From 1a9d9382d17fa19f038590593fe8946dbc2a23d0 Mon Sep 17 00:00:00 2001
From: Eric Holt <eric.holt@bluemedora.com>
Date: Wed, 26 Aug 2020 14:02:48 -0400
Subject: [PATCH 1/6] Create Kubernetes Events plugin

---
 plugins/kubernetes_events.yaml | 75 ++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 plugins/kubernetes_events.yaml

diff --git a/plugins/kubernetes_events.yaml b/plugins/kubernetes_events.yaml
new file mode 100644
index 00000000..351cafc6
--- /dev/null
+++ b/plugins/kubernetes_events.yaml
@@ -0,0 +1,75 @@
+# Plugin Info
+version: 0.0.1
+title: Kubernetes Events
+description: Kubernetes Events Parser
+parameters:
+  namespaces:
+    label: Namespaces
+    description: An array of namespaces. Defaults to use all namespaces.
+    type: strings
+    default: []
+
+# Set Defaults
+# {{$namespaces := default [] .namespaces}}
+
+# Pipeline Template
+pipeline:
+  - type: k8s_event_input
+  - type: severity_parser
+    preset: none
+    parse_from: "$labels.event_type"
+    namespaces: {{ $namespaces }}
+    mapping:
+      info:
+        - ADDED
+        - MODIFIED
+        - DELETED
+        - BOOKMARK
+        - FailedPodSandBoxStatus
+        - SandboxChanged
+        - NodeAllocatableEnforced
+        - SuccessfulMountVolume
+        - SuccessfulAttachVolume
+        - FileSystemResizeSuccessful
+        - VolumeResizeSuccessful
+        - Starting
+        - NodeReady
+        - Pulling
+        - Pulled
+      notice:
+        - Rebooted
+        - NodeNotReady
+        - ImageGCFailed
+        - ContainerGCFailed
+        - NodeNotSchedulable
+        - NodeSchedulable
+      warning:
+        - AlreadyMountedVolume
+        - ErrImageNeverPull
+        - Evicted
+        - FailedCreatePodSandBox
+        - FailedNodeAllocatableEnforcement
+        - FailedPodSandBoxStatus
+        - FailedPostStartHook
+        - FailedPreStopHook
+        - FailedSync
+        - FailedValidation
+        - HostPortConflict
+        - InspectFailed
+        - InvalidDiskCapacity
+        - NetworkNotReady
+        - ProbeWarning
+        - Unhealthy
+      error:
+        - ERROR
+        - Failed
+        - FailedAttachVolume
+        - FailedMountOnFilesystemMismatch
+        - FailedMount
+        - FailedScheduling
+        - FreeDiskSpaceFailed
+        - FailedMapVolume
+        - FileSystemResizeFailed
+        - KubeletSetupFailed
+        - VolumeResizeFailed
+    output: {{ .output }}
\ No newline at end of file

From 46ce020714147bf8259a5c2eb424f8d50c6c05dc Mon Sep 17 00:00:00 2001
From: Eric Holt <eric.holt@bluemedora.com>
Date: Wed, 26 Aug 2020 14:07:21 -0400
Subject: [PATCH 2/6] Added more events

---
 plugins/kubernetes_events.yaml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/plugins/kubernetes_events.yaml b/plugins/kubernetes_events.yaml
index 351cafc6..b3db7ce2 100644
--- a/plugins/kubernetes_events.yaml
+++ b/plugins/kubernetes_events.yaml
@@ -23,6 +23,7 @@ pipeline:
       info:
         - ADDED
         - MODIFIED
+        - Created
         - DELETED
         - BOOKMARK
         - FailedPodSandBoxStatus
@@ -36,6 +37,10 @@ pipeline:
         - NodeReady
         - Pulling
         - Pulled
+        - Started
+        - Killing
+        - Preempting
+        - ExceededGracePeriod
       notice:
         - Rebooted
         - NodeNotReady
@@ -45,6 +50,7 @@ pipeline:
         - NodeSchedulable
       warning:
         - AlreadyMountedVolume
+        - BackOff
         - ErrImageNeverPull
         - Evicted
         - FailedCreatePodSandBox
@@ -54,6 +60,7 @@ pipeline:
         - FailedPreStopHook
         - FailedSync
         - FailedValidation
+        - FailedKillPod
         - HostPortConflict
         - InspectFailed
         - InvalidDiskCapacity
@@ -64,12 +71,13 @@ pipeline:
         - ERROR
         - Failed
         - FailedAttachVolume
+        - FailedCreatePodContainer
+        - FailedMapVolume
         - FailedMountOnFilesystemMismatch
         - FailedMount
         - FailedScheduling
-        - FreeDiskSpaceFailed
-        - FailedMapVolume
         - FileSystemResizeFailed
+        - FreeDiskSpaceFailed
         - KubeletSetupFailed
         - VolumeResizeFailed
-    output: {{ .output }}
\ No newline at end of file
+    output: {{ .output }}

From 24cb82a5ce32df351c06e09610f0502dcba6d3d5 Mon Sep 17 00:00:00 2001
From: Eric Holt <eric.holt@bluemedora.com>
Date: Wed, 26 Aug 2020 14:55:49 -0400
Subject: [PATCH 3/6] Shuffle severity of events based on feedback

---
 plugins/kubernetes_events.yaml | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/plugins/kubernetes_events.yaml b/plugins/kubernetes_events.yaml
index b3db7ce2..a6a95f69 100644
--- a/plugins/kubernetes_events.yaml
+++ b/plugins/kubernetes_events.yaml
@@ -26,7 +26,6 @@ pipeline:
         - Created
         - DELETED
         - BOOKMARK
-        - FailedPodSandBoxStatus
         - SandboxChanged
         - NodeAllocatableEnforced
         - SuccessfulMountVolume
@@ -39,45 +38,47 @@ pipeline:
         - Pulled
         - Started
         - Killing
-        - Preempting
-        - ExceededGracePeriod
       notice:
-        - Rebooted
-        - NodeNotReady
-        - ImageGCFailed
-        - ContainerGCFailed
-        - NodeNotSchedulable
         - NodeSchedulable
       warning:
         - AlreadyMountedVolume
-        - BackOff
-        - ErrImageNeverPull
+        - ContainerGCFailed
+        - ExceededGracePeriod
         - Evicted
         - FailedCreatePodSandBox
         - FailedNodeAllocatableEnforcement
-        - FailedPodSandBoxStatus
         - FailedPostStartHook
         - FailedPreStopHook
         - FailedSync
         - FailedValidation
         - FailedKillPod
         - HostPortConflict
+        - ImageGCFailed
         - InspectFailed
         - InvalidDiskCapacity
         - NetworkNotReady
+        - Preempting
         - ProbeWarning
-        - Unhealthy
+        - Rebooted
       error:
+        - BackOff
         - ERROR
-        - Failed
-        - FailedAttachVolume
         - FailedCreatePodContainer
-        - FailedMapVolume
         - FailedMountOnFilesystemMismatch
-        - FailedMount
+        - FailedPodSandBoxStatus
         - FailedScheduling
         - FileSystemResizeFailed
         - FreeDiskSpaceFailed
         - KubeletSetupFailed
+        - Unhealthy
         - VolumeResizeFailed
+      critical:
+        - ErrImagePull
+        - ErrImageNeverPull
+        - Failed
+        - FailedAttachVolume
+        - FailedMapVolume
+        - FailedMount
+        - NodeNotReady
+        - NodeNotSchedulable
     output: {{ .output }}

From 77de157bb3f9b28ff862d669b9022c3903f0824b Mon Sep 17 00:00:00 2001
From: Eric Holt <eric.holt@bluemedora.com>
Date: Wed, 26 Aug 2020 18:54:37 -0400
Subject: [PATCH 4/6] Remove event_type entries and added labels

---
 plugins/kubernetes_events.yaml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/plugins/kubernetes_events.yaml b/plugins/kubernetes_events.yaml
index a6a95f69..3bf401b4 100644
--- a/plugins/kubernetes_events.yaml
+++ b/plugins/kubernetes_events.yaml
@@ -15,17 +15,16 @@ parameters:
 # Pipeline Template
 pipeline:
   - type: k8s_event_input
+    labels:
+      plugin_id: {{ .id }}
+      log_type: "k8s.events"
   - type: severity_parser
     preset: none
     parse_from: "$labels.event_type"
     namespaces: {{ $namespaces }}
     mapping:
       info:
-        - ADDED
-        - MODIFIED
         - Created
-        - DELETED
-        - BOOKMARK
         - SandboxChanged
         - NodeAllocatableEnforced
         - SuccessfulMountVolume
@@ -62,7 +61,6 @@ pipeline:
         - Rebooted
       error:
         - BackOff
-        - ERROR
         - FailedCreatePodContainer
         - FailedMountOnFilesystemMismatch
         - FailedPodSandBoxStatus

From 0dd36cf3a2696a837acebc12927d8b65d6a756d8 Mon Sep 17 00:00:00 2001
From: Eric Holt <eric.holt@bluemedora.com>
Date: Thu, 27 Aug 2020 13:26:02 -0400
Subject: [PATCH 5/6] Moved notice to info. Changed to use reason entry in
 severity parser

---
 plugins/kubernetes_events.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/plugins/kubernetes_events.yaml b/plugins/kubernetes_events.yaml
index 3bf401b4..853429b5 100644
--- a/plugins/kubernetes_events.yaml
+++ b/plugins/kubernetes_events.yaml
@@ -20,7 +20,7 @@ pipeline:
       log_type: "k8s.events"
   - type: severity_parser
     preset: none
-    parse_from: "$labels.event_type"
+    parse_from: $record.reason
     namespaces: {{ $namespaces }}
     mapping:
       info:
@@ -37,7 +37,6 @@ pipeline:
         - Pulled
         - Started
         - Killing
-      notice:
         - NodeSchedulable
       warning:
         - AlreadyMountedVolume

From 159ae8a0a1c7b99a12d50430ea768f38cbbc976b Mon Sep 17 00:00:00 2001
From: Eric Holt <eric.holt@bluemedora.com>
Date: Mon, 31 Aug 2020 11:46:55 -0400
Subject: [PATCH 6/6] Move BackOff to warnning and set preserve to true

---
 plugins/kubernetes_events.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/plugins/kubernetes_events.yaml b/plugins/kubernetes_events.yaml
index 853429b5..e9b27544 100644
--- a/plugins/kubernetes_events.yaml
+++ b/plugins/kubernetes_events.yaml
@@ -22,6 +22,7 @@ pipeline:
     preset: none
     parse_from: $record.reason
     namespaces: {{ $namespaces }}
+    perserve: true
     mapping:
       info:
         - Created
@@ -40,6 +41,7 @@ pipeline:
         - NodeSchedulable
       warning:
         - AlreadyMountedVolume
+        - BackOff
         - ContainerGCFailed
         - ExceededGracePeriod
         - Evicted
@@ -59,7 +61,6 @@ pipeline:
         - ProbeWarning
         - Rebooted
       error:
-        - BackOff
         - FailedCreatePodContainer
         - FailedMountOnFilesystemMismatch
         - FailedPodSandBoxStatus