Implement target discovery in own k8s namespace

This commit adds support for discovering targets from the same Kubernetes namespace as the Prometheus pod itself. Own-namespace discovery can be indicated by using "." as the namespace. Fixes #9782 Signed-off-by: fpetkovski <filip.petkovsky@gmail.com>
2021-11-27 11:51:33 +01:00 · 2021-11-27 11:51:33 +01:00 · de87515b24
parent 6f3e664ae7
commit de87515b24
8 changed files with 310 additions and 4 deletions
--- a/discovery/kubernetes/endpoints_test.go
+++ b/discovery/kubernetes/endpoints_test.go
@ -615,3 +615,86 @@ func TestEndpointsDiscoveryNamespaces(t *testing.T) {
 		},
 	}.Run(t)
 }
+
+func TestEndpointsDiscoveryOwnNamespace(t *testing.T) {
+	epOne := makeEndpoints()
+	epOne.Namespace = "own-ns"
+
+	epTwo := makeEndpoints()
+	epTwo.Namespace = "non-own-ns"
+
+	podOne := &v1.Pod{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "testpod",
+			Namespace: "own-ns",
+			UID:       types.UID("deadbeef"),
+		},
+		Spec: v1.PodSpec{
+			NodeName: "testnode",
+			Containers: []v1.Container{
+				{
+					Name: "p1",
+					Ports: []v1.ContainerPort{
+						{
+							Name:          "mainport",
+							ContainerPort: 9000,
+							Protocol:      v1.ProtocolTCP,
+						},
+					},
+				},
+			},
+		},
+		Status: v1.PodStatus{
+			HostIP: "2.3.4.5",
+			PodIP:  "4.3.2.1",
+		},
+	}
+
+	podTwo := podOne.DeepCopy()
+	podTwo.Namespace = "non-own-ns"
+
+	objs := []runtime.Object{
+		epOne,
+		epTwo,
+		podOne,
+		podTwo,
+	}
+
+	n, _ := makeDiscovery(RoleEndpoint, NamespaceDiscovery{IncludeOwnNamespace: true}, objs...)
+
+	k8sDiscoveryTest{
+		discovery:        n,
+		expectedMaxItems: 1,
+		expectedRes: map[string]*targetgroup.Group{
+			"endpoints/own-ns/testendpoints": {
+				Targets: []model.LabelSet{
+					{
+						"__address__":                              "1.2.3.4:9000",
+						"__meta_kubernetes_endpoint_hostname":      "testendpoint1",
+						"__meta_kubernetes_endpoint_node_name":     "foobar",
+						"__meta_kubernetes_endpoint_port_name":     "testport",
+						"__meta_kubernetes_endpoint_port_protocol": "TCP",
+						"__meta_kubernetes_endpoint_ready":         "true",
+					},
+					{
+						"__address__":                              "2.3.4.5:9001",
+						"__meta_kubernetes_endpoint_port_name":     "testport",
+						"__meta_kubernetes_endpoint_port_protocol": "TCP",
+						"__meta_kubernetes_endpoint_ready":         "true",
+					},
+					{
+						"__address__":                              "2.3.4.5:9001",
+						"__meta_kubernetes_endpoint_port_name":     "testport",
+						"__meta_kubernetes_endpoint_port_protocol": "TCP",
+						"__meta_kubernetes_endpoint_ready":         "false",
+					},
+				},
+				Labels: model.LabelSet{
+					"__meta_kubernetes_namespace":      "own-ns",
+					"__meta_kubernetes_endpoints_name": "testendpoints",
+				},
+				Source: "endpoints/own-ns/testendpoints",
+			},
+		},
+	}.Run(t)
+}
--- a/discovery/kubernetes/endpointslice_test.go
+++ b/discovery/kubernetes/endpointslice_test.go
@ -630,3 +630,87 @@ func TestEndpointSliceDiscoveryNamespaces(t *testing.T) {
 		},
 	}.Run(t)
 }
+
+func TestEndpointSliceDiscoveryOwnNamespace(t *testing.T) {
+	epOne := makeEndpointSlice()
+	epOne.Namespace = "own-ns"
+
+	epTwo := makeEndpointSlice()
+	epTwo.Namespace = "non-own-ns"
+
