Carry #780: Export env variables as prometheus labels

[dqminh]

This rebase the patch in #780 and add a few more fixes:

• fix regex in test to do the correct thing
• sanitize all label name before setting them as prometheus label

[cadvisorJenkinsBot]

Can one of the admins verify this patch?

[googlebot]

We found a Contributor License Agreement for you (the sender of this pull request) and all commit authors, but as best as we can tell these commits were authored by someone else. If that's the case, please add them to this pull request and have them confirm that they're okay with these commits being contributed to Google. If we're mistaken and you did author these commits, just reply here to confirm.

[k8s-bot]

Can one of the admins verify that this patch is reasonable to test? (reply "ok to test", or if you trust the user, reply "add to whitelist")

If this message is too spammy, please complain to ixdy.

[dqminh]

@vishh i've checked our CLAs and i think we are ok here. Let me know what you think.

[vishh]

Should we keep env as a separate field?

[dqminh]

hmm in the end they all come back as metrics labels so i dont really think they are necessary.
Labels makes a lot of sense for metrics, env much less so. We are just stuck with env here because some orchestration platform doesnt support writing labels to docker container.

[vishh]

Sure. The data generated here can be exposed in many different ways - REST API, prometheus endpoint, storage sinks, etc. I'd prefer keeping env and labels separate at this layer.
If the prometheus endpoint chooses to combine labels and env, that's fine by me.

[dqminh]

agreed. Updated it to add Envs as a source of metadata to ContainerSpec. PTAL

[dqminh]

ping @vishh

[vishh]

This feels more like labels. Why not expose this additional metadata as labels instead?

[vishh]

Infact why not add it to docker containers directly? Is this needed to provide backwards compat with old docker versions?

[dqminh]

main reason was noted here: #78

tldr: the orchestrator doesnt understand docker labels, and set their metadata as env variable. Until that's fixed, we need this to make sense of those containers.

[vishh]

Ok. Why add a flag to cadvisor?

[dqminh]

this is to select the env that we want to publish as metrics labels ( I made a similar flag for logging in docker moby/moby#16961 )

For example, a mesos container has the following configs:

"Env": [
            "GOMAXPROCS=64",
            "MARATHON_APP_VERSION=2015-11-18T22:55:53.442Z",
            "MARATHON_APP_DOCKER_IMAGE=docker/service",
            "MESOS_TASK_ID=service.3f90dfce-12314235",
            "MARATHON_APP_ID=/service",
            "MESOS_SANDBOX=/mnt/mesos/sandbox",
            "MESOS_CONTAINER_NAME=mesos-asdsfdfds",
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
            "container=docker"
],
"Labels": {}, // sad :(

we only interest in MARATHON_APP_ID,MESOS_TASK_ID,MESOS_CONTAINER_NAME as the container identifiers.

A flag is reasonably useful for use as we only use 1 orchestrator i.e. mesos, so all containers will have the same set of env keys. This is the chosen approach in the original PR.

I can imagine an alternative approach would be to let the administrator defined their desired env keys as a well known label, for example:

// this will not be set as metrics in prometheus
"Labels": { "cadvisor.metadata_env": "MARATHON_APP_ID,MESOS_TASK_ID,MESOS_CONTAINER_NAME" }

[vishh]

Thanks for explaining @dqminh. The flag name doesn't seem to convey the fact that it is a filter. Can you fix the naming and description to make it clear that it is a filter?

[dqminh]

SGTM. What do you think of

-allowed-docker-env-as-metadata: a comma-separated list of allowed environment variable names for docker container that should have their name values set as the container's metadata

[vishh]

How about --docker-env-metadata-whitelist: a comma-separated list of environment variable keys that needs to be collected for docker containers?
And BTW will this default to all env variables? To me that feels like a good default.

[dqminh]

--docker-env-metadata-whitelist: a comma-separated list of environment variable keys that needs to be collected for docker containers

👍

Hmm, i thinkcollecting all env variables as the default is debatable.

In term of metrics collection, many env variables are strictly for runtime usage and doesn't make much sense in term of metrics which is why the whitelist approach ( i.e. disabled by default ) feels right. I think enabling all env variables by default will likely bite some users in their foot if they are not careful.

However, if we are talking about collecting information of container for exposing to others i.e. cadvisor is the only place to discover containers' information on the system then collecting all env by default makes sense.

[vishh]

I do agree with you. Env variables sometimes contain auth information. Disabled by default SGTM.
If we were to support collecting all env variables, then we might have to support wildcards in the flag though.

[dqminh]

@vishh added references to API v2 and changed the flag.

I'm keeping the env whitelist i.e. not collecting all env variables by default. PTAL.

[vishh]

nit: dockerEnvWhitelist would be a more readable name for this variable.

[vishh]

Just a couple of nits. Otherwise LGTM! Thanks @dqminh

[dqminh]

@vishh updated

[vishh]

LGTM

[vishh]

can you squash your commits?

[dqminh]

@vishh squashed the changes to envs into 1 commits.

[vishh]

LGTM

[vishh]

@k8s-bot test this please

[k8s-bot]

Jenkins GCE e2e

Build/test failed for commit e5b6bfa.

• Build Log

[vishh]

@k8s-bot test this please

[k8s-bot]

Jenkins GCE e2e

Build/test passed for commit e5b6bfa.

• Build Log

[vishh]

Merging this since e2e has passed.