fix: remove list watch secret in K8s Meta (#1842)

pkg/helper/k8smeta/k8s_meta_cache.go

@@ -165,8 +165,6 @@ func (m *k8sMetaCache) getFactoryInformer() (informers.SharedInformerFactory, ca
 		informer = factory.Core().V1().Namespaces().Informer()
 	case CONFIGMAP:
 		informer = factory.Core().V1().ConfigMaps().Informer()
-	case SECRET:
-		informer = factory.Core().V1().Secrets().Informer()
 	case PERSISTENTVOLUME:
 		informer = factory.Core().V1().PersistentVolumes().Informer()
 	case PERSISTENTVOLUMECLAIM:

pkg/helper/k8smeta/k8s_meta_const.go

@@ -19,7 +19,6 @@ const (
 	NODE                  = "node"
 	NAMESPACE             = "namespace"
 	CONFIGMAP             = "configmap"
-	SECRET                = "secret"
 	PERSISTENTVOLUME      = "persistentvolume"
 	PERSISTENTVOLUMECLAIM = "persistentvolumeclaim"
 	STORAGECLASS          = "storageclass"
@@ -37,7 +36,6 @@ const (
 	POD_JOB                  = "pod->job"
 	POD_PERSISENTVOLUMECLAIN = "pod->persistentvolumeclaim"
 	POD_CONFIGMAP            = "pod->configmap"
-	POD_SECRET               = "pod->secret"
 	POD_SERVICE              = "pod->service"
 	POD_CONTAINER            = "pod->container"
 	POD_PROCESS              = "pod->process"
@@ -56,7 +54,6 @@ var AllResources = []string{
 	NODE,
 	NAMESPACE,
 	CONFIGMAP,
-	SECRET,
 	PERSISTENTVOLUME,
 	PERSISTENTVOLUMECLAIM,
 	STORAGECLASS,
@@ -108,11 +105,6 @@ type PodConfigMap struct {
 	ConfigMap *v1.ConfigMap
 }
 
-type PodSecret struct {
-	Pod    *v1.Pod
-	Secret *v1.Secret
-}
-
 type PodService struct {
 	Service *v1.Service
 	Pod     *v1.Pod

pkg/helper/k8smeta/k8s_meta_link.go

@@ -41,8 +41,6 @@ func (g *LinkGenerator) GenerateLinks(events []*K8sMetaEvent, linkType string) [
 		return g.getPodPVCLink(events)
 	case POD_CONFIGMAP:
 		return g.getPodConfigMapLink(events)
-	case POD_SECRET:
-		return g.getPodSecretLink(events)
 	case POD_SERVICE:
 		return g.getPodServiceLink(events)
 	case POD_CONTAINER:
@@ -291,39 +289,6 @@ func (g *LinkGenerator) getPodConfigMapLink(podList []*K8sMetaEvent) []*K8sMetaE
 	return result
 }
 
-func (g *LinkGenerator) getPodSecretLink(podList []*K8sMetaEvent) []*K8sMetaEvent {
-	result := make([]*K8sMetaEvent, 0)
-	for _, data := range podList {
-		pod, ok := data.Object.Raw.(*v1.Pod)
-		if !ok {
-			continue
-		}
-		for _, volume := range pod.Spec.Volumes {
-			if volume.Secret != nil {
-				secretName := volume.Secret.SecretName
-				secretList := g.metaCache[SECRET].Get([]string{generateNameWithNamespaceKey(pod.Namespace, secretName)})
-				for _, secret := range secretList {
-					for _, s := range secret {
-						result = append(result, &K8sMetaEvent{
-							EventType: data.EventType,
-							Object: &ObjectWrapper{
-								ResourceType: POD_SECRET,
-								Raw: &PodSecret{
-									Pod:    pod,
-									Secret: s.Raw.(*v1.Secret),
-								},
-								FirstObservedTime: data.Object.FirstObservedTime,
-								LastObservedTime:  data.Object.LastObservedTime,
-							},
-						})
-					}
-				}
-			}
-		}
-	}
-	return result
-}
-
 func (g *LinkGenerator) getPodServiceLink(podList []*K8sMetaEvent) []*K8sMetaEvent {
 	serviceList := g.metaCache[SERVICE].List()
 	result := make([]*K8sMetaEvent, 0)

