From 2edbc04207f5cf1806370386f1c253ee5ff18df4 Mon Sep 17 00:00:00 2001 From: Glen Patzlaff Date: Wed, 9 Jan 2019 17:04:26 -0800 Subject: [PATCH 1/6] Updates to support SSL --- lib/fluent/plugin/in_kubernetes_metrics.rb | 73 ++++++++++++++++++++-- 1 file changed, 69 insertions(+), 4 deletions(-) diff --git a/lib/fluent/plugin/in_kubernetes_metrics.rb b/lib/fluent/plugin/in_kubernetes_metrics.rb index fdf51aa..535c611 100644 --- a/lib/fluent/plugin/in_kubernetes_metrics.rb +++ b/lib/fluent/plugin/in_kubernetes_metrics.rb @@ -44,7 +44,7 @@ class KubernetesMetricsInput < Fluent::Plugin::Input config_param :client_key, :string, default: nil desc 'Path to the CA file.' - config_param :ca_file, :string, default: nil + config_param :ca_file, :string, default: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' desc "If `insecure_ssl` is set to `true`, it won't verify apiserver's certificate." config_param :insecure_ssl, :bool, default: false @@ -52,6 +52,9 @@ class KubernetesMetricsInput < Fluent::Plugin::Input desc 'Path to the file contains the API token. By default it reads from the file "token" in the `secret_dir`.' config_param :bearer_token_file, :string, default: nil + desc 'Bearer token for the service account to be used for pulling metrics.' + config_param :bearer_token, :string, default: nil + desc "Path of the location where pod's service account's credentials are stored." config_param :secret_dir, :string, default: '/var/run/secrets/kubernetes.io/serviceaccount' @@ -67,6 +70,9 @@ class KubernetesMetricsInput < Fluent::Plugin::Input desc 'Use the rest client to get the metrics from summary api on each kubelet' config_param :use_rest_client, :bool, default: true + desc 'This option is used to get the metrics from summary api on each kubelet using ssl' + config_param :use_rest_client_ssl, :bool, default: true + def configure(conf) super @@ -190,11 +196,31 @@ def initialize_client def initialize_rest_client env_host = @node_name env_port = 10_255 # 10255 is the readonly port of the kubelet from where we can fetch the metrics exposed by summary API + ssl_env_port = 10_250 # 10250 is the default ssl port of the kubelet from where we can fetch the metrics exposed by summary API if env_host && env_port - @kubelet_url = "http://#{env_host}:#{env_port}/stats/summary" - @kubelet_url_stats = "http://#{env_host}:#{env_port}/stats/" - @cadvisor_url = "http://#{env_host}:#{env_port}/metrics/cadvisor" + if @use_rest_client_ssl == false + @kubelet_url = "http://#{env_host}:#{env_port}/stats/summary" + @kubelet_url_stats = "http://#{env_host}:#{env_port}/stats/" + @cadvisor_url = "http://#{env_host}:#{env_port}/metrics/cadvisor" + else + @kubelet_url = "https://#{env_host}:#{ssl_env_port}/stats/summary" + @kubelet_url_stats = "https://#{env_host}:#{ssl_env_port}/stats/" + @cadvisor_url = "https://#{env_host}:#{ssl_env_port}/metrics/cadvisor" + end + end + + if Dir.exist?(@secret_dir) + secret_ca_file = File.join(@secret_dir, 'ca.crt') + secret_token_file = File.join(@secret_dir, 'token') + + if @ca_file.nil? && File.exist?(secret_ca_file) + @ca_file = secret_ca_file + end + if @bearer_token_file.nil? and File.exist?(secret_token_file) + @bearer_token_file = secret_token_file + end + end log.info("Use URL #{@kubelet_url} for creating client to query kubelet summary api") @@ -205,18 +231,57 @@ def initialize_rest_client # This method is used to set the options for sending a request to the kubelet api def request_options options = { method: 'get', url: @kubelet_url } + + if @use_rest_client_ssl == true + + ssl_options = { + ssl_ca_file: @ca_file, + verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, + headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} + } + + options = options.merge(ssl_options) + log.debug "request_options - #{options}" + end + options end # This method is used to set the options for sending a request to the stats api def request_options_stats options = { method: 'get', url: @kubelet_url_stats } + + if @use_rest_client_ssl == true + + ssl_options = { + ssl_ca_file: @ca_file, + verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, + headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} + } + + options = options.merge(ssl_options) + log.debug "request_options_stats - #{options}" + end + options end # This method is used to set the options for sending a request to the cadvisor api def cadvisor_request_options options = { method: 'get', url: @cadvisor_url } + + if @use_rest_client_ssl == true + + ssl_options = { + ssl_ca_file: @ca_file, + verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, + headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} + } + + options = options.merge(ssl_options) + log.debug "cadvisor_request_options - #{options}" + end + options end From 409b09fd78f33bb4e179bcdffb0add9b3ffd2827 Mon Sep 17 00:00:00 2001 From: Glen Patzlaff Date: Fri, 11 Jan 2019 15:35:18 -0800 Subject: [PATCH 2/6] Updates based on PR feedback --- lib/fluent/plugin/in_kubernetes_metrics.rb | 32 ++++------------------ test/plugin/test_in_kubernetes_metrics.rb | 4 +++ 2 files changed, 9 insertions(+), 27 deletions(-) diff --git a/lib/fluent/plugin/in_kubernetes_metrics.rb b/lib/fluent/plugin/in_kubernetes_metrics.rb index 535c611..0e46799 100644 --- a/lib/fluent/plugin/in_kubernetes_metrics.rb +++ b/lib/fluent/plugin/in_kubernetes_metrics.rb @@ -52,9 +52,6 @@ class KubernetesMetricsInput < Fluent::Plugin::Input desc 'Path to the file contains the API token. By default it reads from the file "token" in the `secret_dir`.' config_param :bearer_token_file, :string, default: nil - desc 'Bearer token for the service account to be used for pulling metrics.' - config_param :bearer_token, :string, default: nil - desc "Path of the location where pod's service account's credentials are stored." config_param :secret_dir, :string, default: '/var/run/secrets/kubernetes.io/serviceaccount' @@ -65,7 +62,7 @@ class KubernetesMetricsInput < Fluent::Plugin::Input config_param :node_names, :array, default: [], value_type: :string desc 'The port that kubelet is listening to.' - config_param :kubelet_port, :integer, default: 10_255 + config_param :kubelet_port, :integer, default: 10_250 desc 'Use the rest client to get the metrics from summary api on each kubelet' config_param :use_rest_client, :bool, default: true @@ -195,8 +192,7 @@ def initialize_client def initialize_rest_client env_host = @node_name - env_port = 10_255 # 10255 is the readonly port of the kubelet from where we can fetch the metrics exposed by summary API - ssl_env_port = 10_250 # 10250 is the default ssl port of the kubelet from where we can fetch the metrics exposed by summary API + env_port = @kubelet_port if env_host && env_port if @use_rest_client_ssl == false @@ -204,25 +200,22 @@ def initialize_rest_client @kubelet_url_stats = "http://#{env_host}:#{env_port}/stats/" @cadvisor_url = "http://#{env_host}:#{env_port}/metrics/cadvisor" else - @kubelet_url = "https://#{env_host}:#{ssl_env_port}/stats/summary" - @kubelet_url_stats = "https://#{env_host}:#{ssl_env_port}/stats/" - @cadvisor_url = "https://#{env_host}:#{ssl_env_port}/metrics/cadvisor" + @kubelet_url = "https://#{env_host}:#{env_port}/stats/summary" + @kubelet_url_stats = "https://#{env_host}:#{env_port}/stats/" + @cadvisor_url = "https://#{env_host}:#{env_port}/metrics/cadvisor" end end if Dir.exist?(@secret_dir) secret_ca_file = File.join(@secret_dir, 'ca.crt') secret_token_file = File.join(@secret_dir, 'token') - if @ca_file.nil? && File.exist?(secret_ca_file) @ca_file = secret_ca_file end if @bearer_token_file.nil? and File.exist?