Add Google Cloud Platform support #13598
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kvch
added
in progress
houndci-bot
reviewed
Sep 11, 2019
houndci-bot
reviewed
Sep 11, 2019
houndci-bot
reviewed
Sep 11, 2019
houndci-bot
reviewed
Sep 11, 2019
kvch
force-pushed
the
feature-functionbeat-gcp
branch
from
a95f01f
to
731ab3c
Compare
kvch
force-pushed
the
feature-functionbeat-gcp
branch
from
7d23cb9
to
7b7ce7a
Compare
kvch
force-pushed
the
feature-functionbeat-gcp
branch
from
a852fec
to
3a052b4
Compare
|
Until go modules is fully supported in beats, Functionbeat on GCP are using vendoring. I have applied the required patches, it should not change the code a lot. Packaging still needs some adjustments to include vendor in the folder |
kvch
force-pushed
the
feature-functionbeat-gcp
branch
from
bc3d378
to
70619c9
Compare
houndci-bot
reviewed
Jan 6, 2020
kvch
force-pushed
the
feature-functionbeat-gcp
branch
from
562062c
to
486914f
Compare
kvch
added
[zube]: In Review
and removed
[zube]: Blocked
in progress
kvch
added
needs_backport
I think one can also use |
urso
reviewed
Jan 6, 2020
urso
reviewed
Jan 6, 2020
urso
reviewed
Jan 6, 2020
urso
reviewed
Jan 6, 2020
urso
reviewed
Jan 6, 2020
kvch
force-pushed
the
feature-functionbeat-gcp
branch
from
d5cb053
to
0872410
Compare
Only compile with TLS1.3 support for go1.13 or newer is used. If an older go version is used we stick with TLS1.2 max. The change also introduces TLSVersionMin/Max and TLSVersionDefaultMin/Max constants, so to keep the tests intact.
houndci-bot
reviewed
Jan 14, 2020
| import "crypto/tls" | ||
|
|
||
| const ( | ||
| TLSVersionSSL30 TLSVersion = tls.VersionSSL30 |
There was a problem hiding this comment.
exported const TLSVersionSSL30 should have comment (or a comment on this block) or be unexported
houndci-bot
reviewed
Jan 14, 2020
| import "crypto/tls" | ||
|
|
||
| const ( | ||
| TLSVersionSSL30 TLSVersion = tls.VersionSSL30 |
There was a problem hiding this comment.
exported const TLSVersionSSL30 should have comment (or a comment on this block) or be unexported
houndci-bot
reviewed
Jan 14, 2020
| import "crypto/tls" | ||
|
|
||
| const ( | ||
| TLSVersionSSL30 TLSVersion = tls.VersionSSL30 |
There was a problem hiding this comment.
exported const TLSVersionSSL30 should have comment (or a comment on this block) or be unexported
urso
approved these changes
Jan 14, 2020
|
Failing tests are unrelated. |
kvch
added a commit
to kvch/beats
that referenced
this pull request
Jan 14, 2020
This PR introduces the support for Google Cloud Platform to Functionbeat. This branch is located in the `elastic/beats` repository, so anyone on our team has access to it. To use the API to deploy, remove and update functions, users need to set the environment variable `GOOGLE_APPLICATION_CREDENTIALS`. This variable should point to a JSON file which contains all the relevant information for Google to authenticate. (About authentication for GCP libs: https://cloud.google.com/docs/authentication/getting-started) * Cloud Functions Developer * Cloud Functions Service Agent * Service Account User * Storage Admin * Storage Object Admin Note: Cloud Functions Developer role is in beta. We should not make GCP support GA, until it becomes stable. ```yaml functionbeat.provider.gcp.location_id: "europe-west1" functionbeat.provider.gcp.project_id: "my-project-123456" functionbeat.provider.gcp.storage_name: "functionbeat-deploy" functionbeat.provider.gcp.functions: ``` Function templates can be exported into YAML. With this YAML configuration, users can deploy the function using the [Google Cloud Deployment Manager](https://cloud.google.com/deployment-manager/). A function under the folder `pkg/pubsub` is available to get events from Google Pub/Sub. ```yaml # Define the list of function availables, each function required to have a unique name. # Create a function that accepts events coming from Google Pub/Sub. - name: pubsub enabled: false type: pubsub # Description of the method to help identify them when you run multiples functions. description: "Google Cloud Function for Pub/Sub" # The maximum memory allocated for this function, the configured size must be a factor of 64. # Default is 256MiB. #memory_size: 256MiB # Execution timeout in seconds. If the function does not finish in time, # it is considered failed and terminated. Default is 60s. #timeout: 60s # Email of the service account of the function. Defaults to {projectid}@appspot.gserviceaccount.com #service_account_email: {projectid}@appspot.gserviceaccount.com # Labels of the function. #labels: # mylabel: label # VPC Connector this function can connect to. # Format: projects/*/locations/*/connectors/* or fully-qualified URI #vpc_connector: "" # Number of maximum instances running at the same time. Default is unlimited. #maximum_instances: 0 trigger: event_type: "providers/cloud.pubsub/eventTypes/topic.publish" resource: "projects/_/pubsub/myPubSub" #service: "pubsub.googleapis.com" # Optional fields that you can specify to add additional information to the # output. Fields can be scalar values, arrays, dictionaries, or any nested # combination of these. #fields: # env: staging # Define custom processors for this function. #processors: # - dissect: # tokenizer: "%{key1} %{key2}" ``` A function under the folder pkg/storage is available to get events from Google Cloud Storage. ```yaml # Create a function that accepts events coming from Google Cloud Storage. - name: storage enabled: false type: storage # Description of the method to help identify them when you run multiples functions. description: "Google Cloud Function for Cloud Storage" # The maximum memory allocated for this function, the configured size must be a factor of 64. # Default is 256MiB. #memory_size: 256MiB # Execution timeout in seconds. If the function does not finish in time, # it is considered failed and terminated. Default is 60s. #timeout: 60s # Email of the service account of the function. Defaults to {projectid}@appspot.gserviceaccount.com #service_account_email: {projectid}@appspot.gserviceaccount.com # Labels of the function. #labels: # mylabel: label # VPC Connector this function can connect to. # Format: projects/*/locations/*/connectors/* or fully-qualified URI #vpc_connector: "" # Number of maximum instances running at the same time. Default is unlimited. #maximum_instances: 0 # Optional fields that you can specify to add additional information to the # output. Fields can be scalar values, arrays, dictionaries, or any nested # combination of these. #fields: # env: staging # Define custom processors for this function. #processors: # - dissect: # tokenizer: "%{key1} %{key2}" ``` * `cloud.google.com/go/functions/metadata` * `cloud.google.com/go/storage` (cherry picked from commit e8e18d0)
kvch
added
v7.6.0
and removed
needs_backport
kvch
added a commit
that referenced
this pull request
Jan 14, 2020
* Add Google Cloud Platform support (#13598) This PR introduces the support for Google Cloud Platform to Functionbeat. This branch is located in the `elastic/beats` repository, so anyone on our team has access to it. To use the API to deploy, remove and update functions, users need to set the environment variable `GOOGLE_APPLICATION_CREDENTIALS`. This variable should point to a JSON file which contains all the relevant information for Google to authenticate. (About authentication for GCP libs: https://cloud.google.com/docs/authentication/getting-started) * Cloud Functions Developer * Cloud Functions Service Agent * Service Account User * Storage Admin * Storage Object Admin Note: Cloud Functions Developer role is in beta. We should not make GCP support GA, until it becomes stable. ```yaml functionbeat.provider.gcp.location_id: "europe-west1" functionbeat.provider.gcp.project_id: "my-project-123456" functionbeat.provider.gcp.storage_name: "functionbeat-deploy" functionbeat.provider.gcp.functions: ``` Function templates can be exported into YAML. With this YAML configuration, users can deploy the function using the [Google Cloud Deployment Manager](https://cloud.google.com/deployment-manager/). A function under the folder `pkg/pubsub` is available to get events from Google Pub/Sub. ```yaml # Define the list of function availables, each function required to have a unique name. # Create a function that accepts events coming from Google Pub/Sub. - name: pubsub enabled: false type: pubsub # Description of the method to help identify them when you run multiples functions. description: "Google Cloud Function for Pub/Sub" # The maximum memory allocated for this function, the configured size must be a factor of 64. # Default is 256MiB. #memory_size: 256MiB # Execution timeout in seconds. If the function does not finish in time, # it is considered failed and terminated. Default is 60s. #timeout: 60s # Email of the service account of the function. Defaults to {projectid}@appspot.gserviceaccount.com #service_account_email: {projectid}@appspot.gserviceaccount.com # Labels of the function. #labels: # mylabel: label # VPC Connector this function can connect to. # Format: projects/*/locations/*/connectors/* or fully-qualified URI #vpc_connector: "" # Number of maximum instances running at the same time. Default is unlimited. #maximum_instances: 0 trigger: event_type: "providers/cloud.pubsub/eventTypes/topic.publish" resource: "projects/_/pubsub/myPubSub" #service: "pubsub.googleapis.com" # Optional fields that you can specify to add additional information to the # output. Fields can be scalar values, arrays, dictionaries, or any nested # combination of these. #fields: # env: staging # Define custom processors for this function. #processors: # - dissect: # tokenizer: "%{key1} %{key2}" ``` A function under the folder pkg/storage is available to get events