Add namespace labels to kubernetes metadata #13873
Comments
odacremolbap
added
containers
|
Thank you for opening @jeffspahr! I think we should do this! This should cover:
Labels must be "dedotted" as we do with Pod labels. We currently report Perhaps doing this for now and do the breaking change in 8.0 would do: |
exekias
changed the title
|
Forgot about annotations. I think they should work in the same way as for Pods. Users can decide to include them as an opt-in thing, through the |
ChrsMark
added
[zube]: In Progress
in progress
|
A first implementation for this can be found on #13921. Currently the namespaces' labels are being detoted using the |
|
#14044 should open the door for easily implement this |
As operators of a multi tenant Kubernetes cluster and operators of the Elastic Stack we want to be able to drop logs by namespace when log rates exceed a certain number. We'd like to control this by adding labels to a namespace and including the drop logic in logstash.
Our logs flow like this:
Filebeat -> Kafka -> Logstash -> Elasticsearch
The pod's metadata is added to each log, but it would be nice to also include the namespace's metadata (namespace labels in particular).
Downsides to applying the label directly to pods:
We would be touching workloads we may not own. The application owner owns their deployments, replicasets, and pods.
Pods can be frequently redeployed which would clear out the label.
Pros to apply the label to the namespace:
It's easier to label an entire namespace instead of chasing individual noisy pods.
Kubernetes resource quotas are scoped to a namespace. It makes sense to follow the same pattern for logging quotas too.
References:
https://www.elastic.co/guide/en/beats/filebeat/master/add-kubernetes-metadata.html
https://www.elastic.co/guide/en/beats/filebeat/master/exported-fields-kubernetes-processor.html
https://discuss.elastic.co/t/filebeat-kubernetes-metadata-add-namespace-labels-to-kubernetes-metadata/201715
The text was updated successfully, but these errors were encountered: