/lxcfs-admission-webhook

Correct the container's CGroup-view

Primary LanguageGoApache License 2.0Apache-2.0

lxcfs-admission-webhook

Go Report Card Codecov GitHub Workflow Status (event) Contributors Forks Stargazers Issues Apache License


LXCFS Logo on K8s Logo

LXCFS Admission Webhook

Correct the linux container's CGroup-view by LXCFS and kubernetes admission webhook

Explore the docs »

Report Bug · Request Feature

Table of Contents
  1. About The Project
  2. Getting Started
  3. Usage
  4. Roadmap
  5. Contributing
  6. License
  7. Contact
  8. Acknowledgments

About The Project

Product Name Screen Shot

LXCFS is a simple userspace filesystem designed to work around some current limitations of the Linux kernel.

This project run LXCFS as kubernetes daemonset and expose a set of files which can be bind-mounted over kubernetes pod's /proc originals to provide CGroup-aware values.

Also provide a kubernetes admission webhook make the pod which need to correct their CGroup-view to auto bind-mount LXCFS files.

(back to top)

Built With

(back to top)

Getting Started

This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.

Prerequisites

  • Kubernetes version Kubernetes v1.16 or above with the admissionregistration.k8s.io/v1 API enabled. Verify that by the following command:
    kubectl api-versions | grep admissionregistration.k8s.io/v1
    
    The result should be:
    admissionregistration.k8s.io/v1
    
    The API admissionregistration.k8s.io/v1beta1 not tested, not recommended.

Installation

  1. Clone the repo

    git clone https://github.com/ymping/lxcfs-admission-webhook.git
  2. Run install script

    Default install webhook and LXCFS service in kubernetes namespace lxcfs, use install.sh --namespace your_ns to deploy service in specify namespace.

    cd deploy
    ./install.sh
  3. Go to usage section see how to usage

  4. Uninstall

    Default uninstall webhook and LXCFS service in kubernetes namespace lxcfs, use uninstall.sh --namespace your_ns to uninstall service in specify namespace.

     cd deploy
    ./uninstall.sh

(back to top)

Usage

  1. Add lable lxcfs-admission-webhook=enabled to namespace which you want to correct the linux container's CGroup-view.
    kubectl label namespaces your_namespace lxcfs-admission-webhook=enabled
  2. If you want disable this feature on some specify pod, add an annotation mutating.lxcfs-admission-webhook.io/enable to the pod, the webhook will skip patch this pod when create it.

(back to top)

Roadmap

  • Support helm installation

See the open issues for a full list of proposed features (and known issues).

(back to top)

Contributing

Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request.

(back to top)

License

Distributed under the Apache License 2.0. See LICENSE for more information.

(back to top)

Contact

ymping - ympiing@gmail.com

Project Link: https://github.com/ymping/lxcfs-admission-webhook

(back to top)

Acknowledgments

(back to top)