add lxcfs (#22)

Signed-off-by: dongjiang1989 <[email protected]>

charts/kubeservice-lxcfs-webhook/Chart.yaml

@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.2
+version: 1.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.0.1"
+appVersion: "1.2.0"
 
 home: https://github.com/kubeservice-stack/lxcfs-webhook
 icon: https://kubeservice-stack.github.io/kubservice-charts/logo.png

charts/kubeservice-lxcfs-webhook/script/container_remount_lxcfs_containerd.sh

@@ -0,0 +1,32 @@
+#!/bin/bash +x
+
+LXCFS="/var/lib/lxc/lxcfs"
+
+containers=$(crictl ps | grep -v pause  | grep -v calico | grep -v cilium  |awk '{print $1}' | grep -v CONTAINER)
+for container in $containers; do
+    # 获取挂载点信息
+    mounts=$(crictl inspect $container | jq -r '.info.config.mounts[] | "\(.container_path) -> \(.host_path)"' | grep "$LXCFS/")
+
+    echo "Mounts for container $container:"
+    echo "$mounts"
+
+    # 检查是否有挂载到 LXCFS 路径
+    echo "$mounts" | grep  "$LXCFS/"
+    if [ $? -eq 0 ]; then
+        echo "remount $container"
+        PID=$(crictl inspect $container | jq -r '.info.pid')
+        # mount /proc
+        for file in meminfo cpuinfo loadavg stat diskstats swaps uptime; do
+            echo nsenter --target $PID --mount -- /bin/mount -B  -t proc "$LXCFS/proc/$file" "/proc/$file"
+            nsenter --target $PID --mount --  /bin/mount -B "$LXCFS/proc/$file" "/proc/$file"
+        done
+
+        # mount /sys
+        for file in online; do
+            echo nsenter --target $PID --mount -- /bin/mount -B "$LXCFS/sys/devices/system/cpu/$file" "/sys/devices/system/cpu/$file"
+            nsenter --target $PID --mount -- /bin/mount -B "$LXCFS/sys/devices/system/cpu/$file" "/sys/devices/system/cpu/$file"
+        done 
+    else
+        echo "容器 $container 没有挂载 /var/lib/lxc/lxcfs"
+    fi
+done

charts/kubeservice-lxcfs-webhook/script/container_remount_lxcfs_docker.sh

@@ -0,0 +1,26 @@
+#! /bin/bash +x
+
+PATH=$PATH:/bin
+LXCFS="/var/lib/lxc/lxcfs"
+LXCFS_ROOT_PATH="/var/lib/lxc"
+
+containers=$(docker ps | grep -v pause  | grep -v calico | grep -v cilium | awk '{print $1}' | grep -v CONTAINE)
+
+for container in $containers;do
+	mountpoint=$(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/lib/lxc" }}{{ .Source }}{{ end }}{{ end }}' $container)
+	# 确保本身pod中就有mount point
+	if [ "$mountpoint" = "$LXCFS_ROOT_PATH" ];then
+		echo "remount $container"
+		PID=$(docker inspect --format '{{.State.Pid}}' $container)
+		# mount /proc
+		for file in meminfo cpuinfo loadavg stat diskstats swaps uptime;do
+			echo nsenter --target $PID --mount --  mount -B "$LXCFS/proc/$file" "/proc/$file"
+			nsenter --target $PID --mount --  /bin/mount -B "$LXCFS/proc/$file" "/proc/$file"
+		done
+		# mount /sys
+		for file in online;do
+			echo nsenter --target $PID --mount --  mount -B "$LXCFS/sys/devices/system/cpu/$file" "/sys/devices/system/cpu/$file"
+			nsenter --target $PID --mount --  /bin/mount -B "$LXCFS/sys/devices/system/cpu/$file" "/sys/devices/system/cpu/$file"
+		done 
+	fi 
+done

charts/kubeservice-lxcfs-webhook/templates/deployment.yaml

@@ -36,6 +36,11 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
+          args:
+            - -customNamespaces="{{ .Values.webhook.customNamespaces }}"
+            - -alsologtostderr
+            - -v=4
+            - 2>&1
           ports:
             - name: http
               containerPort: 80

charts/kubeservice-lxcfs-webhook/templates/lxcfs-daemonset.yaml

@@ -31,6 +31,17 @@ spec:
       - name: lxcfs
         image: "{{ .Values.lxcfs.image.repository }}:{{ .Values.lxcfs.image.tag | default .Chart.AppVersion }}"
         imagePullPolicy: {{ .Values.lxcfs.image.pullPolicy }}
+        env:
+        - name: CONTAINER_REMOUNT_LXCFS
+          {{- if eq .Values.configmap.runtime "docker" }}
+          value: {{ .Files.Get "script/container_remount_lxcfs_docker.sh" | b64enc }}
+          {{- else }}
+          value: {{ .Files.Get "script/container_remount_lxcfs_containerd.sh" | b64enc }}
+          {{- end }}
+        lifecycle:
+          postStart:
+            exec:
+              command: ["bash", "-c", "echo ${CONTAINER_REMOUNT_LXCFS} | base64 -d > /opt/container_remount_lxcfs.sh ; chmod u+x /opt/container_remount_lxcfs.sh; /opt/container_remount_lxcfs.sh  2> /opt/lxcfs.log"]
         securityContext:
           privileged: true
         volumeMounts:

charts/kubeservice-lxcfs-webhook/values.yaml

@@ -16,6 +16,7 @@ lxcfs:
     # Overrides the image tag whose default is the chart appVersion.
     tag: "v4.0.12"
 webhook:
+  customNamespaces: monitoring,calico-system
   image:
     repository: dongjiang1989/lxcfs-webhook
     pullPolicy: Always
@@ -95,3 +96,7 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+configmap:
+  enable: true
+  runtime: containerd