Reduce file mount needs when deploy in the Kubernetes (#146)

CHANGES.md

@@ -12,6 +12,7 @@ Release Notes.
 * Introduce `MonitorFilter` into access log module. 
 * Support monitoring ztunnel to adapt istio ambient mode.
 * Enhance get connection address strategy in access log module.
+* Reduce file mount needs when deploy in the Kubernetes, split env name `ROVER_HOST_MAPPING` to `ROVER_HOST_PROC_MAPPING` and `ROVER_HOST_ETC_MAPPING`.
 
 #### Bug Fixes
 * Fixed the issue where `conntrack` could not find the Reply IP in the access log module.

pkg/accesslog/collector/ztunnel.go

@@ -182,7 +182,7 @@ func (z *ZTunnelCollector) findZTunnelProcessAndCollect() error {
 }
 
 func (z *ZTunnelCollector) collectZTunnelProcess(p *process.Process) error {
-	pidExeFile := host.GetFileInHost(fmt.Sprintf("/proc/%d/exe", p.Pid))
+	pidExeFile := host.GetHostProcInHost(fmt.Sprintf("%d/exe", p.Pid))
 	elfFile, err := elf.NewFile(pidExeFile)
 	if err != nil {
 		return fmt.Errorf("read executable file error: %v", err)

pkg/accesslog/common/connection.go

@@ -216,7 +216,7 @@ func (c *ConnectionManager) Start(ctx context.Context, accessLogContext *AccessL
 }
 
 func (c *ConnectionManager) checkProcessFDExist(pid, fd uint32) bool {
-	return path.Exists(host.GetFileInHost(fmt.Sprintf("/proc/%d/fd/%d", pid, fd)))
+	return path.Exists(host.GetHostProcInHost(fmt.Sprintf("%d/fd/%d", pid, fd)))
 }
 
 func (c *ConnectionManager) Stop() {

pkg/process/finders/base/tool.go

@@ -52,7 +52,7 @@ func tryToFindFileExecutePath(ps *process.Process) string {
 	if path.Exists(exe) {
 		return exe
 	}
-	pathInNs := host.GetFileInHost(fmt.Sprintf("/proc/%d/root%s", ps.Pid, exe))
+	pathInNs := host.GetHostProcInHost(fmt.Sprintf("%d/root%s", ps.Pid, exe))
 	if path.Exists(pathInNs) {
 		return pathInNs
 	}

pkg/process/finders/kubernetes/finder.go

@@ -270,7 +270,7 @@ func (f *ProcessFinder) buildEntity(err error, ps *process.Process, pc *PodConta
 }
 
 func (f *ProcessFinder) getProcessCGroup(pid int32) ([]string, error) {
-	processCgroupFilePath := host.GetFileInHost(fmt.Sprintf("/proc/%d/cgroup", pid))
+	processCgroupFilePath := host.GetHostProcInHost(fmt.Sprintf("%d/cgroup", pid))
 	cgroupFile, err := os.Open(processCgroupFilePath)
 	if err != nil {
 		return nil, err

pkg/tools/host/file.go

@@ -19,23 +19,37 @@ package host
 
 import (
 	"os"
-	"strings"
+	"path"
 )
 
-var hostMappingPath string
+var (
+	hostProcMappingPath string
+	hostEtcMappingPath  string
+)
 
 func init() {
-	hostMappingPath = os.Getenv("ROVER_HOST_MAPPING")
+	hostProcMappingPath = os.Getenv("ROVER_HOST_PROC_MAPPING")
 	// adapt with gopsutil framework to read the right process directory of host
-	if hostMappingPath != "" {
-		os.Setenv("HOST_PROC", hostMappingPath+"/proc")
+	if hostProcMappingPath != "" {
+		os.Setenv("HOST_PROC", hostProcMappingPath)
+	}
+	hostEtcMappingPath = os.Getenv("ROVER_HOST_ETC_MAPPING")
+}
+
+func GetHostProcInHost(procSubPath string) string {
+	if hostProcMappingPath != "" {
+		return cleanPath(hostProcMappingPath + "/" + procSubPath)
 	}
+	return cleanPath("/proc/" + procSubPath)
 }
 
-// GetFileInHost means add the host root mapping prefix, it's dependent when the rover is deploy in a container
-func GetFileInHost(absPath string) string {
-	if hostMappingPath != "" && strings.HasPrefix(absPath, hostMappingPath) {
-		return absPath
+func GetHostEtcInHost(etcSubPath string) string {
+	if hostEtcMappingPath != "" {
+		return cleanPath(hostEtcMappingPath + "/" + etcSubPath)
 	}
-	return hostMappingPath + absPath
+	return cleanPath("/etc/" + etcSubPath)
+}
+
+func cleanPath(p string) string {
+	return path.Clean(p)
 }

pkg/tools/operator/distribution.go

@@ -38,8 +38,8 @@ type DistributionInfo struct {
 // GetDistributionInfo of machine
 func GetDistributionInfo() (*DistributionInfo, error) {
 	var result = &DistributionInfo{}
-	tryingToFindDistributionByReleaseFile(result, "/etc/lsb-release", "DISTRIB_ID", "DISTRIB_RELEASE", "")
-	tryingToFindDistributionByReleaseFile(result, "/etc/os-release", "ID", "VERSION_ID", "")
+	tryingToFindDistributionByReleaseFile(result, "lsb-release", "DISTRIB_ID", "DISTRIB_RELEASE", "")
+	tryingToFindDistributionByReleaseFile(result, "os-release", "ID", "VERSION_ID", "")
 
 	tryingToFindDistributionByCommand(result, "Distributor ID", "Release", "", "lsb_release", "-a")
 	tryingToFindDistributionByCommand(result, "", "", "Architecture", "hostnamectl")
@@ -56,11 +56,11 @@ func GetDistributionInfo() (*DistributionInfo, error) {
 	return result, nil
 }
 
