Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EEM] Add built in definitions for core Kubernetes entities #196916

Merged
merged 10 commits into from
Nov 19, 2024
+802 −4
Merged

[EEM] Add built in definitions for core Kubernetes entities #196916

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d29e6fa
[EEM] Add built in definitions for core Kubernetes entities
miltonhultgren Oct 18, 2024
b90580f
Updating built-in definitions for ECS and Otel based K8s
simianhacker Nov 13, 2024
09984b6
Cleanup metadata
simianhacker Nov 13, 2024
381ef39
Merge branch 'main' of github.com:elastic/kibana into eem/kubernetes-…
simianhacker Nov 14, 2024
6151444
Fixing the metadata structure
simianhacker Nov 14, 2024
4369460
Updating OTEL index patterns
simianhacker Nov 14, 2024
2179ae0
return more that 10 items
simianhacker Nov 18, 2024
1e2eb88
Merge branch 'main' into eem-kubernetes-definitions
elasticmachine Nov 18, 2024
666e34e
Updating get entity definitions call to fetch 1000 instead of 10
simianhacker Nov 18, 2024
7129305
Merge branch 'main' of github.com:elastic/kibana into eem/kubernetes-…
simianhacker Nov 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,13 @@ import { builtInServicesFromEcsEntityDefinition } from './services_from_ecs_data
import { builtInHostsFromEcsEntityDefinition } from './hosts_from_ecs_data';
import { builtInContainersFromEcsEntityDefinition } from './containers_from_ecs_data';

import * as kubernetes from './kubernetes';

export { BUILT_IN_ID_PREFIX } from './constants';

export const builtInDefinitions: EntityDefinition[] = [
builtInServicesFromEcsEntityDefinition,
builtInHostsFromEcsEntityDefinition,
builtInContainersFromEcsEntityDefinition,
...Object.values(kubernetes),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably a good time to make the enablement call async with all these new definitions. The enablement endpoint will also install every definitions in parallel, could that be problematic with the current amount of definitions ? we can also consider throttling the installations on our side otherwise

];
8 changes: 8 additions & 0 deletions ...ugins/entity_manager/server/lib/entities/built_in/kubernetes/common/ecs_index_patterns.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export const commonEcsIndexPatterns = ['metrics-kubernetes*', 'logs-*'];
28 changes: 28 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/common/ecs_metadata.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { MetadataField } from '@kbn/entities-schema';
import { globalMetadata } from './global_metadata';

export const commonEcsMetadata: MetadataField[] = [
...globalMetadata,
{
source: 'orchestrator.namespace',
destination: 'orchestrator.namespace',
aggregation: { type: 'terms', limit: 10 },
},
{
source: 'orchestrator.cluster_ip',
destination: 'orchestrator.cluster_id',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
{
source: 'orchestrator.cluster_name',
destination: 'orchestrator.cluster_name',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
];
26 changes: 26 additions & 0 deletions .../plugins/entity_manager/server/lib/entities/built_in/kubernetes/common/global_metadata.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { MetadataField } from '@kbn/entities-schema';

export const globalMetadata: MetadataField[] = [
{
source: '_index',
destination: 'source_index',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
{
source: 'data_stream.type',
destination: 'source_data_stream.type',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
{
source: 'data_stream.dataset',
destination: 'source_data_stream.dataset',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
];
8 changes: 8 additions & 0 deletions ...gins/entity_manager/server/lib/entities/built_in/kubernetes/common/otel_index_patterns.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export const commonOtelIndexPatterns = ['metrics-*otel*', 'logs-*'];
23 changes: 23 additions & 0 deletions ...ck/plugins/entity_manager/server/lib/entities/built_in/kubernetes/common/otel_metadata.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { MetadataField } from '@kbn/entities-schema';
import { globalMetadata } from './global_metadata';

export const commonOtelMetadata: MetadataField[] = [
...globalMetadata,
{
source: 'k8s.namespace.name',
destination: 'k8s.namespace.name',
aggregation: { type: 'terms', limit: 10 },
},
{
source: 'k8s.cluster.name',
destination: 'k8s.cluster.name',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
];
46 changes: 46 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/ecs/cluster.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { globalMetadata } from '../common/global_metadata';

export const builtInKubernetesClusterEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_cluster_ecs`,
filter: 'orchestrator.cluster.name: *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Clusters from ECS data',
description:
'This definition extracts Kubernetes cluster entities from the Kubernetes integration data streams',
type: 'k8s.cluster.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['orchestrator.cluster.name'],
displayNameTemplate: '{{orchestrator.cluster.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: [
...globalMetadata,
{
source: 'orchestrator.namespace',
destination: 'orchestrator.namespace',
aggregation: { type: 'terms', limit: 10 },
},
{
source: 'orchestrator.cluster_ip',
destination: 'orchestrator.cluster_id',
aggregation: { type: 'top_value', sort: { '@timestamp': 'desc' } },
},
],
});
34 changes: 34 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/ecs/cron_job.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { commonEcsMetadata } from '../common/ecs_metadata';

export const builtInKubernetesCronJobEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_cron_job_ecs`,
filter: 'kubernetes.cronjob.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes CronJob from ECS data',
description:
'This definition extracts Kubernetes cron job entities from the Kubernetes integration data streams',
type: 'k8s.cronjob.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.cronjob.uid'],
displayNameTemplate: '{{kubernetes.cronjob.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
34 changes: 34 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/ecs/daemon_set.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { commonEcsMetadata } from '../common/ecs_metadata';

export const builtInKubernetesDaemonSetEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_daemon_set_ecs`,
filter: 'kubernetes.daemonset.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes DaemonSet from ECS data',
description:
'This definition extracts Kubernetes daemon set entities from the Kubernetes integration data streams',
type: 'k8s.daemonset.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.daemonset.name'],
displayNameTemplate: '{{kubernetes.daemonset.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
34 changes: 34 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/ecs/deployment.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsMetadata } from '../common/ecs_metadata';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';

export const builtInKubernetesDeploymentEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_deployment_ecs`,
filter: 'kubernetes.deployment.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Deployment from ECS data',
description:
'This definition extracts Kubernetes deployment entities from the Kubernetes integration data streams',
type: 'k8s.deployment.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.deployment.uid'],
displayNameTemplate: '{{kubernetes.deployment.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
17 changes: 17 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/ecs/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export { builtInKubernetesClusterEcsEntityDefinition } from './cluster';
export { builtInKubernetesNodeEcsEntityDefinition } from './node';
export { builtInKubernetesPodEcsEntityDefinition } from './pod';
export { builtInKubernetesReplicaSetEcsEntityDefinition } from './replica_set';
export { builtInKubernetesDeploymentEcsEntityDefinition } from './deployment';
export { builtInKubernetesStatefulSetEcsEntityDefinition } from './stateful_set';
export { builtInKubernetesDaemonSetEcsEntityDefinition } from './daemon_set';
export { builtInKubernetesJobEcsEntityDefinition } from './job';
export { builtInKubernetesCronJobEcsEntityDefinition } from './cron_job';
export { builtInKubernetesServiceEcsEntityDefinition } from './service';
34 changes: 34 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/ecs/job.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { commonEcsMetadata } from '../common/ecs_metadata';

export const builtInKubernetesJobEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_job_ecs`,
filter: 'kubernetes.job.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Job from ECS data',
description:
'This definition extracts Kubernetes job entities from the Kubernetes integration data streams',
type: 'k8s.job.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.job.uid'],
displayNameTemplate: '{{kubernetes.job.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
34 changes: 34 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/ecs/node.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';
import { commonEcsMetadata } from '../common/ecs_metadata';

export const builtInKubernetesNodeEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_node_ecs`,
filer: 'kubernetes.node.uid : *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Node from ECS data',
description:
'This definition extracts Kubernetes node entities from the Kubernetes integration data streams',
type: 'k8s.node.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.node.uid'],
displayNameTemplate: '{{kubernetes.node.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
34 changes: 34 additions & 0 deletions x-pack/plugins/entity_manager/server/lib/entities/built_in/kubernetes/ecs/pod.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EntityDefinition, entityDefinitionSchema } from '@kbn/entities-schema';
import { BUILT_IN_ID_PREFIX } from '../../constants';
import { commonEcsMetadata } from '../common/ecs_metadata';
import { commonEcsIndexPatterns } from '../common/ecs_index_patterns';

export const builtInKubernetesPodEcsEntityDefinition: EntityDefinition =
entityDefinitionSchema.parse({
id: `${BUILT_IN_ID_PREFIX}kubernetes_pod_ecs`,
filter: 'kubernetes.pod.uid: *',
managed: true,
version: '0.1.0',
name: 'Kubernetes Pod from ECS data',
description:
'This definition extracts Kubernetes pod entities from the Kubernetes integration data streams',
type: 'k8s.pod.ecs',
indexPatterns: commonEcsIndexPatterns,
identityFields: ['kubernetes.pod.name'],
displayNameTemplate: '{{kubernetes.pod.name}}',
latest: {
timestampField: '@timestamp',
lookbackPeriod: '10m',
settings: {
frequency: '5m',
},
},
metadata: commonEcsMetadata,
});
Loading