-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add docker_only_prefix_whitelist #1926
Conversation
f6ce87c
to
2259e16
Compare
container/raw/factory.go
Outdated
@@ -29,6 +30,7 @@ import ( | |||
) | |||
|
|||
var dockerOnly = flag.Bool("docker_only", false, "Only report docker containers in addition to root stats") | |||
var dockerOnlyPrefixWhitelist = flag.String("docker_only_prefix_whitelist", "", "A comma-separated list of cgroup path prefix that needs to be collected when docker-only is specified") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we call this rawPrefixWhitelist? I am hoping we can move away from dockerOnly
, and instead use a whitelist of handlers in the future.
lgtm other than naming nit |
Actually, how would you feel about making this an argument to manager.New()? The desire to whitelist particular cgroup trees seems fairly kubernetes specific, and I would rather not add another flag if we can avoid it. I think this would be a win for everyone in the community, as everyone would see better performance. It would also give us flexibility to change this interface in the future if we want a different model without having to deprecate flags and such. The only downside is that if people are using cadvisor metrics for particular cgroups that are outside of what we plan to monitor, those would no longer be accessible. |
2259e16
to
10b3f0c
Compare
I have also thought about this since
Yep. That is the truth when make |
007b71d
to
2f1250a
Compare
/retest |
2f1250a
to
472c208
Compare
@dashpole @tallclair PTAL. I have moved the configuration from command line to |
container/raw/factory.go
Outdated
@@ -62,14 +66,24 @@ func (self *rawFactory) NewContainerHandler(name string, inHostNamespace bool) ( | |||
// The raw factory can handle any container. If --docker_only is set to false, non-docker containers are ignored. | |||
func (self *rawFactory) CanHandleAndAccept(name string) (bool, bool, error) { | |||
accept := name == "/" || !*dockerOnly | |||
|
|||
if *dockerOnly { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of having this only in effect when --docker_only
is specified, can we make it always take effect, but have the default be [ "/" ]
, so all raw cgroups are collected? We can make setting --docker_only set this to [ ]
during creation of the raw factory.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me. Will do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can make setting --docker_only set this to [ ] during creation of the raw factory.
We should not do this, imo. What we want is to respect with whitelist settings even docker_only
is set and we should customize whitelist settings to at least []string{"/kubepods"}
to allow pod level metrics in Kubernetes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What i think is about this:
- by default setting
rawPrefixWhiteList
to[]string{"/"}
to allow all raw cgroups to be collected or be compatible with backwards - always filter whitelist raw cgroups and respect with the whitelist settings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PTAL.
472c208
to
ed65210
Compare
Ping @dashpole @tallclair BTW, after this PR is merged, i will prepare an PR to bump cAdvisor dep to Kubernetes to utilizing this new change. |
This looks good to me, although I would really like to hear @tallclair 's opinion on this. |
No. I have not talk about this in sig-instrumentation. Do we need to do a email to sig-instrumentation to describe this PR. |
@dashpole Seems @tallclair has temporarily no response. Do anyone else can help us to review |
Ping @dashpole @tallclair |
Ping @dashpole @tallclair in case the notification emails are lost in your inbox. :) |
/cc @dashpole @tallclair |
Ping @dashpole @tallclair |
@dashpole @tallclair PTAL. 😆 |
/cc @dashpole @tallclair PTAL. |
1 similar comment
/cc @dashpole @tallclair PTAL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Will make a PR to Kubernetes once the dependency for cAdvisor is updated to make use of the new functionality. :) |
@andyxning is this integrated into k8s? |
@serathius No. Will work on this later this week. |
Partially fix kubernetes/kubernetes#61994
This PR adds
docker_only_prefix_whitelist
to cadvisor to specifyA comma-separated list of cgroup path prefix that needs to be collected even docker-only is specified
./cc @dashpole @tallclair