From 6002a6f83318858a0dc924438e9e399d77d53d52 Mon Sep 17 00:00:00 2001
From: Vijay Samuel <vjsamuel@ebay.com>
Date: Tue, 12 Nov 2019 01:46:26 -0800
Subject: [PATCH] Ensure that init containers are no longer tailed after they
 stop (#14394)

(cherry picked from commit aaca48b7319d835f6b917b4e3bc67c00b08eeaf9)
---
 CHANGELOG.next.asciidoc                       | 49 +++++++++++++++++++
 .../providers/kubernetes/kubernetes.go        | 11 +++--
 .../providers/kubernetes/kubernetes_test.go   |  3 ++
 3 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 7615a029a54..5d7d3efdc4a 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -83,6 +83,55 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 
 *Affecting all Beats*
 
+- Decouple Debug logging from fail_on_error logic for rename, copy, truncate processors {pull}12451[12451]
+- Add an option to append to existing logs rather than always rotate on start. {pull}11953[11953]
+- Add `network` condition to processors for matching IP addresses against CIDRs. {pull}10743[10743]
+- Add if/then/else support to processors. {pull}10744[10744]
+- Add `community_id` processor for computing network flow hashes. {pull}10745[10745]
+- Add output test to kafka output {pull}10834[10834]
+- Gracefully shut down on SIGHUP {pull}10704[10704]
+- New processor: `copy_fields`. {pull}11303[11303]
+- Add `error.message` to events when `fail_on_error` is set in `rename` and `copy_fields` processors. {pull}11303[11303]
+- New processor: `truncate_fields`. {pull}11297[11297]
+- Allow a beat to ship monitoring data directly to an Elasticsearch monitoring cluster. {pull}9260[9260]
+- Updated go-seccomp-bpf library to v1.1.0 which updates syscall lists for Linux v5.0. {pull}11394[11394]
+- Add `add_observer_metadata` processor. {pull}11394[11394]
+- Add `decode_csv_fields` processor. {pull}11753[11753]
+- Add `convert` processor for converting data types of fields. {issue}8124[8124] {pull}11686[11686]
+- New `extract_array` processor. {pull}11761[11761]
+- Add number of goroutines to reported metrics. {pull}12135[12135]
+- Add `proxy_disable` output flag to explicitly ignore proxy environment variables. {issue}11713[11713] {pull}12243[12243]
+- Processor `add_cloud_metadata` adds fields `cloud.account.id` and `cloud.image.id` for AWS EC2. {pull}12307[12307]
+- Add configurable bulk_flush_frequency in kafka output. {pull}12254[12254]
+- Add `decode_base64_field` processor for decoding base64 field. {pull}11914[11914]
+- Add support for reading the `network.iana_number` field by default to the community_id processor. {pull}12701[12701]
+- Add aws overview dashboard. {issue}11007[11007] {pull}12175[12175]
+- Add `decompress_gzip_field` processor. {pull}12733[12733]
+- Add `timestamp` processor for parsing time fields. {pull}12699[12699]
+- Fail with error when autodiscover providers have no defined configs. {pull}13078[13078]
+- Add a check so alias creation explicitely fails if there is an index with the same name. {pull}13070[13070]
+- Update kubernetes watcher to use official client-go libraries. {pull}13051[13051]
+- Add support for unix epoch time values in the `timestamp` processor. {pull}13319[13319]
+- add_host_metadata is now GA. {pull}13148[13148]
+- Add an `ignore_missing` configuration option the `drop_fields` processor. {pull}13318[13318]
+- add_host_metadata is no GA. {pull}13148[13148]
+- Add `registered_domain` processor for deriving the registered domain from a given FQDN. {pull}13326[13326]
+- Add support for RFC3339 time zone offsets in JSON output. {pull}13227[13227]
+- Add autodetection mode for add_docker_metadata and enable it by default in included configuration files{pull}13374[13374]
+- Added `monitoring.cluster_uuid` setting to associate Beat data with specified ES cluster in Stack Monitoring UI. {pull}13182[13182]
+- Add autodetection mode for add_kubernetes_metadata and enable it by default in included configuration files. {pull}13473[13473]
+- Add `providers` setting to `add_cloud_metadata` processor. {pull}13812[13812]
+- Use less restrictive API to check if template exists. {pull}13847[13847]
+- Do not check for alias when setup.ilm.check_exists is false. {pull}13848[13848]
+- Add support for numeric time zone offsets in timestamp processor. {pull}13902[13902]
+- Add condition to the config file template for add_kubernetes_metadata {pull}14056[14056]
+- Marking Central Management deprecated. {pull}14018[14018]
+- Add `keep_null` setting to allow Beats to publish null values in events. {issue}5522[5522] {pull}13928[13928]
+- Add shared_credential_file option in aws related config for specifying credential file directory. {issue}14157[14157] {pull}14178[14178]
+- GA the `script` processor. {pull}14325[14325]
+- Add `fingerprint` processor. {issue}11173[11173] {pull}14205[14205]
+- Add support for API keys in Elasticsearch outputs. {pull}14324[14324]
+- Ensure that init containers are no longer tailed after they stop {pull}14394[14394]
 
 *Auditbeat*
 
diff --git a/libbeat/autodiscover/providers/kubernetes/kubernetes.go b/libbeat/autodiscover/providers/kubernetes/kubernetes.go
index e8c197634cf..4ee993eb7aa 100644
--- a/libbeat/autodiscover/providers/kubernetes/kubernetes.go
+++ b/libbeat/autodiscover/providers/kubernetes/kubernetes.go
@@ -198,9 +198,14 @@ func (p *Provider) emitEvents(pod *kubernetes.Pod, flag string, containers []kub
 	containerIDs := map[string]string{}
 	runtimes := map[string]string{}
 	for _, c := range containerstatuses {
-		cid, runtime := kubernetes.ContainerIDWithRuntime(c)
-		containerIDs[c.Name] = cid
-		runtimes[c.Name] = runtime
+		// If the container is not being stopped then add the container only if it is in running state.
+		// This makes sure that we dont keep tailing init container logs after they have stopped.
+		// Emit the event in case that the pod is being stopped.
+		if flag == "stop" || c.State.Running != nil {
+			cid, runtime := kubernetes.ContainerIDWithRuntime(c)
+			containerIDs[c.Name] = cid
+			runtimes[c.Name] = runtime
+		}
 	}
 
 	// Emit container and port information
diff --git a/libbeat/autodiscover/providers/kubernetes/kubernetes_test.go b/libbeat/autodiscover/providers/kubernetes/kubernetes_test.go
index f2fffb17941..796c6d83efc 100644
--- a/libbeat/autodiscover/providers/kubernetes/kubernetes_test.go
+++ b/libbeat/autodiscover/providers/kubernetes/kubernetes_test.go
@@ -192,6 +192,9 @@ func TestEmitEvent(t *testing.T) {
 						{
 							Name:        name,
 							ContainerID: containerID,
+							State: v1.ContainerState{
+								Running: &v1.ContainerStateRunning{},
+							},
 						},
 					},
 				},