(secret_token_file) @bearer_token_file = secret_token_file end - end - log.info("Use URL #{@kubelet_url} for creating client to query kubelet summary api") log.info("Use URL #{@kubelet_url_stats} for creating client to query kubelet stats api") log.info("Use URL #{@cadvisor_url} for creating client to query cadvisor metrics api") @@ -231,57 +224,42 @@ def initialize_rest_client # This method is used to set the options for sending a request to the kubelet api def request_options options = { method: 'get', url: @kubelet_url } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "request_options - #{options}" end - options end # This method is used to set the options for sending a request to the stats api def request_options_stats options = { method: 'get', url: @kubelet_url_stats } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "request_options_stats - #{options}" end - options end # This method is used to set the options for sending a request to the cadvisor api def cadvisor_request_options options = { method: 'get', url: @cadvisor_url } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "cadvisor_request_options - #{options}" end - options end diff --git a/test/plugin/test_in_kubernetes_metrics.rb b/test/plugin/test_in_kubernetes_metrics.rb index 03e3cb9..08fb1f4 100644 --- a/test/plugin/test_in_kubernetes_metrics.rb +++ b/test/plugin/test_in_kubernetes_metrics.rb @@ -16,6 +16,8 @@ class KubernetesMetricsInputTest < Test::Unit::TestCase insecure_ssl true interval 10s use_rest_client true + use_rest_client_ssl false + kubelet_port 10_255 ] SUMMARY_CONFIG = %[ @@ -25,6 +27,8 @@ class KubernetesMetricsInputTest < Test::Unit::TestCase insecure_ssl true interval 10s use_rest_client false + use_rest_client_ssl false + kubelet_port 10_255 ] setup do From 8c4f2ef944c44c4f4b213bea03c39f3b9b825796 Mon Sep 17 00:00:00 2001 From: Glen Patzlaff Date: Fri, 11 Jan 2019 15:35:18 -0800 Subject: [PATCH 3/6] added readme updates --- README.md | 14 ++++++++- lib/fluent/plugin/in_kubernetes_metrics.rb | 34 ++++------------------ test/plugin/test_in_kubernetes_metrics.rb | 4 +++ 3 files changed, 23 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 106cec6..96dfb58 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,19 @@ Used when use_rest_client config param is not enabled. Name of the nodes that th The port that kubelet is listening to. -Default value: `10255`. +Default value: `10250`. + +### use_rest_client (bool) (optional) + +Use the rest client to get the metrics from summary api on each kubelet. + +Default value: `true`. + +### use_rest_client_ssl (bool) (optional) + +Use SSL for rest client. + +Default value: `true`. ## License diff --git a/lib/fluent/plugin/in_kubernetes_metrics.rb b/lib/fluent/plugin/in_kubernetes_metrics.rb index 535c611..9edddde 100644 --- a/lib/fluent/plugin/in_kubernetes_metrics.rb +++ b/lib/fluent/plugin/in_kubernetes_metrics.rb @@ -52,9 +52,6 @@ class KubernetesMetricsInput < Fluent::Plugin::Input desc 'Path to the file contains the API token. By default it reads from the file "token" in the `secret_dir`.' config_param :bearer_token_file, :string, default: nil - desc 'Bearer token for the service account to be used for pulling metrics.' - config_param :bearer_token, :string, default: nil - desc "Path of the location where pod's service account's credentials are stored." config_param :secret_dir, :string, default: '/var/run/secrets/kubernetes.io/serviceaccount' @@ -65,12 +62,12 @@ class KubernetesMetricsInput < Fluent::Plugin::Input config_param :node_names, :array, default: [], value_type: :string desc 'The port that kubelet is listening to.' - config_param :kubelet_port, :integer, default: 10_255 + config_param :kubelet_port, :integer, default: 10_250 desc 'Use the rest client to get the metrics from summary api on each kubelet' config_param :use_rest_client, :bool, default: true - desc 'This option is used to get the metrics from summary api on each kubelet using ssl' + desc 'Use SSL for rest client.' config_param :use_rest_client_ssl, :bool, default: true def configure(conf) @@ -195,8 +192,7 @@ def initialize_client def initialize_rest_client env_host = @node_name - env_port = 10_255 # 10255 is the readonly port of the kubelet from where we can fetch the metrics exposed by summary API - ssl_env_port = 10_250 # 10250 is the default ssl port of the kubelet from where we can fetch the metrics exposed by summary API + env_port = @kubelet_port if env_host && env_port if @use_rest_client_ssl == false @@ -204,25 +200,22 @@ def initialize_rest_client @kubelet_url_stats = "http://#{env_host}:#{env_port}/stats/" @cadvisor_url = "http://#{env_host}:#{env_port}/metrics/cadvisor" else - @kubelet_url = "https://#{env_host}:#{ssl_env_port}/stats/summary" - @kubelet_url_stats = "https://#{env_host}:#{ssl_env_port}/stats/" - @cadvisor_url = "https://#{env_host}:#{ssl_env_port}/metrics/cadvisor" + @kubelet_url = "https://#{env_host}:#{env_port}/stats/summary" + @kubelet_url_stats = "https://#{env_host}:#{env_port}/stats/" + @cadvisor_url = "https://#{env_host}:#{env_port}/metrics/cadvisor" end end if Dir.exist?(@secret_dir) secret_ca_file = File.join(@secret_dir, 'ca.crt') secret_token_file = File.join(@secret_dir, 'token') - if @ca_file.nil? && File.exist?(secret_ca_file) @ca_file = secret_ca_file end if @bearer_token_file.nil? and File.exist?(secret_token_file) @bearer_token_file = secret_token_file end - end - log.info("Use URL #{@kubelet_url} for creating client to query kubelet summary api") log.info("Use URL #{@kubelet_url_stats} for creating client to query kubelet stats api") log.info("Use URL #{@cadvisor_url} for creating client to query cadvisor metrics api") @@ -231,57 +224,42 @@ def initialize_rest_client # This method is used to set the options for sending a request to the kubelet api def request_options options = { method: 'get', url: @kubelet_url } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "request_options - #{options}" end - options end # This method is used to set the options for sending a request to the stats api def request_options_stats options = { method: 'get', url: @kubelet_url_stats } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "request_options_stats - #{options}" end - options end # This method is used to set the options for sending a request to the cadvisor api def cadvisor_request_options options = { method: 'get', url: @cadvisor_url } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "cadvisor_request_options - #{options}" end - options end diff --git a/test/plugin/test_in_kubernetes_metrics.rb b/test/plugin/test_in_kubernetes_metrics.rb index 03e3cb9..08fb1f4 100644 --- a/test/plugin/test_in_kubernetes_metrics.rb +++ b/test/plugin/test_in_kubernetes_metrics.rb @@ -16,6 +16,8 @@ class KubernetesMetricsInputTest < Test::Unit::TestCase insecure_ssl true interval 10s use_rest_client true + use_rest_client_ssl false + kubelet_port 10_255 ] SUMMARY_CONFIG = %[ @@ -25,6 +27,8 @@ class KubernetesMetricsInputTest < Test::Unit::TestCase insecure_ssl true interval 10s use_rest_client false + use_rest_client_ssl false + kubelet_port 10_255 ] setup do From 4c198a5fe51207d209e1e8469e2b72a7adada8f9 Mon Sep 17 00:00:00 2001 From: Glen Patzlaff Date: Fri, 11 Jan 2019 15:35:18 -0800 Subject: [PATCH 4/6] added readme updates Updates based on PR feedback --- README.md | 14 ++++++++- lib/fluent/plugin/in_kubernetes_metrics.rb | 34 ++++------------------ test/plugin/test_in_kubernetes_metrics.rb | 4 +++ 3 files changed, 23 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 106cec6..96dfb58 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,19 @@ Used when use_rest_client config param is not enabled. Name of the nodes that th The port that kubelet is listening to. -Default value: `10255`. +Default value: `10250`. + +### use_rest_client (bool) (optional) + +Use the rest client to get the metrics from summary api on each kubelet. + +Default value: `true`. + +### use_rest_client_ssl (bool) (optional) + +Use SSL for rest client. + +Default value: `true`. ## License diff --git a/lib/fluent/plugin/in_kubernetes_metrics.rb b/lib/fluent/plugin/in_kubernetes_metrics.rb index 535c611..9edddde 100644 --- a/lib/fluent/plugin/in_kubernetes_metrics.rb +++ b/lib/fluent/plugin/in_kubernetes_metrics.rb @@ -52,9 +52,6 @@ class KubernetesMetricsInput < Fluent::Plugin::Input desc 'Path to the file contains the API token. By default it reads from the file "token" in the `secret_dir`.' config_param :bearer_token_file, :string, default: nil - desc 'Bearer token for the service account to be used for pulling metrics.' - config_param :bearer_token, :string, default: nil - desc "Path of the location where pod's service account's credentials are stored." config_param :secret_dir, :string, default: '/var/run/secrets/kubernetes.io/serviceaccount' @@ -65,12 +62,12 @@ class KubernetesMetricsInput < Fluent::Plugin::Input config_param :node_names, :array, default: [], value_type: :string desc 'The port that kubelet is listening to.' - config_param :kubelet_port, :integer, default: 10_255 + config_param :kubelet_port, :integer, default: 10_250 desc 'Use the rest client to get the metrics from summary api on each kubelet' config_param :use_rest_client, :bool, default: true - desc 'This option is used to get the metrics from summary api on each kubelet using ssl' + desc 'Use SSL for rest client.' config_param :use_rest_client_ssl, :bool, default: true def configure(conf) @@ -195,8 +192,7 @@ def initialize_client def initialize_rest_client env_host = @node_name - env_port = 10_255 # 10255 is the readonly port of the kubelet from where we can fetch the metrics exposed by summary API - ssl_env_port = 10_250 # 10250 is the default ssl port of the kubelet from where we can fetch the metrics exposed by summary API + env_port = @kubelet_port if env_host && env_port if @use_rest_client_ssl == false @@ -204,25 +200,22 @@ def initialize_rest_client @kubelet_url_stats = "http://#{env_host}:#{env_port}/stats/" @cadvisor_url = "http://#{env_host}:#{env_port}/metrics/cadvisor" else - @kubelet_url = "https://#{env_host}:#{ssl_env_port}/stats/summary" - @kubelet_url_stats = "https://#{env_host}:#{ssl_env_port}/stats/" - @cadvisor_url = "https://#{env_host}:#{ssl_env_port}/metrics/cadvisor" + @kubelet_url = "https://#{env_host}:#{env_port}/stats/summary" + @kubelet_url_stats = "https://#{env_host}:#{env_port}/stats/" + @cadvisor_url = "https://#{env_host}:#{env_port}/metrics/cadvisor" end end if Dir.exist?(@secret_dir) secret_ca_file = File.join(@secret_dir, 'ca.crt') secret_token_file = File.join(@secret_dir, 'token') - if @ca_file.nil? && File.exist?(secret_ca_file) @ca_file = secret_ca_file end if @bearer_token_file.nil? and File.exist?(secret_token_file) @bearer_token_file = secret_token_file end - end - log.info("Use URL #{@kubelet_url} for creating client to query kubelet summary api") log.info("Use URL #{@kubelet_url_stats} for creating client to query kubelet stats api") log.info("Use URL #{@cadvisor_url} for creating client to query cadvisor metrics api") @@ -231,57 +224,42 @@ def initialize_rest_client # This method is used to set the options for sending a request to the kubelet api def request_options options = { method: 'get', url: @kubelet_url } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "request_options - #{options}" end - options end # This method is used to set the options for sending a request to the stats api def request_options_stats options = { method: 'get', url: @kubelet_url_stats } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "request_options_stats - #{options}" end - options end # This method is used to set the options for sending a request to the cadvisor api def cadvisor_request_options options = { method: 'get', url: @cadvisor_url } - if @use_rest_client_ssl == true - ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) - log.debug "cadvisor_request_options - #{options}" end - options end diff --git a/test/plugin/test_in_kubernetes_metrics.rb b/test/plugin/test_in_kubernetes_metrics.rb index 03e3cb9..08fb1f4 100644 --- a/test/plugin/test_in_kubernetes_metrics.rb +++ b/test/plugin/test_in_kubernetes_metrics.rb @@ -16,6 +16,8 @@ class KubernetesMetricsInputTest < Test::Unit::TestCase insecure_ssl true interval 10s use_rest_client true + use_rest_client_ssl false + kubelet_port 10_255 ] SUMMARY_CONFIG = %[ @@ -25,6 +27,8 @@ class KubernetesMetricsInputTest < Test::Unit::TestCase insecure_ssl true interval 10s use_rest_client false + use_rest_client_ssl false + kubelet_port 10_255 ] setup do From 7d2f79ffad1657a6578f4766d0bf2e4a5022ccc1 Mon Sep 17 00:00:00 2001 From: Glen Patzlaff Date: Fri, 11 Jan 2019 17:48:49 -0800 Subject: [PATCH 5/6] Created set_ssl_options function to reduce repetition --- lib/fluent/plugin/in_kubernetes_metrics.rb | 42 +++++++++------------- 1 file changed, 16 insertions(+), 26 deletions(-) diff --git a/lib/fluent/plugin/in_kubernetes_metrics.rb b/lib/fluent/plugin/in_kubernetes_metrics.rb index 9edddde..be276de 100644 --- a/lib/fluent/plugin/in_kubernetes_metrics.rb +++ b/lib/fluent/plugin/in_kubernetes_metrics.rb @@ -195,14 +195,14 @@ def initialize_rest_client env_port = @kubelet_port if env_host && env_port - if @use_rest_client_ssl == false - @kubelet_url = "http://#{env_host}:#{env_port}/stats/summary" - @kubelet_url_stats = "http://#{env_host}:#{env_port}/stats/" - @cadvisor_url = "http://#{env_host}:#{env_port}/metrics/cadvisor" - else + if @use_rest_client_ssl @kubelet_url = "https://#{env_host}:#{env_port}/stats/summary" @kubelet_url_stats = "https://#{env_host}:#{env_port}/stats/" @cadvisor_url = "https://#{env_host}:#{env_port}/metrics/cadvisor" + else + @kubelet_url = "http://#{env_host}:#{env_port}/stats/summary" + @kubelet_url_stats = "http://#{env_host}:#{env_port}/stats/" + @cadvisor_url = "http://#{env_host}:#{env_port}/metrics/cadvisor" end end @@ -221,45 +221,35 @@ def initialize_rest_client log.info("Use URL #{@cadvisor_url} for creating client to query cadvisor metrics api") end - # This method is used to set the options for sending a request to the kubelet api - def request_options - options = { method: 'get', url: @kubelet_url } - if @use_rest_client_ssl == true + def set_ssl_options + if @use_rest_client_ssl ssl_options = { ssl_ca_file: @ca_file, verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } - options = options.merge(ssl_options) end + ssl_options + end + + # This method is used to set the options for sending a request to the kubelet api + def request_options + options = { method: 'get', url: @kubelet_url } + options = options.merge(set_ssl_options()) options end # This method is used to set the options for sending a request to the stats api def request_options_stats options = { method: 'get', url: @kubelet_url_stats } - if @use_rest_client_ssl == true - ssl_options = { - ssl_ca_file: @ca_file, - verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, - headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} - } - options = options.merge(ssl_options) - end + options = options.merge(set_ssl_options()) options end # This method is used to set the options for sending a request to the cadvisor api def cadvisor_request_options options = { method: 'get', url: @cadvisor_url } - if @use_rest_client_ssl == true - ssl_options = { - ssl_ca_file: @ca_file, - verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, - headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} - } - options = options.merge(ssl_options) - end + options = options.merge(set_ssl_options()) options end From 4aaaca3fcf583ded99c8048fa670540575f15f63 Mon Sep 17 00:00:00 2001 From: Glen Patzlaff Date: Fri, 11 Jan 2019 18:07:30 -0800 Subject: [PATCH 6/6] Added missing default value --- lib/fluent/plugin/in_kubernetes_metrics.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/fluent/plugin/in_kubernetes_metrics.rb b/lib/fluent/plugin/in_kubernetes_metrics.rb index be276de..00dc707 100644 --- a/lib/fluent/plugin/in_kubernetes_metrics.rb +++ b/lib/fluent/plugin/in_kubernetes_metrics.rb @@ -228,6 +228,8 @@ def set_ssl_options verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} } + else + ssl_options = {} end ssl_options end