wanjunlei
@@ -29,55 +29,55 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
WaitTimeout = time.Second
|
GetSenderTimeout = time.Second
|
||||||
SendTimeout = time.Second * 3
|
SendTimeout = time.Second * 3
|
||||||
DefaultGoroutinesNum = 100
|
DefaultSendersNum = 100
|
||||||
DefaultBatchSize = 100
|
DefaultBatchSize = 100
|
||||||
DefaultBatchWait = time.Second * 3
|
DefaultBatchInterval = time.Second * 3
|
||||||
WebhookURL = "https://kube-auditing-webhook-svc.kubesphere-logging-system.svc:443/audit/webhook/event"
|
WebhookURL = "https://kube-auditing-webhook-svc.kubesphere-logging-system.svc:443/audit/webhook/event"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Backend struct {
|
type Backend struct {
|
||||||
url string
|
url string
|
||||||
semCh chan interface{}
|
senderCh chan interface{}
|
||||||
cache chan *v1alpha1.Event
|
cache chan *v1alpha1.Event
|
||||||
client http.Client
|
client http.Client
|
||||||
sendTimeout time.Duration
|
sendTimeout time.Duration
|
||||||
waitTimeout time.Duration
|
getSenderTimeout time.Duration
|
||||||
maxBatchSize int
|
eventBatchSize int
|
||||||
maxBatchWait time.Duration
|
eventBatchInterval time.Duration
|
||||||
stopCh <-chan struct{}
|
stopCh <-chan struct{}
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewBackend(opts *options.Options, cache chan *v1alpha1.Event, stopCh <-chan struct{}) *Backend {
|
func NewBackend(opts *options.Options, cache chan *v1alpha1.Event, stopCh <-chan struct{}) *Backend {
|
||||||
|
|
||||||
b := Backend{
|
b := Backend{
|
||||||
url: opts.WebhookUrl,
|
url: opts.WebhookUrl,
|
||||||
waitTimeout: WaitTimeout,
|
getSenderTimeout: GetSenderTimeout,
|
||||||
cache: cache,
|
cache: cache,
|
||||||
sendTimeout: SendTimeout,
|
sendTimeout: SendTimeout,
|
||||||
maxBatchSize: opts.MaxBatchSize,
|
eventBatchSize: opts.EventBatchSize,
|
||||||
maxBatchWait: opts.MaxBatchWait,
|
eventBatchInterval: opts.EventBatchInterval,
|
||||||
stopCh: stopCh,
|
stopCh: stopCh,
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(b.url) == 0 {
|
if len(b.url) == 0 {
|
||||||
b.url = WebhookURL
|
b.url = WebhookURL
|
||||||
}
|
}
|
||||||
|
|
||||||
if b.maxBatchWait == 0 {
|
if b.eventBatchInterval == 0 {
|
||||||
b.maxBatchWait = DefaultBatchWait
|
b.eventBatchInterval = DefaultBatchInterval
|
||||||
}
|
}
|
||||||
|
|
||||||
if b.maxBatchSize == 0 {
|
if b.eventBatchSize == 0 {
|
||||||
b.maxBatchSize = DefaultBatchSize
|
b.eventBatchSize = DefaultBatchSize
|
||||||
}
|
}
|
||||||
|
|
||||||
goroutinesNum := opts.GoroutinesNum
|
sendersNum := opts.EventSendersNum
|
||||||
if goroutinesNum == 0 {
|
if sendersNum == 0 {
|
||||||
goroutinesNum = DefaultGoroutinesNum
|
sendersNum = DefaultSendersNum
|
||||||
}
|
}
|
||||||
b.semCh = make(chan interface{}, goroutinesNum)
|
b.senderCh = make(chan interface{}, sendersNum)
|
||||||
|
|
||||||
b.client = http.Client{
|
b.client = http.Client{
|
||||||
Transport: &http.Transport{
|
Transport: &http.Transport{
|
||||||
@@ -111,7 +111,7 @@ func (b *Backend) worker() {
|
|||||||
|
|
||||||
func (b *Backend) getEvents() *v1alpha1.EventList {
|
func (b *Backend) getEvents() *v1alpha1.EventList {
|
||||||
|
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), b.maxBatchWait)
|
ctx, cancel := context.WithTimeout(context.Background(), b.eventBatchInterval)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
events := &v1alpha1.EventList{}
|
events := &v1alpha1.EventList{}
|
||||||
@@ -122,7 +122,7 @@ func (b *Backend) getEvents() *v1alpha1.EventList {
|
|||||||
break
|
break
|
||||||
}
|
}
|
||||||
events.Items = append(events.Items, *event)
|
events.Items = append(events.Items, *event)
|
||||||
if len(events.Items) >= b.maxBatchSize {
|
if len(events.Items) >= b.eventBatchSize {
|
||||||
return events
|
return events
|
||||||
}
|
}
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
@@ -141,14 +141,14 @@ func (b *Backend) sendEvents(events *v1alpha1.EventList) {
|
|||||||
stopCh := make(chan struct{})
|
stopCh := make(chan struct{})
|
||||||
|
|
||||||
send := func() {
|
send := func() {
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), b.waitTimeout)
|
ctx, cancel := context.WithTimeout(context.Background(), b.getSenderTimeout)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
select {
|
select {
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
klog.Error("get goroutine timeout")
|
klog.Error("Get auditing event sender timeout")
|
||||||
return
|
return
|
||||||
case b.semCh <- struct{}{}:
|
case b.senderCh <- struct{}{}:
|
||||||
}
|
}
|
||||||
|
|
||||||
start := time.Now()