from Google Cloud Storage. ```yaml # Create a function that accepts events coming from Google Cloud Storage. - name: storage enabled: false type: storage # Description of the method to help identify them when you run multiples functions. description: "Google Cloud Function for Cloud Storage" # The maximum memory allocated for this function, the configured size must be a factor of 64. # Default is 256MiB. #memory_size: 256MiB # Execution timeout in seconds. If the function does not finish in time, # it is considered failed and terminated. Default is 60s. #timeout: 60s # Email of the service account of the function. Defaults to {projectid}@appspot.gserviceaccount.com #service_account_email: {projectid}@appspot.gserviceaccount.com # Labels of the function. #labels: # mylabel: label # VPC Connector this function can connect to. # Format: projects/*/locations/*/connectors/* or fully-qualified URI #vpc_connector: "" # Number of maximum instances running at the same time. Default is unlimited. #maximum_instances: 0 # Optional fields that you can specify to add additional information to the # output. Fields can be scalar values, arrays, dictionaries, or any nested # combination of these. #fields: # env: staging # Define custom processors for this function. #processors: # - dissect: # tokenizer: "%{key1} %{key2}" ``` * `cloud.google.com/go/functions/metadata` * `cloud.google.com/go/storage` (cherry picked from commit e8e18d0) * fix vendor * update notice * add missing vendor * update notice
sayden
pushed a commit
to sayden/beats
that referenced
this pull request
Jan 15, 2020
This PR introduces the support for Google Cloud Platform to Functionbeat. This branch is located in the `elastic/beats` repository, so anyone on our team has access to it. ### Manager #### Authentication To use the API to deploy, remove and update functions, users need to set the environment variable `GOOGLE_APPLICATION_CREDENTIALS`. This variable should point to a JSON file which contains all the relevant information for Google to authenticate. (About authentication for GCP libs: https://cloud.google.com/docs/authentication/getting-started) #### Required roles * Cloud Functions Developer * Cloud Functions Service Agent * Service Account User * Storage Admin * Storage Object Admin Note: Cloud Functions Developer role is in beta. We should not make GCP support GA, until it becomes stable. #### Configuration ```yaml # Configure functions to run on Google Cloud Platform, currently, we assume that the credentials # are present in the environment to correctly create the function when using the CLI. # # Configure which region your project is located in. functionbeat.provider.gcp.location_id: "europe-west1" # Configure which Google Cloud project to deploy your functions. functionbeat.provider.gcp.project_id: "my-project-123456" # Configure the Google Cloud Storage we should upload the function artifact. functionbeat.provider.gcp.storage_name: "functionbeat-deploy" functionbeat.provider.gcp.functions: ``` #### Export Function templates can be exported into YAML. With this YAML configuration, users can deploy the function using the [Google Cloud Deployment Manager](https://cloud.google.com/deployment-manager/). ### New functions #### Google Pub/Sub A function under the folder `pkg/pubsub` is available to get events from Google Pub/Sub. ##### Configuration ```yaml # Define the list of function availables, each function required to have a unique name. # Create a function that accepts events coming from Google Pub/Sub. - name: pubsub enabled: false type: pubsub # Description of the method to help identify them when you run multiples functions. description: "Google Cloud Function for Pub/Sub" # The maximum memory allocated for this function, the configured size must be a factor of 64. # Default is 256MiB. #memory_size: 256MiB # Execution timeout in seconds. If the function does not finish in time, # it is considered failed and terminated. Default is 60s. #timeout: 60s # Email of the service account of the function. Defaults to {projectid}@appspot.gserviceaccount.com #service_account_email: {projectid}@appspot.gserviceaccount.com # Labels of the function. #labels: # mylabel: label # VPC Connector this function can connect to. # Format: projects/*/locations/*/connectors/* or fully-qualified URI #vpc_connector: "" # Number of maximum instances running at the same time. Default is unlimited. #maximum_instances: 0 trigger: event_type: "providers/cloud.pubsub/eventTypes/topic.publish" resource: "projects/_/pubsub/myPubSub" #service: "pubsub.googleapis.com" # Optional fields that you can specify to add additional information to the # output. Fields can be scalar values, arrays, dictionaries, or any nested # combination of these. #fields: # env: staging # Define custom processors for this function. #processors: # - dissect: # tokenizer: "%{key1} %{key2}" ``` #### Google Cloud Storage A function under the folder pkg/storage is available to get events from Google Cloud Storage. ##### Configuration ```yaml # Create a function that accepts events coming from Google Cloud Storage. - name: storage enabled: false type: storage # Description of the method to help identify them when you run multiples functions. description: "Google Cloud Function for Cloud Storage" # The maximum memory allocated for this function, the configured size must be a factor of 64. # Default is 256MiB. #memory_size: 256MiB # Execution timeout in seconds. If the function does not finish in time, # it is considered failed and terminated. Default is 60s. #timeout: 60s # Email of the service account of the function. Defaults to {projectid}@appspot.gserviceaccount.com #service_account_email: {projectid}@appspot.gserviceaccount.com # Labels of the function. #labels: # mylabel: label # VPC Connector this function can connect to. # Format: projects/*/locations/*/connectors/* or fully-qualified URI #vpc_connector: "" # Number of maximum instances running at the same time. Default is unlimited. #maximum_instances: 0 # Optional fields that you can specify to add additional information to the # output. Fields can be scalar values, arrays, dictionaries, or any nested # combination of these. #fields: # env: staging # Define custom processors for this function. #processors: # - dissect: # tokenizer: "%{key1} %{key2}" ``` ### Vendor * `cloud.google.com/go/functions/metadata` * `cloud.google.com/go/storage` (cherry picked from commit e8e18d0) # Conflicts: # vendor/vendor.json
14 tasks
|
Opened a PR to fix the indexing issue for storage: #16000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces the support for Google Cloud Platform to Functionbeat. This branch is located in the
elastic/beatsrepository, so anyone on our team has access to it.Manager
Authentication
To use the API to deploy, remove and update functions, users need to set the environment variable
GOOGLE_APPLICATION_CREDENTIALS. This variable should point to a JSON file which contains all the relevant information for Google to authenticate.(About authentication for GCP libs: https://cloud.google.com/docs/authentication/getting-started)
Required roles
Note: Cloud Functions Developer role is in beta. We should not make GCP support GA, until it becomes stable.
Configuration
Export
Function templates can be exported into YAML. With this YAML configuration, users can deploy the function using the Google Cloud Deployment Manager.
New functions
Google Pub/Sub
A function under the folder
pkg/pubsubis available to get events from Google Pub/Sub.Configuration
Google Cloud Storage
A function under the folder pkg/storage is available to get events from Google Cloud Storage.
Configuration
Vendor
cloud.google.com/go/functions/metadatacloud.google.com/go/storageHow to test
Manager
Make sure you have a GCP account with the required roles listed in the PR.
Package
Functionbeat is able to zip the functions which can be deployed to cloud providers.
Make sure all three zip files are generated and the
--outputflag is applied correctly.Expected packages:
package-aws.zippackage-gcp-pubsub.zippackage-gcp-storage.zipDeployment
Download a credentials file for your user. Pass the path to Functionbeat as an environment variable:
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/file.jsonGeneral
Adjust the following general settings for GCP.
location_id: Where your function is going to be deployed. (Available locations: https://cloud.google.com/about/locations/)project_id: The ID of your projectstorage_name: Name of the storage bucket you want to upload the function. If it does not exists, it will be created, given you have the appropriate role.Pub/Sub function
With the following minimal configuration, you can deploy a function which is triggered by new Pub/Sub events.
Set the option
trigger.resourceto the ID of your Pub/Sub:Besides deploying a function with a minimal config, try to experiment with the other available options to see if all of them are working.
Run the following command to deploy the function:
The deployed function shows up in the functions list, if everything went correctly.
To trigger the function, go to the configured Pub/Sub topic and publish a message. The logs of the function invocation can be found under Stackdriver/Logging/Logs Viewer.
Storage
Configure a trigger for the storage function under
trigger.resource, just like in case of Pub/Sub trigger.Furthermore, you can configure multiple trigger types for the function as
event_type:google.storage.object.finalizegoogle.storage.object.deletegoogle.storage.object.archivegoogle.storage.object.metadataUpdateThe function can be triggered by creating/deleting/archiving things from the bucket or any metadata change. Logs are located under the same log viewer as in case of Pub/Sub function.