plugins/input/kubernetesmetav1/input_kubernetes_meta.go

@@ -45,7 +45,6 @@ type InputKubernetesMeta struct {
 	DaemonSet             bool
 	StatefulSet           bool
 	Configmap             bool
-	Secret                bool
 	Job                   bool
 	CronJob               bool
 	Namespace             bool
@@ -183,9 +182,6 @@ func (in *InputKubernetesMeta) addInformerListerCollectors() {
 	if in.Configmap {
 		in.collectors = append(in.collectors, newCollector(Configmap, in.informerFactory.Core().V1().ConfigMaps().Lister(), in.collectConfigmaps))
 	}
-	if in.Secret {
-		in.collectors = append(in.collectors, newCollector(Secret, in.informerFactory.Core().V1().Secrets().Lister(), in.collectSecrets))
-	}
 }
 
 func (in *InputKubernetesMeta) Description() string {
@@ -262,7 +258,6 @@ func init() {
 			CronJob:               true,
 			Namespace:             true,
 			Configmap:             true,
-			Secret:                true,
 			IntervalMs:            defaultIntervalMs,
 		}
 	}

plugins/input/kubernetesmetav1/kubernetes_collect.go

@@ -40,7 +40,6 @@ const (
 	StorageClass          = "StorageClass"
 	Ingress               = "Ingress"
 	Configmap             = "ConfigMap"
-	Secret                = "Secret"
 )
 
 // Keys used in meta node.

plugins/input/kubernetesmetav1/kubernetes_collect_core.go

@@ -322,28 +322,3 @@ func (in *InputKubernetesMeta) collectConfigmaps(lister interface{}, selector la
 	}
 	return
 }
-
-// collectSecrets list the kubernetes secrets by the label selector and collect the core metadata.
-func (in *InputKubernetesMeta) collectSecrets(lister interface{}, selector labels.Selector) (nodes []*helper.MetaNode, err error) {
-	if !in.Secret {
-		return
-	}
-	secrets, err := lister.(core.SecretLister).List(selector)
-	if err != nil {
-		logger.Error(in.context.GetRuntimeContext(), "KUBERNETES_META_ALARM", "err", err)
-		return
-	}
-	nodes = make([]*helper.MetaNode, 0, len(secrets))
-	for _, s := range secrets {
-		node := helper.NewMetaNode(string(s.UID), Secret).
-			WithAttributes(make(helper.Attributes, 8)).
-			WithLabels(s.Labels).
-			WithAttribute(KeyNamespace, s.Namespace)
-		if s.Immutable != nil {
-			node.WithAttribute(KeyImmutable, s.Immutable)
-		}
-		addCommonAttributes(&s.ObjectMeta, node)
-		nodes = append(nodes, node)
-	}
-	return
-}

plugins/input/kubernetesmetav2/meta_collector.go

@@ -42,7 +42,6 @@ func (m *metaCollector) Start() error {
 		k8smeta.DAEMONSET:                m.processDaemonSetEntity,
 		k8smeta.STATEFULSET:              m.processStatefulSetEntity,
 		k8smeta.CONFIGMAP:                m.processConfigMapEntity,
-		k8smeta.SECRET:                   m.processSecretEntity,
 		k8smeta.JOB:                      m.processJobEntity,
 		k8smeta.CRONJOB:                  m.processCronJobEntity,
 		k8smeta.NAMESPACE:                m.processNamespaceEntity,
@@ -59,7 +58,6 @@ func (m *metaCollector) Start() error {
 		k8smeta.POD_JOB:                  m.processPodJobLink,
 		k8smeta.POD_PERSISENTVOLUMECLAIN: m.processPodPVCLink,
 		k8smeta.POD_CONFIGMAP:            m.processPodConfigMapLink,
-		k8smeta.POD_SECRET:               m.processPodSecretLink,
 		k8smeta.POD_SERVICE:              m.processPodServiceLink,
 		k8smeta.POD_CONTAINER:            m.processPodContainerLink,
 	}
@@ -88,9 +86,6 @@ func (m *metaCollector) Start() error {
 	if m.serviceK8sMeta.Configmap {
 		m.serviceK8sMeta.metaManager.RegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.CONFIGMAP, m.handleEvent, m.serviceK8sMeta.Interval)
 	}
-	if m.serviceK8sMeta.Secret {
-		m.serviceK8sMeta.metaManager.RegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.SECRET, m.handleEvent, m.serviceK8sMeta.Interval)
-	}
 	if m.serviceK8sMeta.Job {
 		m.serviceK8sMeta.metaManager.RegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.JOB, m.handleEvent, m.serviceK8sMeta.Interval)
 	}
@@ -139,9 +134,6 @@ func (m *metaCollector) Start() error {
 	if m.serviceK8sMeta.Pod && m.serviceK8sMeta.Configmap {
 		m.serviceK8sMeta.metaManager.RegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.POD_CONFIGMAP, m.handleEvent, m.serviceK8sMeta.Interval)
 	}
-	if m.serviceK8sMeta.Pod && m.serviceK8sMeta.Secret {
-		m.serviceK8sMeta.metaManager.RegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.POD_SECRET, m.handleEvent, m.serviceK8sMeta.Interval)
-	}
 	if m.serviceK8sMeta.Service && m.serviceK8sMeta.Pod {
 		m.serviceK8sMeta.metaManager.RegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.POD_SERVICE, m.handleEvent, m.serviceK8sMeta.Interval)
 	}
@@ -177,9 +169,6 @@ func (m *metaCollector) Stop() error {
 	if m.serviceK8sMeta.Configmap {
 		m.serviceK8sMeta.metaManager.UnRegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.CONFIGMAP)
 	}
-	if m.serviceK8sMeta.Secret {
-		m.serviceK8sMeta.metaManager.UnRegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.SECRET)
-	}
 	if m.serviceK8sMeta.Job {
 		m.serviceK8sMeta.metaManager.UnRegisterSendFunc(m.serviceK8sMeta.context.GetProject(), m.serviceK8sMeta.configName, k8smeta.JOB)
 	}

