Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filter_kubernetes: add option kube_token_ttl (#4352) #4487

Merged
merged 3 commits into from
May 23, 2022
Merged

filter_kubernetes: add option kube_token_ttl (#4352) #4487

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5f7aa8c
filter_kubernetes: add option kube_token_ttl
novegit Dec 20, 2021
c994473
filter_kubernetes: set kube_token_ttl default to 600s
novegit Jan 12, 2022
75446d8
filter_kubernetes: use FLB_CONFIG_MAP_TIME for kube_token_ttl config
novegit May 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions plugins/filter_kubernetes/kube_conf.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ struct flb_kube {
int dummy_meta;
int tls_debug;
int tls_verify;
int kube_token_ttl;
flb_sds_t meta_preload_cache_dir;

/* Configuration proposed through Annotations (boolean) */
Expand Down
31 changes: 13 additions & 18 deletions plugins/filter_kubernetes/kube_meta.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@
#define FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY_LEN \
(sizeof(FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY) - 1)
#define FLB_KUBE_TOKEN_BUF_SIZE 8192 /* 8KB */
#define FLB_KUBE_TOKEN_TTL 600 /* 10 minutes */

static int file_to_buffer(const char *path,
char **out_buf, size_t *out_size)
Expand Down Expand Up @@ -162,17 +161,15 @@ static int get_http_auth_header(struct flb_kube *ctx)
if (ret == -1) {
flb_plg_warn(ctx->ins, "failed to run command %s", ctx->kube_token_command);
}
ctx->kube_token_create = time(NULL);
}
}
else {
ret = file_to_buffer(ctx->token_file, &tk, &tk_size);
if (ret == -1) {
flb_plg_warn(ctx->ins, "cannot open %s", FLB_KUBE_TOKEN);
}
/* Token from token file will not expire */
/* Set the creation time to 0 to aviod refresh */
ctx->kube_token_create = 0;
flb_plg_info(ctx->ins, " token updated", FLB_KUBE_TOKEN);
}
ctx->kube_token_create = time(NULL);

/* Token */
if (ctx->token != NULL) {
Expand Down Expand Up @@ -211,19 +208,17 @@ static int refresh_token_if_needed(struct flb_kube *ctx)
int expired = 0;
int ret;

if (ctx->kube_token_command != NULL) {
if (ctx->kube_token_create > 0) {
if (time(NULL) > ctx->kube_token_create + FLB_KUBE_TOKEN_TTL) {
expired = FLB_TRUE;
}
if (ctx->kube_token_create > 0) {
if (time(NULL) > ctx->kube_token_create + ctx->kube_token_ttl) {
expired = FLB_TRUE;
}
if (expired || ctx->kube_token_create == 0) {
ret = get_http_auth_header(ctx);
if (ret == -1) {
flb_plg_warn(ctx->ins, "failed to set http auth header");
return -1;
}
}

if (expired || ctx->kube_token_create == 0) {
ret = get_http_auth_header(ctx);
if (ret == -1) {
flb_plg_warn(ctx->ins, "failed to set http auth header");
return -1;
}
}

Expand Down
5 changes: 5 additions & 0 deletions plugins/filter_kubernetes/kubernetes.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -847,6 +847,11 @@ static struct flb_config_map config_map[] = {
0, FLB_TRUE, offsetof(struct flb_kube, kubelet_port),
"kubelet port to connect with when using kubelet"
},
{
FLB_CONFIG_MAP_INT, "kube_token_ttl", "60",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

time based properties must use FLB_CONFIG_MAP_TIME type

if the original timeout was 10 minutes, now you are defaulting to 1 minute (60 seconds). That's a breaking change, it should keep the old defaults

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ping

0, FLB_TRUE, offsetof(struct flb_kube, kube_token_ttl),
"kubelet token ttl"
patrick-stephens marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this description should tell the unit- is this seconds or minutes or hours?

},
/*
* Set TTL for K8s cached metadata
*/
Expand Down