[Agent] Support Node and Service autodiscovery in k8s provider

[ChrsMark]

What does this PR do?

This PR adds more resources in kubernetes dynamic provider.

Why is it important?

So as to support Node and Service discovery via kubernetes dynamic provider of Agent.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
  - [ ] I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

Test with node resource`:

1. Use the following config:

providers.kubernetes:
  scope: cluster
  kube_config: /Users/chrismark/.kube/config
  cleanup_timeout: 360s
  resources:
    node: 
      enabled: true

inputs:
  - type: logfile
    streams:
      - paths: ${kubernetes.node.name}/another.log

2. Run inspect command to check what is the compiled configuration (use proper path for the elastic-agent.yml config file :
   ./elastic-agent -c /Users/ubuntu/Desktop/elastic-agent.yml inspect output -o default
3. Verify that something similar to the following is produced:

filebeat:
  inputs:
  - index: logs-generic-default
    paths: kind-control-plane/another.log
    processors:
    - add_fields:
        fields:
          node:
            annotations:
              kubeadm:
                alpha:
                  kubernetes:
                    io/cri-socket: unix:///run/containerd/containerd.sock
              node:
                alpha:
                  kubernetes:
                    io/ttl: "0"
              volumes:
                kubernetes:
                  io/controller-managed-attach-detach: "true"
            ip: 172.18.0.3
            labels:
              beta.kubernetes.io/arch: amd64
              beta.kubernetes.io/os: linux
              kubernetes.io/arch: amd64
              kubernetes.io/hostname: kind-control-plane
              kubernetes.io/os: linux
              node-role.kubernetes.io/master: ""
            name: kind-control-plane
            uid: 65e26851-66d2-44f9-948d-37e2c43f50f7
        target: kubernetes

Test with service resource.

providers.kubernetes:
  scope: cluster
  kube_config: /Users/chrismark/.kube/config
  cleanup_timeout: 360s
  resources:
    service: 
      enabled: true

inputs:
  - type: logfile
    streams:
      - paths: ${kubernetes.service.name}/another.log

Test with pod

providers.kubernetes:
  scope: cluster
  kube_config: /Users/chrismark/.kube/config
  cleanup_timeout: 360s
  resources:
    pod:
       enabled: true

inputs:
  - type: logfile
    streams:
      - paths: ${kubernetes.pod.name}/another.log

Test with service resource and node scope.

providers.kubernetes:
  scope: node
  kube_config: /Users/chrismark/.kube/config
 cleanup_timeout: 360s
  resources:
    service:
      enabled: true
      

inputs:
  - type: logfile
    streams:
      - paths: ${kubernetes.service.name}/another.log

2. Verify from the logs that the scope was enforced to cluster scope (can not set scope to node when using resource Service. resetting scope to cluster), and that kubernetes.scope field is populated with cluster value.

Test with pod at node scope and define node

providers.kubernetes:
  scope: node
  kube_config: /Users/chrismark/.kube/config
  cleanup_timeout: 360s
  node: "kind-control-plane"
  resources:
    pod:
      enabled: true
      

inputs:
  - type: logfile
    streams:
      - paths: ${kubernetes.pod.name}/another.log

Related issues

• Closes Add more resources in kubernetes composable provider #24496

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2021-07-22T07:12:23.231+0000

• Duration: 98 min 0 sec

• Commit: 701236c

Test stats 🧪

Test	Results
Failed	0
Passed	7012
Skipped	16
Total	7028

Trends 🧪

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test	Results
Failed	0
Passed	7012
Skipped	16
Total	7028

[MichaelKatsoulis]

LGTM. It is nice splitting different resource watchers in their respectful files.

[elasticmachine]

Pinging @elastic/integrations (Team:Integrations)

[ChrsMark]

Opening this for review. I tested it manually with the scenarios mentioned in this PR's description. I plan to add unit tests for the provider too but the implementation should be ready for review now.

[ChrsMark]

Note: Latest commit (43f5136) tries to improve data emission handling in yield like way so as to help with test covering too. We can revert it if we find that it is not of our liking.

[jsoriano]

@ChrsMark thanks for working on this. Before going deep into implementation details, I would like to raise a concern, do we have plans to support discovery of multiple resources?

With current configuration it doesn't seem to be possible. There is no way to declare multiple providers of the same kind as in Beats, and resource supports a single kind of resource.

providers.kubernetes:
  resource: pod
  scope: cluster
  kube_config: /Users/chrismark/.kube/config

I would see two options for that, one would be to make resource a list, and then make one provider to be able to discover multiple kinds of resources. But then for each kind of resource we may need be able to define different scopes or even configs.
The other option would be to have different providers, one for each kind of resource, so we would have providers such as kubernetes_pod and kubernetes_node, kubernetes_service and so on... then we would be able to have one provider for each kind of resource. But this may be confusing when using common kubernetes fields as the namespace in the config (should it be kubernetes_pod.namespace and kubernetes_service.namespace, or kubernetes.namespace for both providers?).

Of course, with current implementation there is also the option of running multiple agents, one for each kind of resource, but this may be a bit overkill and cumbersome for users.

