Ability to change name kubernetes cluster name in kubequery

[nonpunctual]

Kubernetes clusters could have custom names that are easier to remember than randomized hashes that must be tracked to be reused or entered.

Problem

Customer unable to change kubernetes cluster name to custom string as name is auto-generated with randomized string (probably for uniqueness or part of a hash?)

Potential solutions

1. Allow kubequery users to specify cluster name

[yoderme]

I'd imagine dropping a name somewhere in this Configmap: https://github.com/fleetdm/fleet/blob/main/tools/kubequery/kubequery-fleet.yml#L66

[noahtalerman]

Kubernetes clusters could have custom names that are easier to remember than randomized hashes that must be tracked to be reused or entered.

Hey @nonpunctual do you have a screenshot handy of what these hosts (Kubernetes clusters) look like in Fleet today?

As someone designing/building an improvement, a screenshot of the current behavior will make it easier to understand the pain.

Looking at the README, the expected behavior is for Kubernetes clusters to have hostnames like kubequery <CLUSTER NAME>. Is the customer name the randomized string?

I'd imagine dropping a name somewhere in this Configmap: https://github.com/fleetdm/fleet/blob/main/tools/kubequery/kubequery-fleet.yml#L66

Also, I'm a kubeqery novice. If I'm understanding correctly, each ConfigMap in the the kubequery.yml file = one host (Kubernetes cluster) in Fleet. Is that right?

cc @zwass

[nonpunctual]

@noahtalerman The issue I believe is that the cluster name contains a randomized string on creation probably because these entities require guaranteed uniqueness. So, that is a challenge. Also, I believe the context of the customer comment about the yaml file is that file is where they expect to be able to eventually configure the custom name string. I have requested that the customer include additional info here (ie, screen shot or video) to clarify. Thanks!

[yoderme]

The name for my cluster is kubequery kubequery-6c95ffc8ff-cbmm5 which, as you can imagine, is not very enlightening.

My comment about the configmap was that it seemed like the obvious place to put a customized cluster name. Right now there's

  kubequery.flags: |
    # Server
    --tls_hostname=rbx.cloud.fleetdm.com
    --tls_server_certs=/opt/uptycs/etc/fleet.pem
    # Enrollment
    --enroll_secret_path=/opt/uptycs/etc/enroll.secret
    --enroll_tls_endpoint=/api/v1/osquery/enroll
    # Configuration
    --config_plugin=tls
    --config_tls_endpoint=/api/v1/osquery/config
    --config_refresh=10
    # Live query
    --disable_distributed=false
    --distributed_plugin=tls
    --distributed_interval=10
    --distributed_tls_max_attempts=3
    --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
    --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
    # Logging
    --logger_plugin=tls
    --logger_tls_endpoint=/api/v1/osquery/log
    --logger_tls_period=10
    # File carving
    --disable_carver=false
    --carver_start_endpoint=/api/v1/osquery/carve/begin
    --carver_continue_endpoint=/api/v1/osquery/carve/block
    --carver_block_size=8000000

and there is an empty kubequery.conf.

those two files wind up inside the pod in the /opt/uptycs/config directory. It seems logical to me to put something like cluster_name=MyFirstCluster in there.

[nonpunctual]

Right. I think (if it works the way I assume it does) if the cluster_name var is left at a default value or null the name will be created using the current randomized / hashed method. If the value is changed in the config to cluster_name=MyFirstCluster it will overwrite the default.

The other thing I've been a little concerned about is: if the randomized / hashed name is being used because there has to be a guarantee of uniqueness you could concatenate the input value from the config with a random string, ie,

cluster_name=MyFirstCluster-asdfRandomStuffHere

[yoderme]

guarantee of uniqueness

Is the name of the cluster the primary key in the db? IIRC for hosts there's a unique id for each host; if a host is uninstalled and reinstalled and isn't using the hardward ID you can get what appears to be multiple hosts in the UI. I think this is fine. So anyway if kubequery uses a separate uuid for uniqueness then I don't think there's really a problem.

[noahtalerman]

Hey @yoderme, @dherder and I were digging into this one.

It looks like Fleet creates a hostname like kubquery kubquery-<CLUSTER NAME>. See the example we found below:

We're assuming bdjfp is the cluster name.

Is that right? Are you seeing the same in your environment?

[yoderme]

Are you seeing the same in your environment?

Yeah it's the same sort of name format. I don't know who generates what but if I wanted to name the cluster foo I'd expect the hostname in fleetdm to be foo or at least kubequery foo.