-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Kubernetes Provider] Apply namespace filter to watchers #39881
[Kubernetes Provider] Apply namespace filter to watchers #39881
Conversation
Signed-off-by: constanca <constanca.manteigas@elastic.co>
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
Signed-off-by: constanca <constanca.manteigas@elastic.co>
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
Signed-off-by: constanca <constanca.manteigas@elastic.co>
@@ -196,7 +193,7 @@ Example: | |||
|
|||
`unique`:: (Optional) Defaults to `false`. Marking an autodiscover provider as unique results into | |||
making the provider to enable the provided templates only when it will gain the leader lease. | |||
This setting can only be combined with `cluster` scope. When `unique` is enabled enabled, `resource` | |||
This setting can only be combined with `cluster` scope. When `unique` is enabled, `resource` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not related with this PR but what do we mean when we say here that with unique: true the add_resource_metadata
settings are not taken into account?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If unique: true
then we are not using watchers, I think that's why they are not taken into account.
Namespace: config.Namespace, | ||
SyncTimeout: config.SyncPeriod, | ||
Namespace: config.Namespace, | ||
HonorReSyncs: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering if we need to make this configurable?
I dont find a place where we have documented the use of resyncs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is just for devs, indeed.
Proposed commit message
I also added the option
HonorReSyncs
to make sure we don't lose any events.Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.How to test this PR locally
Run your own metricbeat as stated here. The way I tested this change is better explained in Results section.
Related issues
Results
I have a cluster with the following resources:
If I apply
namespace: default
, I expect to only see pods from that namespace. I have deployed 3 resources in the default namespace: a cronjob, a deployment and a pod (to test all three watchers).The resources manifest used is this one.
Filtering by namespace
I set `namespace: default` in the Kubernetes provider like this.
I left my metricbeat running for a while. Then I checked how many pods were emitting events and from which namespaces they come from:
They all come from
default
namespace as expected.Not filtering by namespace
I now removed the
namespace: default
from my kubernetes provider.I let metricbeat run for a while. This time I can see:
We receive events from all namespaces, since it is not filtered.