From cb16b160426cc8aa47fe68a1b44c7a4fded8866b Mon Sep 17 00:00:00 2001 From: Antti Kervinen Date: Sat, 30 Sep 2023 11:45:38 +0300 Subject: [PATCH] nri-memtierd: mount only needed dirs from host --- cmd/plugins/memtierd/main.go | 20 +++++++++++------- .../memtierd/nri-memtierd-deployment.yaml.in | 21 +++++++++++++------ deployment/overlays/memtierd/daemonset.yaml | 20 ++++++++++++------ .../e2e/files/nri-memtierd-deployment.yaml.in | 20 ++++++++++++------ 4 files changed, 56 insertions(+), 25 deletions(-) diff --git a/cmd/plugins/memtierd/main.go b/cmd/plugins/memtierd/main.go index d09acec23..17a8e2171 100644 --- a/cmd/plugins/memtierd/main.go +++ b/cmd/plugins/memtierd/main.go @@ -82,7 +82,8 @@ type memtierdEnv struct { } type options struct { - HostRoot string + runDir string + cgroupsDir string } const ( @@ -244,8 +245,6 @@ func (p *plugin) StartContainer(ctx context.Context, pod *api.PodSandbox, ctr *a ppName := pprintCtr(pod, ctr) log.Tracef("StartContainer: %s", ppName) - hostRoot := opt.HostRoot - namespace := pod.GetNamespace() podName := pod.GetName() containerName := ctr.GetName() @@ -269,7 +268,7 @@ func (p *plugin) StartContainer(ctx context.Context, pod *api.PodSandbox, ctr *a if err != nil { return loggedErrorf("cannot detect cgroup v2 path for container %q: %v", ppName, err) } - mtdEnv, err := newMemtierdEnv(fullCgroupsPath, namespace, podName, containerName, qoscls.MemtierdConfig, hostRoot) + mtdEnv, err := newMemtierdEnv(fullCgroupsPath, namespace, podName, containerName, qoscls.MemtierdConfig, opt.runDir) if err != nil || mtdEnv == nil { return loggedErrorf("failed to prepare memtierd run environment: %v", err) } @@ -385,9 +384,9 @@ func (p *plugin) getFullCgroupsPath(ctr *api.Container) (string, error) { // newMemtierdEnv prepares new memtierd run environment with a // configuration file template instantiated for managing a container. -func newMemtierdEnv(fullCgroupPath string, namespace string, podName string, containerName string, memtierdConfigIn string, hostRoot string) (*memtierdEnv, error) { +func newMemtierdEnv(fullCgroupPath string, namespace string, podName string, containerName string, memtierdConfigIn string, runDir string) (*memtierdEnv, error) { // Create container directory if it doesn't exist - ctrDir := fmt.Sprintf("%s%s/memtierd/%s/%s/%s", hostRoot, os.TempDir(), namespace, podName, containerName) + ctrDir := fmt.Sprintf("%s/%s/%s/%s", runDir, namespace, podName, containerName) if err := os.MkdirAll(ctrDir, 0755); err != nil { return nil, fmt.Errorf("cannot create memtierd run directory %q: %w", ctrDir, err) } @@ -466,7 +465,8 @@ func main() { flag.StringVar(&pluginName, "name", "", "plugin name to register to NRI") flag.StringVar(&pluginIdx, "idx", "", "plugin index to register to NRI") flag.StringVar(&configFile, "config", "", "configuration file name") - flag.StringVar(&opt.HostRoot, "host-root", "", "Directory prefix under which the host's tmp, etc. are mounted.") + flag.StringVar(&opt.cgroupsDir, "cgroups-dir", "", "cgroups root directory") + flag.StringVar(&opt.runDir, "run-dir", "", "Directory prefix for memtierd runtime environments") flag.BoolVar(&verbose, "v", false, "verbose output") flag.BoolVar(&veryVerbose, "vv", false, "very verbose output") flag.Parse() @@ -478,6 +478,10 @@ func main() { log.SetLevel(logrus.TraceLevel) } + if opt.runDir == "" { + opt.runDir = filepath.Join(os.TempDir(), "nri-memtierd") + } + p := &plugin{ ctrMemtierdEnv: map[string]*memtierdEnv{}, } @@ -493,6 +497,8 @@ func main() { } } + p.cgroupsDir = opt.cgroupsDir + if p.cgroupsDir == "" { if err := p.detectCgroupsDir(); err != nil { log.Fatalf("cannot find cgroup2 mount point. %s", err) diff --git a/cmd/plugins/memtierd/nri-memtierd-deployment.yaml.in b/cmd/plugins/memtierd/nri-memtierd-deployment.yaml.in index b9bf1a56f..25465f758 100644 --- a/cmd/plugins/memtierd/nri-memtierd-deployment.yaml.in +++ b/cmd/plugins/memtierd/nri-memtierd-deployment.yaml.in @@ -25,8 +25,10 @@ spec: - "45" - --config - /etc/nri/memtierd/config.yaml - - --host-root - - /host + - --run-dir + - /run-dir + - --cgroups-dir + - /sys/fs/cgroup - -v image: IMAGE_PLACEHOLDER imagePullPolicy: IfNotPresent @@ -41,8 +43,10 @@ spec: mountPath: /etc/nri/memtierd - name: nri-sockets-vol mountPath: /var/run/nri - - name: host-vol - mountPath: /host + - name: run-dir-vol + mountPath: /run-dir + - name: cgroups-vol + mountPath: /sys/fs/cgroup - name: host-bitmap mountPath: /sys/kernel/mm/page_idle/bitmap volumes: @@ -53,13 +57,18 @@ spec: hostPath: path: /var/run/nri type: Directory - - name: host-vol + - name: run-dir-vol hostPath: - path: / + path: /var/tmp/nri-memtierd + type: DirectoryOrCreate + - name: cgroups-vol + hostPath: + path: /sys/fs/cgroup type: Directory - name: host-bitmap hostPath: path: /sys/kernel/mm/page_idle/bitmap + type: File --- apiVersion: v1 kind: ConfigMap diff --git a/deployment/overlays/memtierd/daemonset.yaml b/deployment/overlays/memtierd/daemonset.yaml index ac7cc5045..a337e46af 100644 --- a/deployment/overlays/memtierd/daemonset.yaml +++ b/deployment/overlays/memtierd/daemonset.yaml @@ -25,8 +25,10 @@ spec: - "45" - --config - /etc/nri/memtierd/config.yaml - - --host-root - - /host + - --run-dir + - /run-dir + - --cgroups-dir + - /sys/fs/cgroup - -v image: IMAGE_PLACEHOLDER imagePullPolicy: IfNotPresent @@ -41,8 +43,10 @@ spec: mountPath: /etc/nri/memtierd - name: nri-sockets-vol mountPath: /var/run/nri - - name: host-vol - mountPath: /host + - name: run-dir-vol + mountPath: /run-dir + - name: cgroups-vol + mountPath: /sys/fs/cgroup - name: host-bitmap mountPath: /sys/kernel/mm/page_idle/bitmap volumes: @@ -53,9 +57,13 @@ spec: hostPath: path: /var/run/nri type: Directory - - name: host-vol + - name: run-dir-vol hostPath: - path: / + path: /var/tmp/nri-memtierd + type: DirectoryOrCreate + - name: cgroups-vol + hostPath: + path: /sys/fs/cgroup type: Directory - name: host-bitmap hostPath: diff --git a/test/e2e/files/nri-memtierd-deployment.yaml.in b/test/e2e/files/nri-memtierd-deployment.yaml.in index d7b38261e..d70dd4e52 100644 --- a/test/e2e/files/nri-memtierd-deployment.yaml.in +++ b/test/e2e/files/nri-memtierd-deployment.yaml.in @@ -25,8 +25,10 @@ spec: - "45" - --config - /etc/nri/memtierd/config.yaml - - --host-root - - /host + - --run-dir + - /run-dir + - --cgroups-dir + - /sys/fs/cgroup - -vv image: IMAGE_PLACEHOLDER imagePullPolicy: IfNotPresent @@ -41,8 +43,10 @@ spec: mountPath: /etc/nri/memtierd - name: nri-sockets-vol mountPath: /var/run/nri - - name: host-vol - mountPath: /host + - name: run-dir-vol + mountPath: /run-dir + - name: cgroups-vol + mountPath: /sys/fs/cgroup - name: host-bitmap mountPath: /sys/kernel/mm/page_idle/bitmap volumes: @@ -53,9 +57,13 @@ spec: hostPath: path: /var/run/nri type: Directory - - name: host-vol + - name: run-dir-vol hostPath: - path: / + path: /var/tmp/nri-memtierd + type: DirectoryOrCreate + - name: cgroups-vol + hostPath: + path: /sys/fs/cgroup type: Directory - name: host-bitmap hostPath: