From a6732f87205d643a0323fa6fc423d949b636ac1d Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 24 Mar 2021 15:26:08 +0100 Subject: [PATCH] Disable cleanup_timeout by default in docker and kubernetes autodiscover (#24681) It is kept to 60 seconds in Filebeat, to give a time to collect logs. Keeping configurations running for some time after containers have stopped is needed in some cases to complete the collection of logs. But in the rest of cases it is not usually needed, and leads to errors when querying endpoints known to be down. It can also lead to query IPs that are being reused in newer containers, what can be misleading if the newer pod answers because these events will still have the metadata of the old container. (cherry picked from commit 439b808c6944d847f20e3188eb5f1417de979558) --- CHANGELOG.next.asciidoc | 1 + filebeat/autodiscover/defaults.go | 30 +++++++++++++++++++ filebeat/autodiscover/imports.go | 22 ++++++++++++++ filebeat/beater/filebeat.go | 4 +-- .../autodiscover/providers/docker/config.go | 5 +++- .../providers/kubernetes/config.go | 5 +++- libbeat/docs/shared-autodiscover.asciidoc | 16 ++++++++-- 7 files changed, 77 insertions(+), 6 deletions(-) create mode 100644 filebeat/autodiscover/defaults.go create mode 100644 filebeat/autodiscover/imports.go diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 59d04abf10f..c1d4d9d8e7c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -20,6 +20,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Make error message about locked data path actionable. {pull}18667[18667] - Fix panic with inline SSL when the certificate or key were small than 256 bytes. {pull}23820[23820] - Use alias to report container image in k8s metadata. {pull}24380[24380] +- Set `cleanup_timeout` to zero by default in docker and kubernetes autodiscover in all beats except Filebeat where it is kept to 60 seconds. {pull}24681[24681] *Auditbeat* diff --git a/filebeat/autodiscover/defaults.go b/filebeat/autodiscover/defaults.go new file mode 100644 index 00000000000..701241ba625 --- /dev/null +++ b/filebeat/autodiscover/defaults.go @@ -0,0 +1,30 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package autodiscover + +import ( + "time" + + "github.com/elastic/beats/v7/libbeat/autodiscover/providers/docker" + "github.com/elastic/beats/v7/libbeat/autodiscover/providers/kubernetes" +) + +func init() { + docker.DefaultCleanupTimeout = 60 * time.Second + kubernetes.DefaultCleanupTimeout = 60 * time.Second +} diff --git a/filebeat/autodiscover/imports.go b/filebeat/autodiscover/imports.go new file mode 100644 index 00000000000..561c2395ac4 --- /dev/null +++ b/filebeat/autodiscover/imports.go @@ -0,0 +1,22 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package autodiscover + +import ( + _ "github.com/elastic/beats/v7/filebeat/autodiscover/builder/hints" +) diff --git a/filebeat/beater/filebeat.go b/filebeat/beater/filebeat.go index e13c3457c5b..7b6e8d39ffa 100644 --- a/filebeat/beater/filebeat.go +++ b/filebeat/beater/filebeat.go @@ -56,8 +56,8 @@ import ( _ "github.com/elastic/beats/v7/filebeat/processor/add_kubernetes_metadata" _ "github.com/elastic/beats/v7/libbeat/processors/decode_csv_fields" - // include all filebeat specific builders - _ "github.com/elastic/beats/v7/filebeat/autodiscover/builder/hints" + // include all filebeat specific autodiscover features + _ "github.com/elastic/beats/v7/filebeat/autodiscover" ) const pipelinesWarning = "Filebeat is unable to load the Ingest Node pipelines for the configured" + diff --git a/libbeat/autodiscover/providers/docker/config.go b/libbeat/autodiscover/providers/docker/config.go index 4780addecbd..0af6c2791dd 100644 --- a/libbeat/autodiscover/providers/docker/config.go +++ b/libbeat/autodiscover/providers/docker/config.go @@ -40,12 +40,15 @@ type Config struct { CleanupTimeout time.Duration `config:"cleanup_timeout" validate:"positive"` } +// Public variable, so specific beats (as Filebeat) can set a different cleanup timeout if they need it. +var DefaultCleanupTimeout time.Duration = 0 + func defaultConfig() *Config { return &Config{ Host: "unix:///var/run/docker.sock", Prefix: "co.elastic", Dedot: true, - CleanupTimeout: 60 * time.Second, + CleanupTimeout: DefaultCleanupTimeout, } } diff --git a/libbeat/autodiscover/providers/kubernetes/config.go b/libbeat/autodiscover/providers/kubernetes/config.go index 84672659f74..82e115527aa 100644 --- a/libbeat/autodiscover/providers/kubernetes/config.go +++ b/libbeat/autodiscover/providers/kubernetes/config.go @@ -57,11 +57,14 @@ type Config struct { AddResourceMetadata *metadata.AddResourceMetadataConfig `config:"add_resource_metadata"` } +// Public variable, so specific beats (as Filebeat) can set a different cleanup timeout if they need it. +var DefaultCleanupTimeout time.Duration = 0 + func defaultConfig() *Config { return &Config{ SyncPeriod: 10 * time.Minute, Resource: "pod", - CleanupTimeout: 60 * time.Second, + CleanupTimeout: DefaultCleanupTimeout, Prefix: "co.elastic", Unique: false, } diff --git a/libbeat/docs/shared-autodiscover.asciidoc b/libbeat/docs/shared-autodiscover.asciidoc index 3eeaa5f273b..650056fa0a7 100644 --- a/libbeat/docs/shared-autodiscover.asciidoc +++ b/libbeat/docs/shared-autodiscover.asciidoc @@ -117,7 +117,13 @@ It has the following settings: `ssl`:: (Optional) SSL configuration to use when connecting to the Docker socket. `cleanup_timeout`:: (Optional) Specify the time of inactivity before stopping the -running configuration for a container, 60s by default. +running configuration for a container, +ifeval::["{beatname_lc}"=="filebeat"] + 60s by default. +endif::[] +ifeval::["{beatname_lc}"!="filebeat"] + disabled by default. +endif::[] `labels.dedot`:: (Optional) Default to be false. If set to true, replace dots in labels with `_`. @@ -217,7 +223,13 @@ The `kubernetes` autodiscover provider has the following configuration settings: namespaces. It is unset by default. The namespace configuration only applies to kubernetes resources that are namespace scoped. `cleanup_timeout`:: (Optional) Specify the time of inactivity before stopping the -running configuration for a container, 60s by default. +running configuration for a container, +ifeval::["{beatname_lc}"=="filebeat"] + 60s by default. +endif::[] +ifeval::["{beatname_lc}"!="filebeat"] + disabled by default. +endif::[] `kube_config`:: (Optional) Use given config file as configuration for Kubernetes client. If kube_config is not set, KUBECONFIG environment variable will be checked and if not present it will fall back to InCluster.