filter_kubernetes: add option kube_token_ttl (fluent#4352) (fluent#4487)

novegit · web-flow · commit 110bce8ee869 · 2022-05-23T14:02:25.000-07:00
* filter_kubernetes: add option kube_token_ttl

The option sets the re-read frequency of the token for the
defauld method and for option Kube_Token_Command. Default is 600
seconds.

Signed-off-by: Michael Voelker &lt;novecento@gmx.de&gt;

* filter_kubernetes: set kube_token_ttl default to 600s

Signed-off-by: Michael Voelker &lt;novecento@gmx.de&gt;

* filter_kubernetes: use FLB_CONFIG_MAP_TIME for kube_token_ttl config

Signed-off-by: Michael Voelker &lt;novecento@gmx.de&gt;
diff --git a/plugins/filter_kubernetes/kube_conf.h b/plugins/filter_kubernetes/kube_conf.h
@@ -82,6 +82,7 @@ struct flb_kube {
     int dummy_meta;
     int tls_debug;
     int tls_verify;
+    int kube_token_ttl;
     flb_sds_t meta_preload_cache_dir;
 
     /* Configuration proposed through Annotations (boolean) */
diff --git a/plugins/filter_kubernetes/kube_meta.c b/plugins/filter_kubernetes/kube_meta.c
@@ -45,7 +45,6 @@
 #define FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY_LEN \
     (sizeof(FLB_KUBE_META_INIT_CONTAINER_STATUSES_KEY) - 1)
 #define FLB_KUBE_TOKEN_BUF_SIZE 8192       /* 8KB */
-#define FLB_KUBE_TOKEN_TTL 600             /* 10 minutes */
 
 static int file_to_buffer(const char *path,
                           char **out_buf, size_t *out_size)
@@ -161,17 +160,15 @@ static int get_http_auth_header(struct flb_kube *ctx)
         if (ret == -1) {
             flb_plg_warn(ctx->ins, "failed to run command %s", ctx->kube_token_command);
         }
-        ctx->kube_token_create = time(NULL);
-    } 
+    }
     else {
         ret = file_to_buffer(ctx->token_file, &tk, &tk_size);
         if (ret == -1) {
             flb_plg_warn(ctx->ins, "cannot open %s", FLB_KUBE_TOKEN);
         }
-        /* Token from token file will not expire */
-        /* Set the creation time to 0 to aviod refresh */
-        ctx->kube_token_create = 0;
+        flb_plg_info(ctx->ins, " token updated", FLB_KUBE_TOKEN);
     }
+    ctx->kube_token_create = time(NULL);
 
     /* Token */
     if (ctx->token != NULL) {
@@ -210,19 +207,17 @@ static int refresh_token_if_needed(struct flb_kube *ctx)
     int expired = 0;
     int ret;
 
-    if (ctx->kube_token_command != NULL) {
-        if (ctx->kube_token_create > 0) {
-            if (time(NULL) > ctx->kube_token_create + FLB_KUBE_TOKEN_TTL) {
-                expired = FLB_TRUE;
-            }
+    if (ctx->kube_token_create > 0) {
+        if (time(NULL) > ctx->kube_token_create + ctx->kube_token_ttl) {
+            expired = FLB_TRUE;
         }
-        
-        if (expired || ctx->kube_token_create == 0) {
-            ret = get_http_auth_header(ctx);
-            if (ret == -1) {
-                flb_plg_warn(ctx->ins, "failed to set http auth header");
-                return -1;
-            }
+    }
+
+    if (expired || ctx->kube_token_create == 0) {
+        ret = get_http_auth_header(ctx);
+        if (ret == -1) {
+            flb_plg_warn(ctx->ins, "failed to set http auth header");
+            return -1;
         }
     }
 
diff --git a/plugins/filter_kubernetes/kubernetes.c b/plugins/filter_kubernetes/kubernetes.c
@@ -854,6 +854,11 @@ static struct flb_config_map config_map[] = {
      0, FLB_TRUE, offsetof(struct flb_kube, kubelet_port),
      "kubelet port to connect with when using kubelet"
     },
+    {
+     FLB_CONFIG_MAP_TIME, "kube_token_ttl", "10m",
+     0, FLB_TRUE, offsetof(struct flb_kube, kube_token_ttl),
+     "kubernetes token ttl, until it is reread from the token file. Default: 10m"
+    },
     /*
      * Set TTL for K8s cached metadata 
      */
