mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-25 18:49:33 +01:00
ffbacbccf7
* Add toleration to run node-exporter on controller nodes * Add HostToContainer mount propagation and security context group settings from upstream * Fix SELinux denied accessing /host/proc/1/mounts. The mounts file is has an SELinux type attribute init_t, but that won't allow running the node-exporter binary so we have to use spc_t. This should be more targeted at just the SELinux issue than making the Pod privileged * Remove excluded mount points and filesystem types, the defaults are https://github.com/prometheus/node_exporter/blob/v1.3.1/collector/filesystem_linux.go#L35 ``` caller=collector.go:169 level=error msg="collector failed" name=filesystem duration_seconds=0.000666766 err="open /host/proc/1/mounts: permission denied" ``` ``` [ 3664.880899] audit: type=1400 audit(1659639161.568:4400): avc: denied { search } for pid=28325 comm="node_exporter" name="1" dev="proc" ino=22542 scontext=system_u:system_r:container_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir permissive=0 ``` |
||
---|---|---|
.. | ||
discovery | ||
exporters | ||
rbac | ||
0-namespace.yaml | ||
config.yaml | ||
deployment.yaml | ||
network-policy.yaml | ||
rules.yaml | ||
service-account.yaml | ||
service.yaml |