+	podOne := &v1.Pod{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "testpod",
+			Namespace: "own-ns",
+			UID:       types.UID("deadbeef"),
+		},
+		Spec: v1.PodSpec{
+			NodeName: "testnode",
+			Containers: []v1.Container{
+				{
+					Name: "p1",
+					Ports: []v1.ContainerPort{
+						{
+							Name:          "mainport",
+							ContainerPort: 9000,
+							Protocol:      v1.ProtocolTCP,
+						},
+					},
+				},
+			},
+		},
+		Status: v1.PodStatus{
+			HostIP: "2.3.4.5",
+			PodIP:  "4.3.2.1",
+		},
+	}
+
+	podTwo := podOne.DeepCopy()
+	podTwo.Namespace = "non-own-ns"
+
+	objs := []runtime.Object{
+		epOne,
+		epTwo,
+		podOne,
+		podTwo,
+	}
+	n, _ := makeDiscovery(RoleEndpointSlice, NamespaceDiscovery{IncludeOwnNamespace: true}, objs...)
+
+	k8sDiscoveryTest{
+		discovery:        n,
+		expectedMaxItems: 1,
+		expectedRes: map[string]*targetgroup.Group{
+			"endpointslice/own-ns/testendpoints": {
+				Targets: []model.LabelSet{
+					{
+						"__address__": "1.2.3.4:9000",
+						"__meta_kubernetes_endpointslice_endpoint_hostname": "testendpoint1",
+						"__meta_kubernetes_endpointslice_port":              "9000",
+						"__meta_kubernetes_endpointslice_port_name":         "testport",
+						"__meta_kubernetes_endpointslice_port_protocol":     "TCP",
+					},
+					{
+						"__address__": "2.3.4.5:9000",
+						"__meta_kubernetes_endpointslice_endpoint_conditions_ready": "true",
+						"__meta_kubernetes_endpointslice_port":                      "9000",
+						"__meta_kubernetes_endpointslice_port_name":                 "testport",
+						"__meta_kubernetes_endpointslice_port_protocol":             "TCP",
+					},
+					{
+						"__address__": "3.4.5.6:9000",
+						"__meta_kubernetes_endpointslice_endpoint_conditions_ready": "false",
+						"__meta_kubernetes_endpointslice_port":                      "9000",
+						"__meta_kubernetes_endpointslice_port_name":                 "testport",
+						"__meta_kubernetes_endpointslice_port_protocol":             "TCP",
+					},
+				},
+				Labels: model.LabelSet{
+					"__meta_kubernetes_endpointslice_address_type": "IPv4",
+					"__meta_kubernetes_endpointslice_name":         "testendpoints",
+					"__meta_kubernetes_namespace":                  "own-ns",
+				},
+				Source: "endpointslice/own-ns/testendpoints",
+			},
+		},
+	}.Run(t)
+}
--- a/discovery/kubernetes/ingress_test.go
+++ b/discovery/kubernetes/ingress_test.go
@ -323,3 +323,21 @@ func TestIngressDiscoveryNamespacesV1beta1(t *testing.T) {
 		expectedRes:      expected,
 	}.Run(t)
 }
+
+func TestIngressDiscoveryOwnNamespace(t *testing.T) {
+	n, c := makeDiscovery(RoleIngress, NamespaceDiscovery{IncludeOwnNamespace: true})
+
+	expected := expectedTargetGroups("own-ns", TLSNo)
+	k8sDiscoveryTest{
+		discovery: n,
+		afterStart: func() {
+			for _, ns := range []string{"own-ns", "non-own-ns"} {
+				obj := makeIngress(TLSNo)
+				obj.Namespace = ns
+				c.NetworkingV1().Ingresses(obj.Namespace).Create(context.Background(), obj, metav1.CreateOptions{})
+			}
+		},
+		expectedMaxItems: 1,
+		expectedRes:      expected,
+	}.Run(t)
+}
--- a/discovery/kubernetes/kubernetes.go
+++ b/discovery/kubernetes/kubernetes.go
@ -16,6 +16,7 @@ package kubernetes
 import (
 	"context"
 	"fmt"
+	"io/ioutil"
 	"reflect"
 	"strings"
 	"sync"
@ -48,7 +49,7 @@ import (
 )

 const (
-	// kubernetesMetaLabelPrefix is the meta prefix used for all meta labels.
+	// metaLabelPrefix is the meta prefix used for all meta labels.
 	// in this discovery.
 	metaLabelPrefix  = model.MetaLabelPrefix + "kubernetes_"
 	namespaceLabel   = metaLabelPrefix + "namespace"
@ -230,7 +231,8 @@ func (c *SDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 // NamespaceDiscovery is the configuration for discovering
 // Kubernetes namespaces.
 type NamespaceDiscovery struct {
-	Names []string `yaml:"names"`
+	IncludeOwnNamespace bool     `yaml:"own_namespace"`
+	Names               []string `yaml:"names"`
 }

 // UnmarshalYAML implements the yaml.Unmarshaler interface.
@ -250,13 +252,21 @@ type Discovery struct {
 	namespaceDiscovery *NamespaceDiscovery
 	discoverers        []discovery.Discoverer
 	selectors          roleSelector
+	ownNamespace       string
 }

 func (d *Discovery) getNamespaces() []string {
 	namespaces := d.namespaceDiscovery.Names
-	if len(namespaces) == 0 {
-		namespaces = []string{apiv1.NamespaceAll}
+	includeOwnNamespace := d.namespaceDiscovery.IncludeOwnNamespace
+
+	if len(namespaces) == 0 && !includeOwnNamespace {
+		return []string{apiv1.NamespaceAll}
 	}
+
+	if includeOwnNamespace {
+		return append(namespaces, d.ownNamespace)
+	}
+
 	return namespaces
 }

@ -299,6 +309,12 @@ func New(l log.Logger, conf *SDConfig) (*Discovery, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	ownNamespace, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
+	if err != nil {
+		return nil, fmt.Errorf("could not determine the pod's namespace: %w", err)
+	}
+
 	return &Discovery{
 		client:             c,
 		logger:             l,
@ -306,6 +322,7 @@ func New(l log.Logger, conf *SDConfig) (*Discovery, error) {
 		namespaceDiscovery: &conf.NamespaceDiscovery,
 		discoverers:        make([]discovery.Discoverer, 0),
 		selectors:          mapSelector(conf.Selectors),
+		ownNamespace:       string(ownNamespace),
 	}, nil
 }

--- a/discovery/kubernetes/kubernetes_test.go
+++ b/discovery/kubernetes/kubernetes_test.go
@ -54,6 +54,7 @@ func makeDiscoveryWithVersion(role Role, nsDiscovery NamespaceDiscovery, k8sVer
 		logger:             log.NewNopLogger(),
 		role:               role,
 		namespaceDiscovery: &nsDiscovery,
+		ownNamespace:       "own-ns",
 	}, clientset
 }