|
start := time.Now()
|
||||||
@@ -159,7 +159,7 @@ func (b *Backend) sendEvents(events *v1alpha1.EventList) {
|
|||||||
|
|
||||||
bs, err := b.eventToBytes(events)
|
bs, err := b.eventToBytes(events)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.V(6).Infof("json marshal error, %s", err)
|
klog.Errorf("json marshal error, %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -180,7 +180,7 @@ func (b *Backend) sendEvents(events *v1alpha1.EventList) {
|
|||||||
go send()
|
go send()
|
||||||
|
|
||||||
defer func() {
|
defer func() {
|
||||||
<-b.semCh
|
<-b.senderCh
|
||||||
}()
|
}()
|
||||||
|
|
||||||
select {
|
select {
|
||||||
|
|||||||
@@ -229,7 +229,7 @@ func (a *auditing) cacheEvent(e auditv1alpha1.Event) {
|
|||||||
case a.cache <- &e:
|
case a.cache <- &e:
|
||||||
return
|
return
|
||||||
case <-time.After(CacheTimeout):
|
case <-time.After(CacheTimeout):
|
||||||
klog.Errorf("cache audit event %s timeout", e.AuditID)
|
klog.V(8).Infof("cache audit event %s timeout", e.AuditID)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -25,15 +25,15 @@ import (
|
|||||||
type Options struct {
|
type Options struct {
|
||||||
Enable bool `json:"enable" yaml:"enable"`
|
Enable bool `json:"enable" yaml:"enable"`
|
||||||
WebhookUrl string `json:"webhookUrl" yaml:"webhookUrl"`
|
WebhookUrl string `json:"webhookUrl" yaml:"webhookUrl"`
|
||||||
// The number of goroutines which send auditing events to webhook.
|
// The maximum concurrent senders which send auditing events to the auditing webhook.
|
||||||
GoroutinesNum int `json:"goroutinesNum" yaml:"goroutinesNum"`
|
EventSendersNum int `json:"eventSendersNum" yaml:"eventSendersNum"`
|
||||||
// The max size of the auditing event in a batch.
|
// The batch size of auditing events.
|
||||||
MaxBatchSize int `json:"batchSize" yaml:"batchSize"`
|
EventBatchSize int `json:"eventBatchSize" yaml:"eventBatchSize"`
|
||||||
// MaxBatchWait indicates the maximum interval between two batches.
|
// The batch interval of auditing events.
|
||||||
MaxBatchWait time.Duration `json:"batchTimeout" yaml:"batchTimeout"`
|
EventBatchInterval time.Duration `json:"eventBatchInterval" yaml:"eventBatchInterval"`
|
||||||
Host string `json:"host" yaml:"host"`
|
Host string `json:"host" yaml:"host"`
|
||||||
IndexPrefix string `json:"indexPrefix,omitempty" yaml:"indexPrefix"`
|
IndexPrefix string `json:"indexPrefix,omitempty" yaml:"indexPrefix"`
|
||||||
Version string `json:"version" yaml:"version"`
|
Version string `json:"version" yaml:"version"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewElasticSearchOptions() *Options {
|
func NewElasticSearchOptions() *Options {
|
||||||
@@ -59,12 +59,12 @@ func (s *Options) AddFlags(fs *pflag.FlagSet, c *Options) {
|
|||||||
fs.BoolVar(&s.Enable, "auditing-enabled", c.Enable, "Enable auditing component or not. ")
|
fs.BoolVar(&s.Enable, "auditing-enabled", c.Enable, "Enable auditing component or not. ")
|
||||||
|
|
||||||
fs.StringVar(&s.WebhookUrl, "auditing-webhook-url", c.WebhookUrl, "Auditing wehook url")
|
fs.StringVar(&s.WebhookUrl, "auditing-webhook-url", c.WebhookUrl, "Auditing wehook url")
|
||||||
fs.IntVar(&s.GoroutinesNum, "auditing-goroutines-num", c.GoroutinesNum,
|
fs.IntVar(&s.EventSendersNum, "auditing-event-senders-num", c.EventSendersNum,
|
||||||
"The number of goroutines which send auditing events to webhook.")
|
"The maximum concurrent senders which send auditing events to the auditing webhook.")
|
||||||
fs.IntVar(&s.MaxBatchSize, "auditing-batch-max-size", c.MaxBatchSize,
|
fs.IntVar(&s.EventBatchSize, "auditing-event-batch-size", c.EventBatchSize,
|
||||||
"The max size of the auditing event in a batch.")
|
"The batch size of auditing events.")
|
||||||
fs.DurationVar(&s.MaxBatchWait, "auditing-batch-max-wait", c.MaxBatchWait,
|
fs.DurationVar(&s.EventBatchInterval, "auditing-event-batch-interval", c.EventBatchInterval,
|
||||||
"MaxBatchWait indicates the maximum interval between two batches.")
|
"The batch interval of auditing events.")
|
||||||
fs.StringVar(&s.Host, "auditing-elasticsearch-host", c.Host, ""+
|
fs.StringVar(&s.Host, "auditing-elasticsearch-host", c.Host, ""+
|
||||||
"Elasticsearch service host. KubeSphere is using elastic as auditing store, "+
|
"Elasticsearch service host. KubeSphere is using elastic as auditing store, "+
|
||||||
"if this filed left blank, KubeSphere will use kubernetes builtin event API instead, and"+
|
"if this filed left blank, KubeSphere will use kubernetes builtin event API instead, and"+
|
||||||
|
|||||||
Reference in New Issue
Block a user