Add bearer token defaults for Kubernetes plugins (#6356)

This commit is contained in:
David McKay 2019-11-06 21:37:48 +00:00 committed by Daniel Nelson
parent 6881c64431
commit 284c7fc404
4 changed files with 57 additions and 28 deletions

View File

@ -41,6 +41,8 @@ avoid cardinality issues:
# namespace = "default"
## Use bearer token for authorization. ('bearer_token' takes priority)
## If both of these are empty, we'll use the default serviceaccount:
## at: /run/secrets/kubernetes.io/serviceaccount/token
# bearer_token = "/path/to/bearer/token"
## OR
# bearer_token_string = "abc_123"
@ -265,6 +267,7 @@ The persistentvolumeclaim "phase" is saved in the `phase` tag with a correlated
| pending | 2 |
| unknown | 3 |
### Example Output:
```

View File

@ -19,6 +19,10 @@ import (
"github.com/influxdata/telegraf/plugins/inputs"
)
const (
defaultServiceAccountPath = "/run/secrets/kubernetes.io/serviceaccount/token"
)
// KubernetesInventory represents the config object for the plugin.
type KubernetesInventory struct {
URL string `toml:"url"`
@ -42,6 +46,8 @@ var sampleConfig = `
# namespace = "default"
## Use bearer token for authorization. ('bearer_token' takes priority)
## If both of these are empty, we'll use the default serviceaccount:
## at: /run/secrets/kubernetes.io/serviceaccount/token
# bearer_token = "/path/to/bearer/token"
## OR
# bearer_token_string = "abc_123"
@ -77,14 +83,32 @@ func (ki *KubernetesInventory) Description() string {
return "Read metrics from the Kubernetes api"
}
// Gather collects kubernetes metrics from a given URL.
func (ki *KubernetesInventory) Gather(acc telegraf.Accumulator) (err error) {
if ki.client == nil {
if ki.client, err = ki.initClient(); err != nil {
return err
}
func (ki *KubernetesInventory) Init() error {
// If neither are provided, use the default service account.
if ki.BearerToken == "" && ki.BearerTokenString == "" {
ki.BearerToken = defaultServiceAccountPath
}
if ki.BearerToken != "" {
token, err := ioutil.ReadFile(ki.BearerToken)
if err != nil {
return err
}
ki.BearerTokenString = strings.TrimSpace(string(token))
}
var err error
ki.client, err = newClient(ki.URL, ki.Namespace, ki.BearerTokenString, ki.ResponseTimeout.Duration, ki.ClientConfig)
if err != nil {
return err
}
return nil
}
// Gather collects kubernetes metrics from a given URL.
func (ki *KubernetesInventory) Gather(acc telegraf.Accumulator) (err error) {
resourceFilter, err := filter.NewIncludeExcludeFilter(ki.ResourceInclude, ki.ResourceExclude)
if err != nil {
return err
@ -121,18 +145,6 @@ var availableCollectors = map[string]func(ctx context.Context, acc telegraf.Accu
"persistentvolumeclaims": collectPersistentVolumeClaims,
}
func (ki *KubernetesInventory) initClient() (*client, error) {
if ki.BearerToken != "" {
token, err := ioutil.ReadFile(ki.BearerToken)
if err != nil {
return nil, err
}
ki.BearerTokenString = strings.TrimSpace(string(token))
}
return newClient(ki.URL, ki.Namespace, ki.BearerTokenString, ki.ResponseTimeout.Duration, ki.ClientConfig)
}
func atoi(s string) int64 {
i, err := strconv.ParseInt(s, 10, 64)
if err != nil {

View File

@ -38,6 +38,8 @@ avoid cardinality issues:
url = "http://127.0.0.1:10255"
## Use bearer token for authorization. ('bearer_token' takes priority)
## If both of these are empty, we'll use the default serviceaccount:
## at: /run/secrets/kubernetes.io/serviceaccount/token
# bearer_token = "/path/to/bearer/token"
## OR
# bearer_token_string = "abc_123"

View File

@ -36,6 +36,8 @@ var sampleConfig = `
url = "http://127.0.0.1:10255"
## Use bearer token for authorization. ('bearer_token' takes priority)
## If both of these are empty, we'll use the default serviceaccount:
## at: /run/secrets/kubernetes.io/serviceaccount/token
# bearer_token = "/path/to/bearer/token"
## OR
# bearer_token_string = "abc_123"
@ -53,6 +55,7 @@ var sampleConfig = `
const (
summaryEndpoint = `%s/stats/summary`
defaultServiceAccountPath = "/run/secrets/kubernetes.io/serviceaccount/token"
)
func init() {
@ -71,6 +74,23 @@ func (k *Kubernetes) Description() string {
return "Read metrics from the kubernetes kubelet api"
}
func (k *Kubernetes) Init() error {
// If neither are provided, use the default service account.
if k.BearerToken == "" && k.BearerTokenString == "" {
k.BearerToken = defaultServiceAccountPath
}
if k.BearerToken != "" {
token, err := ioutil.ReadFile(k.BearerToken)
if err != nil {
return err
}
k.BearerTokenString = strings.TrimSpace(string(token))
}
return nil
}
//Gather collects kubernetes metrics from a given URL
func (k *Kubernetes) Gather(acc telegraf.Accumulator) error {
acc.AddError(k.gatherSummary(k.URL, acc))
@ -108,15 +128,7 @@ func (k *Kubernetes) gatherSummary(baseURL string, acc telegraf.Accumulator) err
}
}
if k.BearerToken != "" {
token, err := ioutil.ReadFile(k.BearerToken)
if err != nil {
return err
}
req.Header.Set("Authorization", "Bearer "+strings.TrimSpace(string(token)))
} else if k.BearerTokenString != "" {
req.Header.Set("Authorization", "Bearer "+k.BearerTokenString)
}
req.Header.Add("Accept", "application/json")
resp, err = k.RoundTripper.RoundTrip(req)