--- a/discovery/kubernetes/pod_test.go
+++ b/discovery/kubernetes/pod_test.go
@ -389,3 +389,21 @@ func TestPodDiscoveryNamespaces(t *testing.T) {
 		expectedRes:      expected,
 	}.Run(t)
 }
+
+func TestPodDiscoveryOwnNamespace(t *testing.T) {
+	n, c := makeDiscovery(RolePod, NamespaceDiscovery{IncludeOwnNamespace: true})
+
+	expected := expectedPodTargetGroups("own-ns")
+	k8sDiscoveryTest{
+		discovery: n,
+		beforeRun: func() {
+			for _, ns := range []string{"own-ns", "non-own-ns"} {
+				pod := makePods()
+				pod.Namespace = ns
+				c.CoreV1().Pods(pod.Namespace).Create(context.Background(), pod, metav1.CreateOptions{})
+			}
+		},
+		expectedMaxItems: 1,
+		expectedRes:      expected,
+	}.Run(t)
+}
--- a/discovery/kubernetes/service_test.go
+++ b/discovery/kubernetes/service_test.go
@ -254,3 +254,87 @@ func TestServiceDiscoveryNamespaces(t *testing.T) {
 		},
 	}.Run(t)
 }
+
+func TestServiceDiscoveryOwnNamespace(t *testing.T) {
+	n, c := makeDiscovery(RoleService, NamespaceDiscovery{IncludeOwnNamespace: true})
+
+	k8sDiscoveryTest{
+		discovery: n,
+		afterStart: func() {
+			for _, ns := range []string{"own-ns", "non-own-ns"} {
+				obj := makeService()
+				obj.Namespace = ns
+				c.CoreV1().Services(obj.Namespace).Create(context.Background(), obj, metav1.CreateOptions{})
+			}
+		},
+		expectedMaxItems: 1,
+		expectedRes: map[string]*targetgroup.Group{
+			"svc/own-ns/testservice": {
+				Targets: []model.LabelSet{
+					{
+						"__meta_kubernetes_service_port_protocol": "TCP",
+						"__address__":                          "testservice.own-ns.svc:30900",
+						"__meta_kubernetes_service_type":       "ClusterIP",
+						"__meta_kubernetes_service_cluster_ip": "10.0.0.1",
+						"__meta_kubernetes_service_port_name":  "testport",
+					},
+				},
+				Labels: model.LabelSet{
+					"__meta_kubernetes_service_name": "testservice",
+					"__meta_kubernetes_namespace":    "own-ns",
+				},
+				Source: "svc/own-ns/testservice",
+			},
+		},
+	}.Run(t)
+}
+
+func TestServiceDiscoveryAllNamespaces(t *testing.T) {
+	n, c := makeDiscovery(RoleService, NamespaceDiscovery{})
+
+	k8sDiscoveryTest{
+		discovery: n,
+		afterStart: func() {
+			for _, ns := range []string{"own-ns", "non-own-ns"} {
+				obj := makeService()
+				obj.Namespace = ns
+				c.CoreV1().Services(obj.Namespace).Create(context.Background(), obj, metav1.CreateOptions{})
+			}
+		},
+		expectedMaxItems: 2,
+		expectedRes: map[string]*targetgroup.Group{
+			"svc/own-ns/testservice": {
+				Targets: []model.LabelSet{
+					{
+						"__meta_kubernetes_service_port_protocol": "TCP",
+						"__address__":                          "testservice.own-ns.svc:30900",
+						"__meta_kubernetes_service_type":       "ClusterIP",
+						"__meta_kubernetes_service_cluster_ip": "10.0.0.1",
+						"__meta_kubernetes_service_port_name":  "testport",
+					},
+				},
+				Labels: model.LabelSet{
+					"__meta_kubernetes_service_name": "testservice",
+					"__meta_kubernetes_namespace":    "own-ns",
+				},
+				Source: "svc/own-ns/testservice",
+			},
+			"svc/non-own-ns/testservice": {
+				Targets: []model.LabelSet{
+					{
+						"__meta_kubernetes_service_port_protocol": "TCP",
+						"__address__":                          "testservice.non-own-ns.svc:30900",
+						"__meta_kubernetes_service_type":       "ClusterIP",
+						"__meta_kubernetes_service_cluster_ip": "10.0.0.1",
+						"__meta_kubernetes_service_port_name":  "testport",
+					},
+				},
+				Labels: model.LabelSet{
+					"__meta_kubernetes_service_name": "testservice",
+					"__meta_kubernetes_namespace":    "non-own-ns",
+				},
+				Source: "svc/non-own-ns/testservice",
+			},
+		},
+	}.Run(t)
+}
--- a/docs/configuration/configuration.md
+++ b/docs/configuration/configuration.md
@ -1694,6 +1694,7 @@ tls_config:

 # Optional namespace discovery. If omitted, all namespaces are used.
 namespaces:
+  own_namespace: <bool>
  names:
    [ - <string> ]