add k8s object receiver #588
Conversation
omrozowicz-splunk
changed the title
|
Do you have any guidance and examples on the differences in reported telemetry between the two receivers? Presumably this is going to affect any user systems that depend on the events receiver. |
helm-charts/splunk-otel-collector/templates/config/_otel-k8s-cluster-receiver-config.tpl
Outdated
Show resolved
Hide resolved
k8sobject stores payload into the log body, but k8s_events only stores event.Message field as body and only adds following fields as resource/attribue
k8s_event payload k8sobjects payload |
This needs to be well documented in https://github.com/signalfx/splunk-otel-collector-chart/blob/main/UPGRADING.md |
|
One more thing, now sourcetype of events generated by k8sobjectsreceiver is |
Sorry, I'm not an expert when it comes to Splunk Platform specific fields. What are the expected values for And how do you want to achieve that? I think we can use the transform processor to compose sourcetype from event payload |
The source type is one of the default fields that the Splunk platform assigns to all incoming data. It tells the platform what kind of data you have, so that it can format the data intelligently during indexing. Source types also let you categorize your data for easier searching. In SCK, we are also following
K8sobjects adds the resource name as an There was a bug in k8sobject receiver. |
|
@harshit-splunk thanks for explaining
Sounds good to me. Do we have to stick with what was adopted in SCK? Using
Let's better use transform processor since that is what will be the standard in OTel collector going forward |
Agrred, but we are already using
Okay, makes sense. |
I've added setting sourcetype using transform processor, and it looks correct: But we have two dependencies here, first one is Another thing is that in transform processor was a syntax change between |
Ok let's keep
Reviewing it
It's just a configuration option, right? We will just need to update here it with the upgrade to 0.66. Please add a note comment |
omrozowicz-splunk
changed the title
Done |
UPGRADING.md
Outdated
| ## 0.64.0 to 0.66.0 | ||
| Before this change, [k8s events receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/k8seventsreceiver) was used to collect Kubernetes Events. | ||
| Now we utilize [k8s objects receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/k8sobjectsreceiver) that can pull or watch any object from Kubernetes API server. | ||
| Therefore, `clusterReceiver.eventsEnabled` is now deprecated, and to maintain the same behavior you should set |
There was a problem hiding this comment.
https://stackoverflow.com/a/9208164
It appears these changes remove clusterReceiver.eventsEnabled functionality in total, making it obsolete. Is this correct?
There was a problem hiding this comment.
Yes, right, k8s object receiver is not providing exactly the same functionality as k8s events receiver. Updated.
There was a problem hiding this comment.
So #588 (comment) could also be expanded so that we provide an actual deprecation path by using the objects receiver w/ just the watched events for this value instead of obsoleting in one pass. The warning check also needs to be updated with a description of the behavior.
imo users should never have their config become "broken" during an upgrade and we should provide at least a release of warnings and ideally remediation logic in helpers (cc @dmitryax)
There was a problem hiding this comment.
Ok, so I updated it in the way that when eventsEnabled is set to true we return warning message and event objects are watched, so behaviour is similar (but not the same, as previous event formatting was different, and the sourcetype was kube:events and now it is kube:object<resource_id>. It is described in details in the upgrading doc.
omrozowicz-splunk
requested review from
rmfitzpatrick and
dmitryax
and removed request for
rmfitzpatrick and
dmitryax
test/.pytest.expect
Outdated
| @@ -0,0 +1,3 @@ | |||
| pytest-expect file v1 | |||
There was a problem hiding this comment.
This expect fail is here because of open-telemetry/opentelemetry-collector-contrib#16543 which is not yet merged
There was a problem hiding this comment.
Is this PR functional to be merged with the current sourcetype? If so, can we add test_k8s_objects_sourcetype later instead?
There was a problem hiding this comment.
Currently sourcetypes render correctly except watch case. So the only test case which is failing now is the one checking
- name: events
mode: watch
Yes, we can add it later. I deleted pytest expect and ("sourcetype", "kube:object:event", 1), from test_k8s_objects_sourcetype
Looking at this more, as a user I would find this migration less than desirable and potentially fully breaking. The k8sobjects receiver could benefit from following the otel semantic conventions and maybe contribute new ones: https://github.com/open-telemetry/opentelemetry-specification/blob/main/semantic_conventions/resource/k8s.yaml. Given the substance of the changes could it make sense to not alter the events receiver usage at all but have an opt-in for the new objects receiver? |
aryznar-splunk
requested review from
rmfitzpatrick,
hvaghani221 and
dmitryax
We can leave it with opt-in for now, but I believe we eventually need to deprecate the k8sevents receiver in favor of the k8sobjects receiver. The reason is that I don't think we should parse all the k8s event fields and compose attributes from it that can go with unnecessary high cardinality. Sending events in the format defined by the emitting system actually fits better the new events API that is currently being defined in the OTel spec. We will work on raising an issue about that for discussion in contrib with @harshit-splunk |
helm-charts/splunk-otel-collector/templates/config/_otel-k8s-cluster-receiver-config.tpl
Outdated
Show resolved
Hide resolved
omrozowicz-splunk
force-pushed
the
add-k8sobjectreceiver
branch
from
7db0bad
to
c06fb8d
Compare
… prefixed with events, add the default configuration of objects to pull and watch for k8s objects receiver, update UPGRADING.md, add functional test for k8sobjects
… delete unnecessary drop_event_attrs, fix if condition for metrics cluster receiver config, add a TODO comment about transform processor, update UPGRADING.md, bring back events receiver, change toJson to toYaml and generate a new manifest run
omrozowicz-splunk
force-pushed
the
add-k8sobjectreceiver
branch
from
c06fb8d
to
10e213f
Compare
omrozowicz-splunk
requested review from
dmitryax
and removed request for
hvaghani221
helm-charts/splunk-otel-collector/templates/deployment-cluster-receiver.yaml
Outdated
Show resolved
Hide resolved
| @@ -231,7 +247,7 @@ service: | |||
| {{- end }} | |||
| {{- end }} | |||
|
|
|||
| {{- if and $clusterReceiver.eventsEnabled (eq (include "splunk-otel-collector.logsEnabled" .) "true") }} | |||
| {{- if and $clusterReceiver.eventsEnabled (eq (include "splunk-otel-collector.logsEnabled" .) "true") }} | |||
There was a problem hiding this comment.
nit, no change needed
Co-authored-by: Dmitrii Anoshin <anoshindx@gmail.com>
…-splunk/splunk-otel-collector-chart into add-k8sobjectreceiver
Replacing
k8seventsreceiverwithk8objectsreceiver.As using k8s objects receiver requires creating new rules in
clusterRole.yaml, the PR containssplunk-otel-collector.clusterRole.ruleswhich is the template function that aggregates and renders all the apiGroups rules with "get", "list", "watch" verbs, so there is no duplications.It requires splunk-otel-collector with signalfx/splunk-otel-collector#2270 to be released.
There are slight indent differences in rendered templates because previously it was not entirely consistent (sometimes with whitespaces after apiGroups, sometimes not). With the change from thsi PR it's handled by the function:
Also,
eventsEnabledname was changed toobjectsEnabledso the name reflects better what actually we pull.