Kubernetes metadata enhancements

[ChrsMark]

What does this PR do?

1. adds kubernetes.host.hostname on node metadata,
2. attach node metadata on pod metadata by default (without add_resource_metadata required to enabled) for both events coming from autodiscovered pods but also for events enriched by add_kubernetes_metadata
3. attach namespace metadata on pod metadata by default (without add_resource_metadata required to enabled) for both events coming from autodiscovered pods but also for events enriched by add_kubernetes_metadata
4. Enables always add_resource_metadata section for autodiscover and add_kubernetes_metadata.

Why is it important?

This information is useful in various ways. See more on the respective issue: #20434

How to test this PR manually

1. Use autodiscover config like:

Test with autodiscover provider

filebeat.autodiscover:
  providers:
    - type: kubernetes
      node: ${NODE_NAME}
      hints.enabled: true
      hints.default_config:
        type: container
        paths:
          - /var/log/containers/*${data.kubernetes.container.id}.log

2. Make sure that Redis module is enabled and that kubernetes.node.hostname field is populated.

Test with add_kubernetes_metadata processor

filebeat.inputs:
- type: container
  paths:
    - /var/log/containers/*.log
  processors:
    - add_kubernetes_metadata:
        host: ${NODE_NAME}
        matchers:
        - logs_path:
            logs_path: "/var/log/containers/"

2. Make sure that kubernetes.node.hostname field is populated as well as kubernetes.node.* and kubernetes.namespace.*.

Related issues

• Closes Add kubernetes.node.hostname field with the actual hostname of the node #20434

Screenshots

Filebeat & add_kubernetes_metadata:

Autodiscover:

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: [Pull request #22189 updated]

• Start Time: 2020-11-11T05:22:06.978+0000

• Duration: 75 min 33 sec

Test stats 🧪

Test	Results
Failed	0
Passed	16413
Skipped	1344
Total	17757

[elasticmachine]

Pinging @elastic/integrations-platforms (Team:Platforms)

[elasticmachine]

Pinging @elastic/ingest-management (Team:Ingest Management)

[elasticmachine]

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	16413
Skipped	1344
Total	17757

[ChrsMark]

@jsoriano @exekias this is in a reviewable state right now so feel free to have a look and comment.

[jsoriano]

Thinking about this comment #20434 (comment), perhaps we should store this value directly in host.name (instead of storing it in kubernetes.node.hostname). What I am not sure is if then we should also populate host.id or other inventory fields and with what values.

Other option can be to postpone the decision and copy the field if we decide to use host.name.

@exekias @kaiyan-sheng wdyt?

[exekias]

Using host.name sounds like a good idea to me, this complies with the current definition we use. It would be good to do some testing to see if what add_host_metadata reports is the same thing reported by Kubernetes. For instance, when you change the hostname by hand, with and without setting a fqdn.

I think we need a deeper discussion around where host.id should be set, what will happen when add_host_metadata kicks in but host.name is already set by add_kubernetes_metadata? What will happen if add_host_metadata happens before add_kubernetes_metadata?

[ChrsMark]

That sounds good to me! How about keeping the scope of this PR to just adding the node's metadata and opening a follow up issue so as to investigate further about host.name in separate story?

[jsoriano]

How about keeping the scope of this PR to just adding the node's metadata and opening a follow up issue so as to investigate further about host.name in separate story?

LGTM, worst case we will duplicate this field.

[kaiyan-sheng]

I think we need a deeper discussion around where host.id should be set, what will happen when add_host_metadata kicks in but host.name is already set by add_kubernetes_metadata? What will happen if add_host_metadata happens before add_kubernetes_metadata?

Agree. This is definitely worth some time to test and discuss. When users have more than one processor enabled for Metricbeat, overwriting the same fields will be a problem. We also have this issue to discuss moving adding host.name into add_host_metadata. But then both host.id and host.name will have this same issue.

[jsoriano]

Shouldn't we use the hostname in obj.Status.Addresses[...].Address? I am concerned that when using cluster scope we can be setting here the hostname of the observer, and not the one the event belongs to.

[ChrsMark]

++ good catch!

[jsoriano]

We are passing the hostname in many places, I wonder if we may be using the wrong hostname when using cluster scope.

[ChrsMark]

++ good catch!

[ChrsMark]

@jsoriano thanks for the suggestion! I made a change to this direction so feel free to have another look :)

@exekias @kaiyan-sheng any thoughts about #22189 (comment)?

[ChrsMark]

Looks good, only a comment about docs. As tnode and namespace metadata is always added, we should probably remove mentions to add_resource_metadata.*.enabled. Not sure if other options in add_resource_metadata are still used.

👍🏼 Thanks for the review @jsoriano! I ended up removing add_resource_metadata completely. The only concern about this could be the volume of labels and annotations that might be too big. With this change we IncludeLabels & IncludeAnnotations by default for node and namespace of a Pod. @exekias do you think this is something we can do?
Maybe this is a case of add_resource_metadata being useful and maybe we could keep it only for cases where we want to restrict the volume of labels/annotations that are added. I'm in two minds here 😅 so I would love your feedback.

[jsoriano]

With this change we IncludeLabels & IncludeAnnotations by default for node and namespace of a Pod.

I think we need to keep something to selectively include annotations, maybe we can keep add_resource_metadata only for this. Or, to have more simple options, what about using for that the same config as in the provider and the processor?

[ChrsMark]

++ Aggreed @jsoriano ! Tried to take it to this direction in my last commit (75cb108)

[jsoriano]

👍