From 106ed842174ba538ac804af8a5779eefa734f998 Mon Sep 17 00:00:00 2001
From: Sergiusz Urbaniak <sergiusz.urbaniak@gmail.com>
Date: Thu, 16 Aug 2018 14:45:34 +0200
Subject: [PATCH] kube-prometheus: bind mount host rootfs into node exporter

Fixes https://github.com/prometheus/node_exporter#474 in the operator
Fixes #569 (by making the mount explicit)

Signed-off-by: Sergiusz Urbaniak <sergiusz.urbaniak@gmail.com>
---
 .../node-exporter/node-exporter.libsonnet        | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
index c51347a3..8f647554 100644
--- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
@@ -73,14 +73,26 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       local sysVolume = volume.fromHostPath(sysVolumeName, '/sys');
       local sysVolumeMount = containerVolumeMount.new(sysVolumeName, '/host/sys');
 
+      local rootVolumeName = 'root';
+      local rootVolume = volume.fromHostPath(rootVolumeName, '/root');
+      local rootVolumeMount = containerVolumeMount.new(rootVolumeName, '/host/root').
+        withMountPropagation('HostToContainer').
+        withReadOnly(true);
+
       local nodeExporter =
         container.new('node-exporter', $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter) +
         container.withArgs([
           '--web.listen-address=127.0.0.1:9101',
           '--path.procfs=/host/proc',
           '--path.sysfs=/host/sys',
+
+          // The following settings have been taken from
+          // https://github.com/prometheus/node_exporter/blob/0662673/collector/filesystem_linux.go#L30-L31
+          // Once node exporter is being released with those settings, this can be removed.
+          '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)',
+          '--collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$',
         ]) +
-        container.withVolumeMounts([procVolumeMount, sysVolumeMount]) +
+        container.withVolumeMounts([procVolumeMount, sysVolumeMount, rootVolumeMount]) +
         container.mixin.resources.withRequests({ cpu: '102m', memory: '180Mi' }) +
         container.mixin.resources.withLimits({ cpu: '102m', memory: '180Mi' });
 
@@ -105,7 +117,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       daemonset.mixin.spec.template.spec.withTolerations([masterToleration]) +
       daemonset.mixin.spec.template.spec.withNodeSelector({ 'beta.kubernetes.io/os': 'linux' }) +
       daemonset.mixin.spec.template.spec.withContainers(c) +
-      daemonset.mixin.spec.template.spec.withVolumes([procVolume, sysVolume]) +
+      daemonset.mixin.spec.template.spec.withVolumes([procVolume, sysVolume, rootVolume]) +
       daemonset.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
       daemonset.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
       daemonset.mixin.spec.template.spec.withServiceAccountName('node-exporter') +
-- 
GitLab