Skip to content

Minor updates for best practices/linting/security #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 21, 2023
Merged

Minor updates for best practices/linting/security #24

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 20 additions & 14 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

<img src="https://raw.githubusercontent.com/max-rocket-internet/k8s-event-logger/master/img/k8s-logo.png" width="100">

This tool simply watches Kubernetes Events and logs them to stdout in JSON to be collected and stored by your logging solution, e.g. [fluentd](https://github.com/fluent/fluentd-kubernetes-daemonset) or [fluent-bit](https://fluentbit.io/). Other tools exist for persisting Kubernetes Events, such as Sysdig, Datadog or Google's [event-exporter](https://github.com/GoogleCloudPlatform/k8s-stackdriver/tree/master/event-exporter) but this tool is open and will work with any logging solution.
This tool simply watches Kubernetes Events and logs them to stdout in JSON to be collected and stored by your logging solution, e.g. [fluentd](https://github.com/fluent/fluentd-kubernetes-daemonset), [fluent-bit](https://fluentbit.io/), [Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-kubernetes.html), or [Promtail](https://grafana.com/docs/loki/latest/clients/promtail/). Other tools exist for persisting Kubernetes Events, such as Sysdig, Datadog, or Google's [event-exporter](https://github.com/GoogleCloudPlatform/k8s-stackdriver/tree/master/event-exporter) but this tool is open and will work with any logging solution.

### Why?
## Why?

Events in Kubernetes log very important information. If are trying to understand what happened in the past then these events show clearly what your Kubernetes cluster was thinking and doing. Some examples:

Expand All @@ -17,7 +17,7 @@ The problem is that these events are simply API objects in Kubernetes and are on

Example of events:

```
```text
39m Normal UpdatedLoadBalancer Service Updated load balancer with new hosts
40m Normal SuccessfulDelete DaemonSet Deleted pod: ingress02-nginx-ingress-controller-vqqjp
41m Normal ScaleDown Node node removed by cluster autoscaler
Expand All @@ -30,40 +30,46 @@ Example of events:
58m Normal CREATE ConfigMap ConfigMap default/ingress02-nginx-ingress-controller
```

### Installation
## Installation

Use the [Helm](https://helm.sh/) chart from this repo:

```
```sh
helm install chart/
```

Or use the chart from [deliveryhero/helm-charts/stable/k8s-event-logger](https://github.com/deliveryhero/helm-charts/tree/master/stable/k8s-event-logger):

```
```sh
helm repo add deliveryhero https://charts.deliveryhero.io/
helm install deliveryhero/k8s-event-logger
```

Or use the docker image [maxrocketinternet/k8s-event-logger](https://hub.docker.com/r/maxrocketinternet/k8s-event-logger)
Or use the pre-built image [maxrocketinternet/k8s-event-logger][pre-built image]

#### Building a container image
### Building a container image

If you're unable to use the [prebuilt][image] docker image, you can build it yourself:
If you're unable to use the [pre-built image], you can build it yourself:

```sh
make IMG=maxrocketinternet/k8s-event-logger TAG=latest
make all IMG=<your-container-registry>/k8s-event-logger TAG=latest
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does the the full multi-arch setup, too. (the "all" target, that is). I found it easier to test with that and then a make clean afterwards, but feel free to reject this for the simpler make image.

```

This uses `docker buildx` to create a [multi-platform image][]. To set up your build host system to be able to build these images, see [this guide][qemu-binfmt].
This uses `docker buildx` to create a [multi-platform image]. To set up your build host system to be able to build these images, see [this guide][multi-platform image] or `make all` and review the Makefile for what it does.

[multi-platform image]: https://docs.docker.com/build/building/multi-platform/
[qemu-binfmt]: https://docs.nvidia.com/datacenter/cloud-native/playground/x-arch.html
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dead link

[pre-built image]: https://hub.docker.com/r/maxrocketinternet/k8s-event-logger

### Testing
Or to just build locally for testing without multi-arch support (but also doesn't require a registry):

```sh
docker build --tag localhost/k8s-event-logger .
```

## Testing

Run it:

```
```sh
go run main.go
```
6 changes: 3 additions & 3 deletions chart/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
appVersion: "1.8"
version: "1.1.3"
appVersion: "1.9"
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's go for 2.0 since this is the largest update this project has had since being created 🙂

Suggested change
appVersion: "1.9"
appVersion: "2.0"

version: "1.2.0"
description: A tool to log k8s events to stdout in JSON
home: https://github.com/max-rocket-internet/k8s-event-logger
name: k8s-event-logger
Expand All @@ -14,6 +14,6 @@ icon: https://github.com/kubernetes/kubernetes/raw/master/logo/logo.png
keywords:
- events
- logging
- Auditing
- auditing
sources:
- https://github.com/max-rocket-internet/k8s-event-logger
18 changes: 9 additions & 9 deletions chart/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# k8s-event-logger

This chart runs a pod that simply watches Kubernetes Events and logs them to stdout in JSON to be collected and stored by your logging solution, e.g. [fluentd](https://github.com/helm/charts/tree/master/stable/fluentd) or [fluent-bit](https://github.com/helm/charts/tree/master/stable/fluent-bit).
This chart runs a pod that simply watches Kubernetes Events and logs them to stdout in JSON to be collected and stored by your logging solution, e.g. [fluentd](https://github.com/fluent/fluentd-kubernetes-daemonset), [fluent-bit](https://fluentbit.io/), [Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-kubernetes.html), or [Promtail](https://grafana.com/docs/loki/latest/clients/promtail/). Other tools exist for persisting Kubernetes Events, such as Sysdig, Datadog, or Google's [event-exporter](https://github.com/GoogleCloudPlatform/k8s-stackdriver/tree/master/event-exporter) but this tool is open and will work with any logging solution.

https://github.com/max-rocket-internet/k8s-event-logger
[Source code](https://github.com/max-rocket-internet/k8s-event-logger)

Events in Kubernetes log very important information. If are trying to understand what happened in the past then these events show clearly what your Kubernetes cluster was thinking and doing. Some examples:

Expand All @@ -15,22 +15,22 @@ The problem is that these events are simply API objects in Kubernetes and are on

## Prerequisites

- Kubernetes 1.8+
- Kubernetes 1.23+

## Installing the Chart

To install the chart with the release name `my-release` and default configuration:

```shell
$ helm install --name my-release stable/k8s-event-logger
```sh
helm install --name my-release stable/k8s-event-logger
```

## Uninstalling the Chart

To delete the chart:

```shell
$ helm delete my-release
```sh
helm delete my-release
```

## Configuration
Expand All @@ -56,6 +56,6 @@ The following table lists the configurable parameters for this chart and their d

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters:

```shell
$ helm install --name my-release stable/k8s-event-logger --values values.yaml
```sh
helm install --name my-release stable/k8s-event-logger --values values.yaml
```
8 changes: 8 additions & 0 deletions chart/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,14 @@ spec:
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 10001
runAsGroup: 10001
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also made these changes to the hosted chart: deliveryhero/helm-charts#490

env:
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
Expand Down
22 changes: 10 additions & 12 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,15 @@
module github.com/max-rocket-internet/k8s-event-logger

go 1.18
go 1.20

require (
k8s.io/api v0.24.1
k8s.io/apimachinery v0.24.1
k8s.io/client-go v0.24.1
k8s.io/api v0.24.15
k8s.io/apimachinery v0.24.15
k8s.io/client-go v0.24.15
Comment on lines +6 to +8
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Up to k8s 1.27 now, versions are only +/- 1 compatible, or in some circumstances +/- 2. So this probably needs to be bumped at some point in the near future.

)

require (
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful v2.15.0+incompatible // indirect
github.com/emicklei/go-restful/v3 v3.8.0 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
Expand All @@ -31,21 +28,22 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/net v0.0.0-20220607020251-c690dde0001d // indirect
golang.org/x/net v0.8.0 // indirect
golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb // indirect
golang.org/x/sys v0.0.0-20220608164250-635b8c9b7f68 // indirect
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/sys v0.6.0 // indirect
golang.org/x/term v0.6.0 // indirect
golang.org/x/text v0.8.0 // indirect
golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.28.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.60.1 // indirect
k8s.io/kube-openapi v0.0.0-20220603121420-31174f50af60 // indirect
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
sigs.k8s.io/json v0.0.0-20220525155127-227cbc7cc124 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)
Loading