Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes Source: Add namespace annotations to event metadata #21428

Open
jszwedko opened this issue Oct 4, 2024 Discussed in #21409 · 1 comment
Open

Kubernetes Source: Add namespace annotations to event metadata #21428

jszwedko opened this issue Oct 4, 2024 Discussed in #21409 · 1 comment
Labels
source: kubernetes_logs Anything `kubernetes_logs` source related type: feature A value-adding code addition that introduce new functionality.

Comments

@jszwedko
Copy link
Member

jszwedko commented Oct 4, 2024

Discussed in #21409

Originally posted by matt-simons October 3, 2024
https://vector.dev/docs/reference/configuration/sources/kubernetes_logs/#namespace_annotation_fields

TLDR: please add namespace_annotation_fields.namespace_annotations because labels are restricted to 63 characters which makes it hard to store much data for VRL transformations for example.

We currently give users of our platform a lot of flexibility to configure their observability pipelines via namespace labels however we need to add a new label for every bit of config and in VRL individually parse and handle each one which is a bit onerous.

We would like to move from this

labels:
  splunk.mycompany/forwarding: enabled 
  splunk.mycompany/index: customer-dev-index
  splunk.mycompany/source: platform
  splunk.mycompany/sourcetype: _json
  scalyr.mycompany/forwarding: enabled
  scalyr.mycompany/token: <base64-encoded-token>
  format.mycompany/my-container-name: keyvalue3

to this

annotations:
  logging.mycompany/config: |
    {
      "transforms": {
        "my-container-name": {
          "format": "keyvalue3",
          "remove_fields": ["message"],
          "timestamp": {
            "field": "timestamp",
            "format": "%+"
          },
      },
      "sinks": {
        "splunk_uk_dc": {
          "index": "my-index-dev",
          "source": "platform,
          "sourcetype": "_json"
        },
        "scalyr": {
          "token": "dG9rZW4="
        }
      }
    }

So we can simply parse the whole config one time. It also makes it more extensible in the future.

We could do this today for pod annotations as they are added to the event metadata however we typically keep the application Deployments the same across environments and depending where it is deployed (e.g. in a performance testing namespace, prod namespace, dev namespace) we want different log forward configurations. Namespace annotations would be greatly preferred if possible.

Thanks for considering, I hope this is an easy change to implement, I would love to contribute however I don't know Rust unfortunately. 😅

@jszwedko jszwedko added type: feature A value-adding code addition that introduce new functionality. source: kubernetes_logs Anything `kubernetes_logs` source related labels Oct 4, 2024
@jszwedko
Copy link
Member Author

jszwedko commented Oct 4, 2024

I converted this to a feature request. Thanks for opening it @matt-simons!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
source: kubernetes_logs Anything `kubernetes_logs` source related type: feature A value-adding code addition that introduce new functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jszwedko