localdev: mount proper proc fs in kind

This patch modifies the localdev scripts to mount the actual host /proc in the tetragon container when using kind. This eliminates the warning introduced in the previous commits. To this end, this patch introduces a new helm variable to specify the path of the proc filesystem in the runtime. Signed-off-by: Kornilios Kourtis <[email protected]>
cilium · Oct 4, 2023 · 6d7f078 · 6d7f078
1 parent a131a34
commit 6d7f078
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 3 deletions.
diff --git a/contrib/localdev/bootstrap-kind-cluster.sh b/contrib/localdev/bootstrap-kind-cluster.sh
@@ -40,15 +40,15 @@ done
 bootstrap_cluster() {
     if ! kind get clusters | grep "$CLUSTER_NAME" &>/dev/null; then
         echo "Creating a new cluster \"$CLUSTER_NAME\"..." 1>&2
-        kind create cluster --name "$CLUSTER_NAME" --wait=2m
+        kind create cluster --name "$CLUSTER_NAME" --config ./contrib/localdev/kind-config.yaml --wait=2m
     else
         if [ "$FORCE" != 1 ]; then
             echo "Cluster already exists... Exiting... (Re-run with -f to force.)" 1>&2
             exit 0
         else
             echo "Recreating cluster..." 1>&2
             kind delete cluster --name "$CLUSTER_NAME"
-            kind create cluster --name "$CLUSTER_NAME" --wait=5m
+            kind create cluster --name "$CLUSTER_NAME" --config ./contrib/localdev/kind-config.yaml --wait=5m
         fi
     fi
 

diff --git a/contrib/localdev/install-tetragon.sh b/contrib/localdev/install-tetragon.sh
@@ -90,6 +90,11 @@ if [ -n "$VALUES" ]; then
 fi
 helm_opts+=("tetragon" "./install/kubernetes")
 
+if [ "$IS_KIND" == 1 ]; then
+	# NB: configured in kind-config.yaml
+	helm_opts+=("--set" "tetragon.hostProcPath=/procHost")
+fi
+
 echo "Installing Tetragon in cluster..." 1>&2
 helm upgrade --install "${helm_opts[@]}"
 

diff --git a/contrib/localdev/kind-config.yaml b/contrib/localdev/kind-config.yaml
@@ -0,0 +1,8 @@
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+  - role: control-plane
+    extraMounts:
+      - hostPath: /proc
+        containerPath: /procHost
+
diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md
@@ -86,6 +86,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u
 | tetragon.gops.port | int | `8118` | The port at which to expose gops. |
 | tetragon.grpc.address | string | `"localhost:54321"` | The address at which to expose gRPC. Examples: localhost:54321, unix:///var/run/tetragon/tetragon.sock |
 | tetragon.grpc.enabled | bool | `true` | Whether to enable exposing Tetragon gRPC. |
+| tetragon.hostProcPath | string | `"/proc"` | Location of the host proc filesystem in the runtime environment. If the runtime runs in the host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself does not run on the host. |
 | tetragon.image.override | string | `nil` |  |
 | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` |  |
 | tetragon.image.tag | string | `"v0.11.0"` |  |

diff --git a/install/kubernetes/README.md b/install/kubernetes/README.md
@@ -69,6 +69,7 @@ Helm chart for Tetragon
 | tetragon.gops.port | int | `8118` | The port at which to expose gops. |
 | tetragon.grpc.address | string | `"localhost:54321"` | The address at which to expose gRPC. Examples: localhost:54321, unix:///var/run/tetragon/tetragon.sock |
 | tetragon.grpc.enabled | bool | `true` | Whether to enable exposing Tetragon gRPC. |
+| tetragon.hostProcPath | string | `"/proc"` | Location of the host proc filesystem in the runtime environment. If the runtime runs in the host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself does not run on the host. |
 | tetragon.image.override | string | `nil` |  |
 | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` |  |
 | tetragon.image.tag | string | `"v0.11.0"` |  |

diff --git a/install/kubernetes/templates/daemonset.yaml b/install/kubernetes/templates/daemonset.yaml
@@ -89,7 +89,7 @@ spec:
           type: DirectoryOrCreate
       - name: host-proc
         hostPath:
-          path: /proc
+          path: {{ .Values.tetragon.hostProcPath }}
           type: Directory
 {{- if not .Values.tetragon.btf }}
       - emptyDir: {}

diff --git a/install/kubernetes/values.yaml b/install/kubernetes/values.yaml
@@ -151,6 +151,10 @@ tetragon:
   enablePolicyFilterDebug: false
   # Enable latency monitoring in message handling
   enableMsgHandlingLatency: false
+  # -- Location of the host proc filesystem in the runtime environment. If the runtime runs in the
+  # host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself
+  # does not run on the host.
+  hostProcPath: "/proc"
 tetragonOperator:
   # -- tetragon-operator image.
   image: