes) Description() string { //Gather collects kubernetes metrics from a given URL func (k *Kubernetes) Gather(acc telegraf.Accumulator) error { - var wg sync.WaitGroup - wg.Add(1) - go func(k *Kubernetes) { - defer wg.Done() - acc.AddError(k.gatherSummary(k.URL, acc)) - }(k) - wg.Wait() + acc.AddError(k.gatherSummary(k.URL, acc)) return nil } @@ -92,7 +89,6 @@ func buildURL(endpoint string, base string) (*url.URL, error) { func (k *Kubernetes) gatherSummary(baseURL string, acc telegraf.Accumulator) error { url := fmt.Sprintf("%s/stats/summary", baseURL) var req, err = http.NewRequest("GET", url, nil) - var token []byte var resp *http.Response tlsCfg, err := k.ClientConfig.TLSConfig() @@ -113,12 +109,15 @@ func (k *Kubernetes) gatherSummary(baseURL string, acc telegraf.Accumulator) err } if k.BearerToken != "" { - token, err = ioutil.ReadFile(k.BearerToken) + token, err := ioutil.ReadFile(k.BearerToken) if err != nil { return err } - req.Header.Set("Authorization", "Bearer "+string(token)) + req.Header.Set("Authorization", "Bearer "+strings.TrimSpace(string(token))) + } else if k.BearerTokenString != "" { + req.Header.Set("Authorization", "Bearer "+k.BearerTokenString) } + req.Header.Add("Accept", "application/json") resp, err = k.RoundTripper.RoundTrip(req) if err != nil {