plugins/input/kubernetesmetav2/meta_collector_core.go

@@ -177,25 +177,6 @@ func (m *metaCollector) processConfigMapEntity(data *k8smeta.ObjectWrapper, meth
 	return nil
 }
 
-func (m *metaCollector) processSecretEntity(data *k8smeta.ObjectWrapper, method string) []models.PipelineEvent {
-	if obj, ok := data.Raw.(*v1.Secret); ok {
-		log := &models.Log{}
-		log.Contents = models.NewLogContents()
-		log.Timestamp = uint64(time.Now().Unix())
-		m.processEntityCommonPart(log.Contents, obj.Kind, obj.Namespace, obj.Name, method, data.FirstObservedTime, data.LastObservedTime, obj.CreationTimestamp)
-
-		// custom fields
-		log.Contents.Add("api_version", obj.APIVersion)
-		log.Contents.Add("namespace", obj.Namespace)
-		log.Contents.Add("labels", m.processEntityJSONObject(obj.Labels))
-		log.Contents.Add("annotations", m.processEntityJSONObject(obj.Annotations))
-		log.Contents.Add("type", string(obj.Type))
-
-		return []models.PipelineEvent{log}
-	}
-	return nil
-}
-
 func (m *metaCollector) processNamespaceEntity(data *k8smeta.ObjectWrapper, method string) []models.PipelineEvent {
 	if obj, ok := data.Raw.(*v1.Namespace); ok {
 		log := &models.Log{}
@@ -295,18 +276,6 @@ func (m *metaCollector) processPodConfigMapLink(data *k8smeta.ObjectWrapper, met
 	return nil
 }
 
-func (m *metaCollector) processPodSecretLink(data *k8smeta.ObjectWrapper, method string) []models.PipelineEvent {
-	if obj, ok := data.Raw.(*k8smeta.PodSecret); ok {
-		log := &models.Log{}
-		log.Contents = models.NewLogContents()
-		m.processEntityLinkCommonPart(log.Contents, obj.Pod.Kind, obj.Pod.Namespace, obj.Pod.Name, obj.Secret.Kind, obj.Secret.Namespace, obj.Secret.Name, method, data.FirstObservedTime, data.LastObservedTime)
-		log.Contents.Add(entityLinkRelationTypeFieldName, "related_to")
-		log.Timestamp = uint64(time.Now().Unix())
-		return []models.PipelineEvent{log}
-	}
-	return nil
-}
-
 func (m *metaCollector) processPodServiceLink(data *k8smeta.ObjectWrapper, method string) []models.PipelineEvent {
 	if obj, ok := data.Raw.(*k8smeta.PodService); ok {
 		log := &models.Log{}

plugins/input/kubernetesmetav2/service_meta.go

@@ -23,7 +23,6 @@ type ServiceK8sMeta struct {
 	DaemonSet             bool
 	StatefulSet           bool
 	Configmap             bool
-	Secret                bool
 	Job                   bool
 	CronJob               bool
 	Namespace             bool