Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use PodResources mount as a path instead of file #1674

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Use PodResources mount as a path instead of file #1674

wants to merge 3 commits into from
+36 −44

Conversation

gjulianm
Copy link
Collaborator

@gjulianm gjulianm commented Feb 10, 2025
edited
Loading

What does this PR do?

This PR fixes the PodResources socket mount introduced in #1650. By using a file mount directly, if kubelet restarts and recreates the socket, the container will not see the new socket and will keep the reference to the old one, thus losing the connection.

Motivation

Fix a bug with kubelet restarts.

Additional Notes

Minimum Agent Versions

No changes w.r.t #1650

  • Agent: v7.62
  • Cluster Agent: vX.Y.Z

Describe your test plan

Unit tests should reflect the new change in mounts.

Checklist

  • PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
  • PR has a milestone or the qa/skip-qa label

@gjulianm gjulianm self-assigned this Feb 10, 2025
@gjulianm gjulianm force-pushed the guillermo.julian/pod-resources-socket-dir branch from 12751ee to bdc2433 Compare February 10, 2025 11:34
@gjulianm gjulianm added the bug Something isn't working label Feb 10, 2025
@gjulianm gjulianm added this to the v1.12.0 milestone Feb 10, 2025
@gjulianm gjulianm force-pushed the guillermo.julian/pod-resources-socket-dir branch from df9c058 to 0327b63 Compare February 10, 2025 11:58
@codecov-commenter
Copy link

codecov-commenter commented Feb 10, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.66%. Comparing base (71004aa) to head (18e5f8a).
Report is 7 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1674      +/-   ##
==========================================
+ Coverage   49.32%   49.66%   +0.34%     
==========================================
  Files         218      218              
  Lines       21171    21451     +280     
==========================================
+ Hits        10442    10654     +212     
- Misses      10184    10247      +63     
- Partials      545      550       +5
Flag Coverage Δ
unittests 49.66% <100.00%> (+0.34%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
...ller/datadogagent/defaults/datadogagent_default.go 91.45% <100.00%> (ø)
...nternal/controller/datadogagent/override/global.go 56.52% <100.00%> (ø)
pkg/testutils/builder.go 91.67% <100.00%> (ø)

... and 5 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 71004aa...18e5f8a. Read the comment docs.

@gjulianm gjulianm marked this pull request as ready for review February 10, 2025 12:39
@gjulianm gjulianm requested review from a team as code owners February 10, 2025 12:39
@tbavelier tbavelier modified the milestones: v1.12.0, v1.13.0 Feb 10, 2025
tbavelier
tbavelier requested changes Feb 10, 2025
View reviewed changes
Copy link
Member

@tbavelier tbavelier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a blocker: could we also envision a test to check a custom provided path (e.g. spec.global.podResourcesSocketPath= /foo/bar) ?

internal/controller/datadogagent/override/global.go Outdated
})

podResourcesVol, podResourcesMount := volume.GetVolumes(v2alpha1.KubeletPodResourcesVolumeName, config.Kubelet.PodResourcesSocket, config.Kubelet.PodResourcesSocket, false)
podResourcesVol, podResourcesMount := volume.GetVolumes(v2alpha1.KubeletPodResourcesVolumeName, config.Kubelet.PodResourcesSocketDir, config.Kubelet.PodResourcesSocketDir, false)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
podResourcesVol, podResourcesMount := volume.GetVolumes(v2alpha1.KubeletPodResourcesVolumeName, config.Kubelet.PodResourcesSocketDir, config.Kubelet.PodResourcesSocketDir, false)
podResourcesVol, podResourcesMount := volume.GetVolumes(v2alpha1.KubeletPodResourcesVolumeName, config.Kubelet.PodResourcesSocketDir, config.Kubelet.PodResourcesSocketDir, true)

Could we use readOnly: true on this volume or that prevents from communicating with the socket ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my testing it prevented communication, yes.

api/datadoghq/v2alpha1/datadogagent_types.go Outdated Show resolved Hide resolved
api/datadoghq/v2alpha1/datadogagent_types.go Outdated Show resolved Hide resolved
@janine-c janine-c self-assigned this Feb 10, 2025
@janine-c janine-c removed their assignment Feb 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tbavelier tbavelier tbavelier requested changes

@janine-c janine-c janine-c approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

@gjulianm gjulianm

Labels
bug Something isn't working
Projects
None yet
Milestone
v1.13.0
Development

Successfully merging this pull request may close these issues.
4 participants
@gjulianm @codecov-commenter @janine-c @tbavelier