Add bearer token defaults for Kubernetes plugins (#6356)

2019-11-06 21:37:48 +00:00
parent 6881c64431
commit 284c7fc404
4 changed files with 57 additions and 28 deletions
--- a/plugins/inputs/kubernetes/README.md
+++ b/plugins/inputs/kubernetes/README.md
@@ -38,6 +38,8 @@ avoid cardinality issues:
  url = "http://127.0.0.1:10255"

  ## Use bearer token for authorization. ('bearer_token' takes priority)
+  ## If both of these are empty, we'll use the default serviceaccount:
+  ## at: /run/secrets/kubernetes.io/serviceaccount/token
  # bearer_token = "/path/to/bearer/token"
  ## OR
  # bearer_token_string = "abc_123"
--- a/plugins/inputs/kubernetes/kubernetes.go
+++ b/plugins/inputs/kubernetes/kubernetes.go
@@ -36,6 +36,8 @@ var sampleConfig = `
  url = "http://127.0.0.1:10255"

  ## Use bearer token for authorization. ('bearer_token' takes priority)
+  ## If both of these are empty, we'll use the default serviceaccount:
+  ## at: /run/secrets/kubernetes.io/serviceaccount/token
  # bearer_token = "/path/to/bearer/token"
  ## OR
  # bearer_token_string = "abc_123"
@@ -52,7 +54,8 @@ var sampleConfig = `
 `

 const (
-	summaryEndpoint = `%s/stats/summary`
+	summaryEndpoint           = `%s/stats/summary`
+	defaultServiceAccountPath = "/run/secrets/kubernetes.io/serviceaccount/token"
 )

 func init() {
@@ -71,6 +74,23 @@ func (k *Kubernetes) Description() string {
 	return "Read metrics from the kubernetes kubelet api"
 }

+func (k *Kubernetes) Init() error {
+	// If neither are provided, use the default service account.
+	if k.BearerToken == "" && k.BearerTokenString == "" {
+		k.BearerToken = defaultServiceAccountPath
+	}
+
+	if k.BearerToken != "" {
+		token, err := ioutil.ReadFile(k.BearerToken)
+		if err != nil {
+			return err
+		}
+		k.BearerTokenString = strings.TrimSpace(string(token))
+	}
+
+	return nil
+}
+
 //Gather collects kubernetes metrics from a given URL
 func (k *Kubernetes) Gather(acc telegraf.Accumulator) error {
 	acc.AddError(k.gatherSummary(k.URL, acc))
@@ -108,15 +128,7 @@ func (k *Kubernetes) gatherSummary(baseURL string, acc telegraf.Accumulator) err
 		}
 	}

-	if k.BearerToken != "" {
-		token, err := ioutil.ReadFile(k.BearerToken)
-		if err != nil {
-			return err
-		}
-		req.Header.Set("Authorization", "Bearer "+strings.TrimSpace(string(token)))
-	} else if k.BearerTokenString != "" {
-		req.Header.Set("Authorization", "Bearer "+k.BearerTokenString)
-	}
+	req.Header.Set("Authorization", "Bearer "+k.BearerTokenString)
 	req.Header.Add("Accept", "application/json")

 	resp, err = k.RoundTripper.RoundTrip(req)