[monitoring] Strip infrastructure metadata from tenant logs by mattia-eleuteri · Pull Request #2196 · cozystack/cozystack

mattia-eleuteri · Mar 10, 2026

Summary

Adds a modify filter in fluent-bit that removes kubernetes_node_name and kubernetes_host from all container logs
Prevents infrastructure topology (node names, hosts) from leaking to tenant users

Problem

kubernetes_node_name is exposed in log metadata, leaking node topology to end-users. Other sensitive fields like kubernetes_host are also visible.

Relates to #2194

Test plan

helm template monitoring-agents and verify Remove kubernetes_node_name filter is present
Deploy and verify kubernetes_node_name is absent from logs in tenant Grafana

Strip infrastructure metadata (node name, host) from tenant logs

🤖 Generated with Claude Code

Summary by CodeRabbit

Chores
- Enhanced Kubernetes monitoring agent configuration for improved log processing and filtering.

coderabbitai · Mar 10, 2026

Warning

Rate limit exceeded

@mattia-eleuteri has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 32 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7b3e2cb0-7227-4d43-a023-ed7296df763f

📥 Commits

Reviewing files that changed from the base of the PR and between 7dbdcd4 and d70e4c3.

📒 Files selected for processing (1)

packages/system/monitoring-agents/values.yaml

📝 Walkthrough

Walkthrough

A new Fluent Bit filter configuration is added to the monitoring-agents values file, targeting Kubernetes-related logs (kube.*) to strip the kubernetes_node_name and kubernetes_host fields from events.

Changes

Cohort / File(s)	Summary
Fluent Bit Filter Configuration `packages/system/monitoring-agents/values.yaml`	Adds a new [FILTER] modify block targeting kube.\* logs to remove `kubernetes_node_name` and `kubernetes_host` fields from event records.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A filter so neat, to the logs we apply,
Kubernetes fields disappear, as they drift on by,
Node names and hosts, now stripped clean away,
Cleaner logs flowing, hooray, hooray! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding a filter to strip infrastructure metadata from tenant logs, which aligns with the changeset's addition of a fluent-bit modify filter to remove kubernetes_node_name and kubernetes_host.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Remove kubernetes_node_name and kubernetes_host fields from container logs to prevent leaking infrastructure topology to tenants. Signed-off-by: Mattia Eleuteri <mattia@hidora.io> Signed-off-by: mattia-eleuteri <mattia@hidora.io>

mattia-eleuteri requested review from IvanHunters, androndo, kvaps, lexfrei, lllamnyp and sircthulhu as code owners March 10, 2026 15:09

dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Mar 10, 2026

mattia-eleuteri mentioned this pull request Mar 10, 2026

[monitoring] Improve multi-tenant log isolation, dashboard scoping, and VM monitoring #2194

Open

dosubot bot added the enhancement New feature or request label Mar 10, 2026

mattia-eleuteri force-pushed the monitoring/strip-infra-metadata branch from 7dbdcd4 to d70e4c3 Compare March 10, 2026 15:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[monitoring] Strip infrastructure metadata from tenant logs#2196

[monitoring] Strip infrastructure metadata from tenant logs#2196
mattia-eleuteri wants to merge 1 commit intocozystack:maincozystack/cozystack:mainfrom
mattia-eleuteri:monitoring/strip-infra-metadatamattia-eleuteri/cozystack:monitoring/strip-infra-metadataCopy head branch name to clipboard

mattia-eleuteri commented Mar 10, 2026 •

edited by coderabbitai bot

Loading

Uh oh!

coderabbitai bot commented Mar 10, 2026 •

edited

Loading

Rate limit exceeded

Walkthrough

Changes

Estimated code review effort

Poem

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Search code, repositories, users, issues, pull requests...

Conversation

mattia-eleuteri commented Mar 10, 2026 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Problem

Test plan

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented Mar 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Rate limit exceeded

Walkthrough

Changes

Estimated code review effort

Poem

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

mattia-eleuteri commented Mar 10, 2026 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Mar 10, 2026 •

edited

Loading