allow restricting Kube metadata to local node only

[mariomac]

Adds the BEYLA_KUBE_META_RESTRICT_LOCAL_NODE configuration option that allows configuring the local informer to only watch the Kubernetes Pods from the local node. This will alleviate the memory load, especially during startup.

[codecov]

Codecov Report

Attention: Patch coverage is 1.31579% with 75 lines in your changes missing coverage. Please review.

Project coverage is 63.22%. Comparing base (0a0bb6f) to head (59cdfef).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/kubecache/meta/informers_init.go	0.00%	64 Missing ⚠️
pkg/internal/kube/informer_provider.go	0.00%	10 Missing and 1 partial ⚠️

❗ There is a different number of reports uploaded between BASE (0a0bb6f) and HEAD (59cdfef). Click for more details.

HEAD has 2 uploads less than BASE

Flag	BASE (0a0bb6f)	HEAD (59cdfef)
unittests	1	0
k8s-integration-test	1	0

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1440       +/-   ##
===========================================
- Coverage   80.97%   63.22%   -17.76%     
===========================================
  Files         149      145        -4     
  Lines       15255    15140      -115     
===========================================
- Hits        12353     9572     -2781     
- Misses       2293     4895     +2602     
- Partials      609      673       +64     

Flag	Coverage Δ
integration-test	59.70% <1.31%> (+0.19%)	⬆️
k8s-integration-test	?
oats-test	33.79% <1.31%> (-0.12%)	⬇️
unittests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Hello @mariomac!
Backport pull requests need to be either:

• Pull requests which address bugs,
• Urgent fixes which need product approval, in order to get merged,
• Docs changes.

Please, if the current pull request addresses a bug fix, label it with the type/bug label.
If it already has the product approval, please add the product-approved label. For docs changes, please add the type/docs label.
If the pull request modifies CI behaviour, please add the type/ci label.
If none of the above applies, please consider removing the backport label and target the next major/minor release.
Thanks!

[github-actions]

This PR must be merged before a backport PR will be created.

[grcevski]

LGTM! I think the test failure might be related to aggressive expiration of metrics, or maybe confusion of what the name should be. I see an expiration of these values, where we have testserver-....

2024-12-12T16:40:35.912684579Z stdout F time=2024-12-12T16:40:35.912Z level=DEBUG msg="storing new metric label set" component=otel.Expirer type=*metric.int64Inst labelValues="[172.18.0.2 43558 request 10.244.0.5 10.244.0.0/16 testserver-858cdf668b-xpnlx 8080  egress my-kube testserver-858cdf668b-xpnlx default 172.18.0.2 test-kind-cluster-netolly-control-plane testserver Deployment Pod internal-pinger-net default 172.18.0.2 test-kind-cluster-netolly-control-plane internal-pinger-net Pod Pod 8080 10.244.0.9 10.244.0.0/16 internal-pinger-net TCP]"

However the next label is recorded with testserver as a name, i.e. no dash something:

2024-12-12T16:41:02.912577238Z stdout F time=2024-12-12T16:41:02.912Z level=DEBUG msg="storing new metric label set" component=otel.Expirer type=*metric.int64Inst labelValues="[172.18.0.2 43558 request 10.96.94.38 10.96.0.0/16 testserver 8080  egress my-kube testserver default   testserver Service Service internal-pinger-net default 172.18.0.2 test-kind-cluster-netolly-control-plane internal-pinger-net Pod Pod 8080 10.244.0.9 10.244.0.0/16 internal-pinger-net TCP]"

All subsequent labels are without the dash...

[grcevski]

I think we probably want to remove this debug print :)

[mariomac]

Good catch @grcevski ! The duplicity of messages might be because testservice is captured either via a Pod (name with suffix) and a Service (name without suffix), but I'll anyway check that the IPs do not collide and that the expiration is properly set.