From e43ce11915b49d05954732119295a2d65d0d4c04 Mon Sep 17 00:00:00 2001 From: Adam Roberts Date: Tue, 26 Sep 2023 22:10:31 -0400 Subject: [PATCH] fix(agent): add mount for host's `/run` vol for all deployment types When installing on GKE Autopilot clusters with the agent slim mode selected the host's `/run` volume was not being mounted into the agent container. This was preventing the correct retrieval of container metrics. --- charts/agent/Chart.yaml | 2 +- charts/agent/templates/daemonset.yaml | 20 +++++-------------- .../tests/gke_autopilot_volumes_test.yaml | 8 ++++++-- 3 files changed, 12 insertions(+), 18 deletions(-) diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml index 070b8b451..5cea8c3ee 100644 --- a/charts/agent/Chart.yaml +++ b/charts/agent/Chart.yaml @@ -3,7 +3,7 @@ name: agent description: Sysdig Monitor and Secure agent type: application # currently matching sysdig 1.14.32 -version: 1.13.10 +version: 1.13.11 appVersion: 12.16.1 keywords: - monitoring diff --git a/charts/agent/templates/daemonset.yaml b/charts/agent/templates/daemonset.yaml index 477fb29c2..d2ff2ee23 100644 --- a/charts/agent/templates/daemonset.yaml +++ b/charts/agent/templates/daemonset.yaml @@ -217,6 +217,8 @@ spec: - mountPath: /host/proc name: proc-vol readOnly: true + - mountPath: /host/run + name: run-vol - mountPath: /dev/shm name: dshm - mountPath: /opt/draios/etc/kubernetes/config @@ -251,8 +253,6 @@ spec: readOnly: true - mountPath: /host/var/lib name: varlib-vol - - mountPath: /host/run - name: run-vol - mountPath: /host/var/run name: varrun-vol {{- if (include "agent.ebpfEnabled" .) }} @@ -271,8 +271,6 @@ spec: readOnly: true - mountPath: /host/var/lib name: varlib-vol - - mountPath: /host/run - name: run-vol - mountPath: /host/var/run name: varrun-vol {{- if (include "agent.ebpfEnabled" .) }} @@ -298,8 +296,6 @@ spec: - mountPath: /host/usr name: usr-vol readOnly: true - - mountPath: /host/run - name: run-vol - mountPath: /host/var/run name: varrun-vol {{- end }} @@ -326,6 +322,9 @@ spec: - name: proc-vol hostPath: path: /proc + - name: run-vol + hostPath: + path: /run - name: dshm emptyDir: medium: Memory @@ -386,9 +385,6 @@ spec: - name: varlib-vol hostPath: path: /var/lib - - name: run-vol - hostPath: - path: /run - name: varrun-vol hostPath: path: /var/run @@ -415,9 +411,6 @@ spec: - name: usr-vol hostPath: path: /usr - - name: run-vol - hostPath: - path: /run - name: varrun-vol hostPath: path: /var/run @@ -450,9 +443,6 @@ spec: - name: usr-vol hostPath: path: /usr - - name: run-vol - hostPath: - path: /run - name: varrun-vol hostPath: path: /var/run diff --git a/charts/agent/tests/gke_autopilot_volumes_test.yaml b/charts/agent/tests/gke_autopilot_volumes_test.yaml index 052017971..1d9083e76 100644 --- a/charts/agent/tests/gke_autopilot_volumes_test.yaml +++ b/charts/agent/tests/gke_autopilot_volumes_test.yaml @@ -52,6 +52,8 @@ tests: path: spec.template.spec.volumes[?(@.hostPath.path == "/etc/os-release")] - isNotNull: path: spec.template.spec.volumes[?(@.hostPath.path == "/boot")] + - isNotNull: + path: spec.template.spec.volumes[?(@.hostPath.path == "/run")] - isNotNull: path: spec.template.spec.volumes[?(@.hostPath.path == "/var/run/containerd/containerd.sock")] # This seems not work as expected, need deeper investigation @@ -60,7 +62,7 @@ tests: # count: 5 # We are going to use this "workaround" until we found a proper solution - isNull: - path: spec.template.spec.volumes[?(@.hostPath.path =~ /\/.*/ && @.hostPath.path != "/dev" && @.hostPath.path != "/proc" && @.hostPath.path != "/etc/os-release" && @.hostPath.path != "/boot" && @.hostPath.path != "/var/run/containerd/containerd.sock")] + path: spec.template.spec.volumes[?(@.hostPath.path =~ /\/.*/ && @.hostPath.path != "/run" && @.hostPath.path != "/dev" && @.hostPath.path != "/proc" && @.hostPath.path != "/etc/os-release" && @.hostPath.path != "/boot" && @.hostPath.path != "/var/run/containerd/containerd.sock")] - it: Ensure only the right volumes are mounted when running on GKE Autopilot, the agent is slim mode with eBPF set: @@ -108,6 +110,8 @@ tests: path: spec.template.spec.volumes[?(@.hostPath.path == "/dev")] - isNotNull: path: spec.template.spec.volumes[?(@.hostPath.path == "/proc")] + - isNotNull: + path: spec.template.spec.volumes[?(@.hostPath.path == "/run")] - isNotNull: path: spec.template.spec.volumes[?(@.hostPath.path == "/etc/os-release")] - isNotNull: @@ -120,4 +124,4 @@ tests: # count: 5 # We are going to use this "workaround" until we found a proper solution - isNull: - path: spec.template.spec.volumes[?(@.hostPath.path =~ /\/.*/ && @.hostPath.path != "/dev" && @.hostPath.path != "/proc" && @.hostPath.path != "/etc/os-release" && @.hostPath.path != "/boot" && @.hostPath.path != "/var/run/containerd/containerd.sock")] + path: spec.template.spec.volumes[?(@.hostPath.path =~ /\/.*/ && @.hostPath.path != "/run" && @.hostPath.path != "/dev" && @.hostPath.path != "/proc" && @.hostPath.path != "/etc/os-release" && @.hostPath.path != "/boot" && @.hostPath.path != "/var/run/containerd/containerd.sock")]