[ChrsMark]

That's a fair point @jsoriano , thanks for bringing this up! Especially now that same Agent will run collectors for logs+metrics+uptime at the same time, using the same config, we should be able to provide such flexibility to our users.

I think that splitting into different providers per k8s resource would make sense but fields should be reported under the same namespace like kubernetes.*. Maybe this is doable by setting the target to kubernetes at

beats/x-pack/elastic-agent/pkg/composable/providers/kubernetes/kubernetes.go

Line 164 in eb758b9

"target": "kubernetes",

. But in dynamic variables resolution we would need to refer to each namespace explicitly , ie ${kubernetes_service.service.name} == 'kube-controller-manager', which I'm not if is something we would like.

Other way to tackle this is to enable support for defining k8s provider multiple times but this most probably should happen on controller provider's layer.

@exekias any thoughts on this?

[exekias]

Should this logger be namespaced? I also see logger widely used in agent, not sure if there is any preference here

[exekias]

I'm wondering about use cases for resource specific settings, do you have anyone in mind?

[ChrsMark]

Now that I'm thinking of it again, maybe it is over-engineering to provide this option at the moment since the base config shared for all the resources should cover the cases. Flexibility for different accesses per resource or variant settings options would be nice to think of but we can and see if users actually need them. So, I will change it and move to single config for all of the resources.

[exekias]

It's interesting that you can override almost all settings per resource, but not scope

[ChrsMark]

See #26801 (comment).

[exekias]

what if the user only overrides resources.pod.namespace? Does that mean that the rest of settings will be empty?

[ChrsMark]

See #26801 (comment)

[exekias]

Can this happen taking the previous line into account?

[ChrsMark]

Good catch

[exekias]

In theory emitRunning should be enough here, right? This will AddOrUpdate

[exekias]

A explanatory comment here would help

[exekias]

Should we be dedotting these?

[ChrsMark]

I was thinking about adding this when we will deal with metadata in general, but it's ok to add it now. Adding.

[exekias]

Same for labels, should we dedot?

[ChrsMark]

Same as above!

[exekias]

Why using a channel for this? What would you think about emitting directly from the function?

[ChrsMark]

Channel usage helps to isolate the generator function so as to be possible to be tested with unit tests, following a yield-like approach.

[exekias]

understood, you could also build a mocked emitter passed as a parameter to retrieve the results in the tests, right?

[ChrsMark]

Ah, good idea. Something like 6f39378?

[ChrsMark]

Comments addressed and tested locally following the updated scenarios listed in the PR's description.

[jsoriano]

This is looking good. Added a question about the future of dedotting and the possibility of using flattened type instead.

Also I think we still need to polish some use cases that we recently polished in Beats, as discovery of short-living pods, crashing containers, ephemeral containers and so on, but this can be done as follow ups. elastic/e2e-testing#1090 will help to validate these use cases 😇

[jsoriano]

@exekias @ChrsMark wdyt about start using the flattened type in Agent instead of dedotting? There are still some trade-offs but they should be eventually addressed. Hopefully flattened is the future for this kind of fields.
More context here: https://github.com/elastic/obs-dc-team/issues/461

[ChrsMark]

I'm not completely aware of pros/cons but with a quick view flattened type looks better than dedoting to me, and sounds like a good idea regarding timing to do this change now.

[exekias]

taking this into account I'm inclined to leave dedotting out of this PR and investigate the experience when using flattened for these fields, any thoughts? Also, in case we end up introducing it, I would like to be opinionated here, and avoid adding any config parameter for it.

I'm particularly concerned about doing things like grouping some metric by a label, which is a valid use. I'm less concerned about annotations...

[ChrsMark]

I'm +1 in leaving this out for now and open a follow-up issue to work on for dedotting/flattening

[jsoriano]

We may be hitting this issue #20543, not sure how we can do something now depending on the kind of data we are collecting.

[ChrsMark]

Yeap, the provider is not really aware of the inputs right now, but maybe it could be handled better in the future if we introduce a "smart" controller which enables providers according to the inputs.

[jsoriano]

TODO: add support for ephemeral containers.

[ChrsMark]

This is looking good. Added a question about the future of dedotting and the possibility of using flattened type instead.

Also I think we still need to polish some use cases that we recently polished in Beats, as discovery of short-living pods, crashing containers, ephemeral containers and so on, but this can be done as follow ups. elastic/e2e-testing#1090 will help to validate these use cases 😇

Thanks! Testing should be improved for sure and in a more complete/e2e approach. We have in our backlog elastic/e2e-testing#1090 which can cover this need I think, and I'm thinking that this could be better to be implemented after we have a more complete codebase including metadata handling too.

[ChrsMark]

@exekias @jsoriano I removed dedoting settings for now so as to better evaluate the possible usage of flattened in a separate issue. I will create follow-up issues for all the TODOs added in this PR.

Let me know if there is anything else missing :).

[jsoriano]

I think this can be merged, and we can iterate on details and specific use cases in future PRs.

[blakerouse]

Looks good, thanks for all the fixes and changes!