Merge pull request #31 from IBM/resources-secrets

Resources secrets

Dockerfile

@@ -39,4 +39,6 @@ WORKDIR "/app/vendor/rhel7"
 COPY --from=rhel7builder /app-build/target/release/core-dump-composer ./
 RUN mv core-dump-composer cdc
 WORKDIR "/app"
+RUN curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz --output crictl-v1.22.0-linux-amd64.tar.gz
+RUN tar zxvf crictl-v1.22.0-linux-amd64.tar.gz
 CMD ["./core-dump-agent"]

README.md

@@ -72,7 +72,7 @@ This is a matrix of confirmed test targets. Please PR environments that are also
     <td>Microsoft</td><td>ARO</td><td>4.6</td><td>Yes</td><td>No</td><td>Runs on CoreOS and building compatable binaries seems to be the next step</td>
 </tr>
 <tr>
-    <td>AWS</td><td>EKS</td><td>1.21</td><td>Yes</td><td>Yes*</td><td>No crictl client in the default AMI means that the metadata won't be captured</td>
+    <td>AWS</td><td>EKS</td><td>1.21</td><td>Yes</td><td>Yes*</td><td>Use --set daemonset.includeCrioExe=true</td>
 </tr>
 <tr>
     <td>AWS</td><td>ROSA</td><td>4.6</td><td>Yes</td><td>No</td><td>Runs on CoreOS and building compatable binaries seems to be the next step</td>

charts/Chart.yaml

@@ -6,6 +6,6 @@ type: application
 
 version: 1.0.0
 
-appVersion: 4.1.0
+appVersion: 4.2.0
 
 icon: https://raw.githubusercontent.com/No9/ibm-core-dump-handler/master/assets/handle-with-care-svgrepo-com.svg

charts/templates/daemonset.yaml

@@ -14,6 +14,13 @@ spec:
       containers:
       - name: coredump-container
         image: {{ .Values.image.repository }}
+        resources:
+          requests:
+            memory: {{ .Values.image.request_mem }}
+            cpu: {{ .Values.image.request_cpu }} 
+          limits:
+            memory: {{ .Values.image.limit_mem }}
+            cpu: {{ .Values.image.limit_cpu }}
         securityContext:
           privileged: true
         volumeMounts:
@@ -33,6 +40,8 @@ spec:
             value: {{ .Values.daemonset.hostDirectory }}
           - name: SUID_DUMPABLE
             value: {{ .Values.daemonset.suidDumpable | quote }}
+          - name: DEPLOY_CRIO_EXE
+            value: {{ .Values.daemonset.includeCrioExe | quote }}
           - name: S3_ACCESS_KEY
             valueFrom:
               secretKeyRef:

charts/values.yaml

@@ -1,8 +1,12 @@
 replicaCount: 1
 
 image:
-  repository: quay.io/icdh/core-dump-handler:v4.1.0
+  repository: quay.io/icdh/core-dump-handler:v4.2.0
   pullPolicy: Always
+  request_mem: "64Mi"
+  request_cpu: "250m" 
+  limit_mem: "128Mi"
+  limit_cpu: "500m"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -26,6 +30,7 @@ daemonset:
     composerIgnoreCrio: false
     composerCrioImageCmd: "img"
     DeployCrioConfig: false
+    includeCrioExe: false
 serviceAccount:
   create: true
   name: "core-dump-admin"

core-dump-agent/src/main.rs

@@ -41,7 +41,7 @@ fn main() -> Result<(), std::io::Error> {
         Ok(v) => v,
         Err(e) => {
             envloadmsg = format!(
-                "no .env file found \n That's ok if running in a container{}",
+                "no .env file found \n That's ok if running in kubernetes\n{}",
                 e
             )
         }
@@ -53,6 +53,11 @@ fn main() -> Result<(), std::io::Error> {
     let deploy_crio_config = env::var("DEPLOY_CRIO_CONFIG")
         .unwrap_or_else(|_| "false".to_string())
         .to_lowercase();
+
+    let deploy_crio_exe = env::var("DEPLOY_CRIO_EXE")
+        .unwrap_or_else(|_| "false".to_string())
+        .to_lowercase();
+
     let host_location = host_dir.as_str();
     let pattern: String = std::env::args().nth(1).unwrap_or_default();
 
@@ -73,6 +78,10 @@ fn main() -> Result<(), std::io::Error> {
     if deploy_crio_config == "true" {
         generate_crio_config(host_location)?;
     }
+
+    if deploy_crio_exe == "true" {
+        copy_crictl_to_hostdir(host_location)?;
+    }
     copy_core_dump_composer_to_hostdir(host_location)?;
     copy_sysctl_to_file(
         "kernel.core_pattern",
@@ -224,6 +233,14 @@ fn generate_crio_config(host_location: &str) -> Result<(), std::io::Error> {
     Ok(())
 }
 
