add docker_only_prefix_whitelist #1926
Conversation
andyxning
force-pushed
the
add_docker-only_whitelist
branch
2 times, most recently
from
f6ce87c
to
2259e16
Compare
container/raw/factory.go
Outdated
| @@ -29,6 +30,7 @@ import ( | |||
| ) | |||
|
|
|||
| var dockerOnly = flag.Bool("docker_only", false, "Only report docker containers in addition to root stats") | |||
| var dockerOnlyPrefixWhitelist = flag.String("docker_only_prefix_whitelist", "", "A comma-separated list of cgroup path prefix that needs to be collected when docker-only is specified") | |||
There was a problem hiding this comment.
can we call this rawPrefixWhitelist? I am hoping we can move away from dockerOnly, and instead use a whitelist of handlers in the future.
|
lgtm other than naming nit |
|
Actually, how would you feel about making this an argument to manager.New()? The desire to whitelist particular cgroup trees seems fairly kubernetes specific, and I would rather not add another flag if we can avoid it. I think this would be a win for everyone in the community, as everyone would see better performance. It would also give us flexibility to change this interface in the future if we want a different model without having to deprecate flags and such. The only downside is that if people are using cadvisor metrics for particular cgroups that are outside of what we plan to monitor, those would no longer be accessible. |
andyxning
force-pushed
the
add_docker-only_whitelist
branch
from
2259e16
to
10b3f0c
Compare
I have also thought about this since
Yep. That is the truth when make |
andyxning
force-pushed
the
add_docker-only_whitelist
branch
2 times, most recently
from
007b71d
to
2f1250a
Compare
|
/retest |
andyxning
force-pushed
the
add_docker-only_whitelist
branch
from
2f1250a
to
472c208
Compare
|
@dashpole @tallclair PTAL. I have moved the configuration from command line to |
container/raw/factory.go
Outdated
| @@ -62,14 +66,24 @@ func (self *rawFactory) NewContainerHandler(name string, inHostNamespace bool) ( | |||
| // The raw factory can handle any container. If --docker_only is set to false, non-docker containers are ignored. | |||
| func (self *rawFactory) CanHandleAndAccept(name string) (bool, bool, error) { | |||
| accept := name == "/" || !*dockerOnly | |||
|
|
|||
| if *dockerOnly { | |||
There was a problem hiding this comment.
instead of having this only in effect when --docker_only is specified, can we make it always take effect, but have the default be [ "/" ], so all raw cgroups are collected? We can make setting --docker_only set this to [ ] during creation of the raw factory.
There was a problem hiding this comment.
Sounds good to me. Will do.
There was a problem hiding this comment.
We can make setting --docker_only set this to [ ] during creation of the raw factory.
We should not do this, imo. What we want is to respect with whitelist settings even docker_only is set and we should customize whitelist settings to at least []string{"/kubepods"} to allow pod level metrics in Kubernetes.
There was a problem hiding this comment.
What i think is about this:
- by default setting
rawPrefixWhiteListto[]string{"/"}to allow all raw cgroups to be collected or be compatible with backwards - always filter whitelist raw cgroups and respect with the whitelist settings.
andyxning
force-pushed
the
add_docker-only_whitelist
branch
from
472c208
to
ed65210
Compare
|
Ping @dashpole @tallclair BTW, after this PR is merged, i will prepare an PR to bump cAdvisor dep to Kubernetes to utilizing this new change. |
|
This looks good to me, although I would really like to hear @tallclair 's opinion on this. |
No. I have not talk about this in sig-instrumentation. Do we need to do a email to sig-instrumentation to describe this PR. |
|
@dashpole Seems @tallclair has temporarily no response. Do anyone else can help us to review |
|
Ping @dashpole @tallclair |
|
Ping @dashpole @tallclair in case the notification emails are lost in your inbox. :) |
|
/cc @dashpole @tallclair |
|
Ping @dashpole @tallclair |
|
@dashpole @tallclair PTAL. 😆 |
|
/cc @dashpole @tallclair PTAL. |
1 similar comment
|
/cc @dashpole @tallclair PTAL. |
|
Will make a PR to Kubernetes once the dependency for cAdvisor is updated to make use of the new functionality. :) |
|
@andyxning is this integrated into k8s? |
|
@serathius No. Will work on this later this week. |
Partially fix kubernetes/kubernetes#61994
This PR adds
docker_only_prefix_whitelistto cadvisor to specifyA comma-separated list of cgroup path prefix that needs to be collected even docker-only is specified./cc @dashpole @tallclair