Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
fluent-plugin-kubernetes-objects
Advanced tools
Important: The fluent-plugin-kubernetes-objects will reach End of Support on January 1, 2024. After that date, this repository will no longer receive updates from Splunk and will no longer be supported by Splunk. Until then, only critical security fixes and bug fixes will be provided.
Fluentd input plugin to collect objects in a kubernetes cluster.
This input plugin can collects data in two ways:
See also: Plugin Management.
$ gem install fluent-plugin-kubernetes-objects
Add following line to your Gemfile:
gem "fluent-plugin-kubernetes-objects"
And then execute:
$ bundle
<source>
@type kubernetes_objects
tag k8s.*
<pull>
resource_name nodes
</pull>
<pull>
resource_name pods
namespace default
</pull>
<watch>
resource_name events
</watch>
In this example, it will pull all the nodes
, and all the pods
in default
namespace, and also watch events
. And all those data will be tagged with prefix "k8s."
.
This must be kubernetes_objects
.
The tag of the event.
*
can be used as a placeholder that expands to the actual resource name (watch objects will have .watch
suffix). For example, if you set
tag k8s.*
<pull>
resource_name pods
</pull>
<watch>
resource_name events
</watch>
The tag for pods
data will be k8s.pods
, while the tag for events
will be k8s.events.watch
.
Default value: kubernetes.*
.
The URL to the kubernetes API endpoint. By default, it will read from environment variables KUBERNETES_SERVICE_HOST
and KUBERNETES_SERVICE_PORT
. If those environment variables are not available, and this parameter is not set, error will be raised.
Kubernetes API version, it includes the API group name and the version, just like the apiVersion
in a Kubernetes manifests YAML file. E.g. v1
, rbac.authorization.k8s.io/v1
, etc.
Default value: v1
.
Path to the certificate file for this client.
Path to the private key file for this client.
Path to the CA file.
When set to true
, it will ignore inscure HTTPS
connections (i.e. it ignores server SSL certificate verification errors).
Default value: false
.
Path of the location where pod's service account's credentials are stored.th of the location where pod's service account's credentials are stored.
Default value: /var/run/secrets/kubernetes.io/serviceaccount
.
Path to the file contains the API token. By default it reads from the file "token" in the secret_dir
.
Ths <pull> section is used to define which object to pull from the cluster. One section defines one object.
The name of the object to pull. E.g. pods
, nodes
. This must match api_version
.
The resource_name
is not exactly the same as the name in Kubernetes API.
If a name contains multiple words, e.g. daemonsets
and replicasets
,
you will need use underscore _
to separate the words.
So daemonsets
becomes daemon_sets
, and replicasets
becomes replica_sets
, and so on.
Only the objects belong to the namespace specified in this parameter will be pulled. When it's not set, it will pull from all name spaces.
A selector to restrict the list of returned objects by labels.
A selector to restrict the list of returned objects by fields.
The interval at which the objects will be pulled.
Default value: 15m
.
Ths <watch> section is used to define which object to watch from the cluster. One section defines one object.
This section has exactly the same parameters except interval
as the <pull> section does. Check the <pull> section above for details.
Defines where to storage checkpoints for watch
. Each object the plugin watches, it will record the latest resoruce_version
of that object. And when the fluentd restarts, the plugin will send the previously recorded resource_version
to the kubernetes watch API.
By default, it uses the memory storage.
See also Storage section configurations and Storage Plugin Overview.
See License.
FAQs
Unknown package
We found that fluent-plugin-kubernetes-objects demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.