+fn copy_crictl_to_hostdir(host_location: &str) -> Result<(), std::io::Error> {
+    let location = format!("./crictl");
+    let destination = format!("{}/{}", host_location, "crictl");
+    info!("Copying the crictl from {} to {}", location, destination);
+    fs::copy(location, destination)?;
+    Ok(())
+}
+
 fn copy_core_dump_composer_to_hostdir(host_location: &str) -> Result<(), std::io::Error> {
     let version = env::var("VENDOR").unwrap_or_else(|_| "default".to_string());
     match version.to_lowercase().as_str() {
@@ -324,9 +341,14 @@ fn remove() -> Result<(), std::io::Error> {
     let env_file = format!("{}/{}", host_dir, ".env");
     let crictl_file = format!("{}/{}", host_dir, "crictl.yaml");
     let composer_file = format!("{}/{}", host_dir, "composer.log");
+    let crictl_exe = format!("{}/{}", host_dir, "crictl");
 
     fs::remove_file(exe)?;
     fs::remove_file(env_file)?;
+
+    if !Path::new(&crictl_exe).exists() {
+        fs::remove_file(crictl_exe)?;
+    }
     if !Path::new(&crictl_file).exists() {
         fs::remove_file(crictl_file)?;
     }

core-dump-composer/Cargo.toml

@@ -17,6 +17,7 @@ log4rs = "1.0.0"
 anyhow = "1.0.40"
 serde_json = "1.0.64"
 serde_derive = "1.0.125"
+hostname = "0.3.1"
 
 [dev-dependencies]
 serde = { version = "1", features = ["derive"] }

core-dump-composer/src/main.rs

@@ -8,6 +8,7 @@ use log4rs::config::{Appender, Config, Root};
 use log4rs::encode::pattern::PatternEncoder;
 use serde_json::{json, Value};
 use std::env;
+use std::ffi::OsString;
 use std::fs::File;
 use std::io;
 use std::io::prelude::*;
@@ -29,6 +30,9 @@ fn main() -> Result<(), anyhow::Error> {
     config_path.push("crictl.yaml");
     let config_path_str = config_path.into_os_string().into_string().unwrap();
 
+    let mut base_path = env::current_exe()?;
+    base_path.pop();
+    let base_path_str = base_path.into_os_string().into_string().unwrap_or_else(|_| "/var/mnt/core-dump-handler".to_string());
     let mut envloadmsg = String::from("Loading .env");
     match dotenv::from_path(env_path) {
         Ok(v) => v,
@@ -44,7 +48,7 @@ fn main() -> Result<(), anyhow::Error> {
     let img = env::var("CRIO_IMAGE_CMD").unwrap_or_else(|_| "img".to_string());
     let use_crio_config =
         env::var("USE_CRIO_CONF").unwrap_or_else(|_| "false".to_string().to_lowercase());
-
+    
     info!(
         "Environment config:\n IGNORE_CRIO={}\nCRIO_IMAGE_CMD={}\nUSE_CRIO_CONF={}",
         ignore_crio, img, use_crio_config
@@ -154,8 +158,8 @@ fn main() -> Result<(), anyhow::Error> {
             e.exit()
         }
     };
-
-    let bin_path = "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/home/kubernetes/bin";
+    let bin_path_string = format!("/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/home/kubernetes/bin:{}", base_path_str); 
+    let bin_path = bin_path_string.as_str();
     let _core_limit_size = matches.value_of("limit-size").unwrap_or("");
     let core_exe_name = matches.value_of("exe-name").unwrap_or("");
     let core_pid = matches.value_of("pid").unwrap_or("");
@@ -171,6 +175,12 @@ fn main() -> Result<(), anyhow::Error> {
         .compression_method(zip::CompressionMethod::Deflated)
         .unix_permissions(0o444);
 
+    let os_hostname =
+        hostname::get().unwrap_or_else(|_| OsString::from_str("unknown").unwrap_or_default());
+    let node_hostname = os_hostname
+        .into_string()
+        .unwrap_or_else(|_| "unknown".to_string());
+
     let dump_name = format!(
         "{}-dump-{}-{}-{}-{}-{}",
         core_uuid, core_timestamp, core_hostname, core_exe_name, core_pid, core_signal
@@ -199,8 +209,8 @@ fn main() -> Result<(), anyhow::Error> {
     };
     let dump_info_content = format!(
         "{{\"uuid\":\"{}\", \"dump_file\":\"{}.core\", \"timestamp\": \"{}\", 
-    \"hostname\": \"{}\", \"exe\": \"{}\", \"real_pid\": \"{}\", \"signal\": \"{}\" }}",
-        core_uuid, dump_name, core_timestamp, core_hostname, core_exe_name, core_pid, core_signal
+    \"hostname\": \"{}\", \"exe\": \"{}\", \"real_pid\": \"{}\", \"signal\": \"{}\", \"node_hostname\": \"{}\" }}",
+        core_uuid, dump_name, core_timestamp, core_hostname, core_exe_name, core_pid, core_signal, node_hostname
     );
     match zip.write_all(dump_info_content.as_bytes()) {
         Ok(v) => v,