diff --git a/processor/k8sattributesprocessor/doc.go b/processor/k8sattributesprocessor/doc.go index f8211ff0ec89..8061e21f30e8 100644 --- a/processor/k8sattributesprocessor/doc.go +++ b/processor/k8sattributesprocessor/doc.go @@ -228,8 +228,8 @@ // Host networking mode // // The processor cannot correct identify pods running in the host network mode and -// enriching telemetry data generated by such pods is not supported at the moment, unless the attributes contain -// information about the source IP. +// enriching telemetry data generated by such pods is not supported at the moment, unless the association +// rule is not based on IP attribute. // // As a sidecar // diff --git a/processor/k8sattributesprocessor/internal/kube/client.go b/processor/k8sattributesprocessor/internal/kube/client.go index 82e496a0e647..ba1519cfd083 100644 --- a/processor/k8sattributesprocessor/internal/kube/client.go +++ b/processor/k8sattributesprocessor/internal/kube/client.go @@ -371,11 +371,12 @@ func (c *WatchClient) extractNamespaceAttributes(namespace *api_v1.Namespace) ma func (c *WatchClient) podFromAPI(pod *api_v1.Pod) *Pod { newPod := &Pod{ - Name: pod.Name, - Namespace: pod.GetNamespace(), - Address: pod.Status.PodIP, - PodUID: string(pod.UID), - StartTime: pod.Status.StartTime, + Name: pod.Name, + Namespace: pod.GetNamespace(), + Address: pod.Status.PodIP, + HostNetwork: pod.Spec.HostNetwork, + PodUID: string(pod.UID), + StartTime: pod.Status.StartTime, } if c.shouldIgnorePod(pod) { @@ -404,6 +405,14 @@ func (c *WatchClient) getIdentifiersFromAssoc(pod *Pod) []PodIdentifier { skip = true break } + // Host network mode is not supported right now with IP based + // tagging as all pods in host network get same IP addresses. + // Such pods are very rare and usually are used to monitor or control + // host traffic (e.g, linkerd, flannel) instead of service business needs. + if pod.HostNetwork { + skip = true + break + } ret[i] = PodIdentifierAttributeFromSource(source, pod.Address) case source.From == ResourceSource: attr := "" @@ -442,7 +451,7 @@ func (c *WatchClient) getIdentifiersFromAssoc(pod *Pod) []PodIdentifier { }) } - if pod.Address != "" { + if pod.Address != "" && !pod.HostNetwork { ids = append(ids, PodIdentifier{ PodIdentifierAttributeFromConnection(pod.Address), }) @@ -493,15 +502,6 @@ func (c *WatchClient) appendDeleteQueue(podID PodIdentifier, podName string) { } func (c *WatchClient) shouldIgnorePod(pod *api_v1.Pod) bool { - // Host network mode is not supported right now with IP based - // tagging as all pods in host network get same IP addresses. - // Such pods are very rare and usually are used to monitor or control - // host traffic (e.g, linkerd, flannel) instead of service business needs. - // We plan to support host network pods in future. - if pod.Spec.HostNetwork { - return true - } - // Check if user requested the pod to be ignored through annotations if v, ok := pod.Annotations[ignoreAnnotation]; ok { if strings.ToLower(strings.TrimSpace(v)) == "true" { diff --git a/processor/k8sattributesprocessor/internal/kube/client_test.go b/processor/k8sattributesprocessor/internal/kube/client_test.go index b40ef6be4d59..697817080fd1 100644 --- a/processor/k8sattributesprocessor/internal/kube/client_test.go +++ b/processor/k8sattributesprocessor/internal/kube/client_test.go @@ -207,16 +207,26 @@ func TestPodHostNetwork(t *testing.T) { c, _ := newTestClient(t) assert.Equal(t, 0, len(c.Pods)) + // pod will not be added if no rule matches pod := &api_v1.Pod{} pod.Name = "podA" pod.Status.PodIP = "1.1.1.1" pod.Spec.HostNetwork = true c.handlePodAdd(pod) + assert.Equal(t, len(c.Pods), 0) + + // pod will be added if rule matches + pod.Name = "podB" + pod.Status.PodIP = "2.2.2.2" + pod.UID = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" + pod.Spec.HostNetwork = true + c.handlePodAdd(pod) assert.Equal(t, len(c.Pods), 1) - got := c.Pods[newPodIdentifier("connection", "k8s.pod.ip", "1.1.1.1")] - assert.Equal(t, got.Address, "1.1.1.1") - assert.Equal(t, got.Name, "podA") - assert.True(t, got.Ignore) + got := c.Pods[newPodIdentifier("resource_attribute", "k8s.pod.uid", "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee")] + assert.Equal(t, got.Address, "2.2.2.2") + assert.Equal(t, got.Name, "podB") + assert.Equal(t, got.PodUID, "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee") + assert.False(t, got.Ignore) } func TestPodAddOutOfSync(t *testing.T) { @@ -770,7 +780,7 @@ func TestPodIgnorePatterns(t *testing.T) { ignore: false, pod: api_v1.Pod{}, }, { - ignore: true, + ignore: false, pod: api_v1.Pod{ Spec: api_v1.PodSpec{ HostNetwork: true, diff --git a/processor/k8sattributesprocessor/internal/kube/kube.go b/processor/k8sattributesprocessor/internal/kube/kube.go index 7ba1cf35bef3..301e11af85d4 100644 --- a/processor/k8sattributesprocessor/internal/kube/kube.go +++ b/processor/k8sattributesprocessor/internal/kube/kube.go @@ -109,13 +109,14 @@ type APIClientsetProvider func(config k8sconfig.APIConfig) (kubernetes.Interface // Pod represents a kubernetes pod. type Pod struct { - Name string - Address string - PodUID string - Attributes map[string]string - StartTime *metav1.Time - Ignore bool - Namespace string + Name string + Address string + PodUID string + Attributes map[string]string + StartTime *metav1.Time + Ignore bool + Namespace string + HostNetwork bool // Containers is a map of container name to Container struct. Containers map[string]*Container diff --git a/unreleased/k8sprocessor-hostnetworkpod.yaml b/unreleased/k8sprocessor-hostnetworkpod.yaml new file mode 100644 index 000000000000..a8b8c92e44fb --- /dev/null +++ b/unreleased/k8sprocessor-hostnetworkpod.yaml @@ -0,0 +1,11 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: enhancement + +# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver) +component: k8sattributesprocessor + +# A brief description of the change +note: do not ignore hostNetwork pods for enrichment based on non IP attribute + +# One or more tracking issues related to the change +issues: [12073]