-func tryingToFindDistributionByReleaseFile(data *DistributionInfo, filename, nameKey, versionKey, architectureKey string) {
+func tryingToFindDistributionByReleaseFile(data *DistributionInfo, etcSubFilename, nameKey, versionKey, architectureKey string) {
 	if data.AllDataSuccess() {
 		return
 	}
-	file, err := os.Open(host.GetFileInHost(filename))
+	file, err := os.Open(host.GetHostEtcInHost(etcSubFilename))
 	if err != nil {
 		return
 	}

pkg/tools/process/process.go

@@ -55,10 +55,10 @@ var (
 
 // KernelFileProfilingStat is works for read the kernel and get is support for kernel symbol analyze
 func KernelFileProfilingStat() (*profiling.Info, error) {
-	if !kernelFinder.IsSupport(profiling.KernelSymbolFilePath) {
+	if !kernelFinder.IsSupport(profiling.KernelProcSymbolFilePath) {
 		return nil, fmt.Errorf("not support kernel space profiling")
 	}
-	return kernelFinder.Analyze(profiling.KernelSymbolFilePath)
+	return kernelFinder.Analyze(profiling.KernelProcSymbolFilePath)
 }
 
 // ProfilingStat is validating the exe file could be profiling and get info
@@ -95,7 +95,7 @@ func Modules(pid int32) ([]*profiling.Module, error) {
 
 func analyzeProfilingInfo(context *analyzeContext, pid int32) (*profiling.Info, error) {
 	// analyze process mapping
-	mapFile, _ := os.Open(host2.GetFileInHost(fmt.Sprintf("/proc/%d/maps", pid)))
+	mapFile, _ := os.Open(host2.GetHostProcInHost(fmt.Sprintf("%d/maps", pid)))
 	scanner := bufio.NewScanner(mapFile)
 	modules := make(map[string]*profiling.Module)
 	for scanner.Scan() {
@@ -126,7 +126,7 @@ func analyzeProfilingInfo(context *analyzeContext, pid int32) (*profiling.Info,
 			module.Ranges = append(module.Ranges, moduleRange)
 			continue
 		}
-		modulePath := host2.GetFileInHost(fmt.Sprintf("/proc/%d/root%s", pid, moduleName))
+		modulePath := host2.GetHostProcInHost(fmt.Sprintf("%d/root%s", pid, moduleName))
 		if !path.Exists(modulePath) {
 			log.Debugf("could not found the module, ignore. name: %s, path: %s", moduleName, modulePath)
 			continue

pkg/tools/profiling/api.go

@@ -29,7 +29,7 @@ import (
 type ModuleType int8
 
 var (
-	KernelSymbolFilePath = "/proc/kallsyms"
+	KernelProcSymbolFilePath = "kallsyms" // after host.GetHostProcInHost, should be "/proc/kallsyms"
 
 	log = logger.GetLogger("tools", "profiling")
 )

pkg/tools/profiling/kernel.go

@@ -33,20 +33,20 @@ type KernelFinder struct {
 }
 
 func NewKernelFinder() *KernelFinder {
-	stat, _ := os.Stat(host.GetFileInHost(KernelSymbolFilePath))
+	stat, _ := os.Stat(host.GetHostProcInHost(KernelProcSymbolFilePath))
 	return &KernelFinder{kernelFileExists: stat != nil}
 }
 
 func (k *KernelFinder) IsSupport(filepath string) bool {
-	if filepath != KernelSymbolFilePath {
+	if filepath != KernelProcSymbolFilePath {
 		return false
 	}
-	stat, _ := os.Stat(filepath)
+	stat, _ := os.Stat(host.GetHostProcInHost(filepath))
 	return stat != nil
 }
 
 func (k *KernelFinder) Analyze(filepath string) (*Info, error) {
-	kernelPath, err := os.Open(filepath)
+	kernelPath, err := os.Open(host.GetHostProcInHost(filepath))
 	if err != nil {
 		return nil, err
 	}

pkg/tools/ssl/gotls.go

@@ -85,7 +85,7 @@ func (r *Register) GoTLS(symbolAddrMap *ebpf.Map, write, writeRet, read, readRet
 		if buildVersionSymbol == nil {
 			return false, nil
 		}
-		pidExeFile := host.GetFileInHost(fmt.Sprintf("/proc/%d/exe", r.pid))
+		pidExeFile := host.GetHostProcInHost(fmt.Sprintf("%d/exe", r.pid))
 		elfFile, err := elf.NewFile(pidExeFile)
 		if err != nil {
 			return false, fmt.Errorf("read executable file error: %v", err)

test/e2e/cases/access_log/rover.yaml

@@ -68,8 +68,8 @@ spec:
                 - SYS_ADMIN
             privileged: true
           volumeMounts:
-            - name: host
-              mountPath: /host
+            - name: host-proc
+              mountPath: /host-proc
               readOnly: true
             - name: host-sys
               mountPath: /sys
@@ -90,8 +90,8 @@ spec:
               value: "false"
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_ACTIVE
               value: "false"
-            - name: ROVER_HOST_MAPPING
-              value: /host
+            - name: ROVER_HOST_PROC_MAPPING
+              value: /host-proc
             - name: ROVER_ACCESS_LOG_ACTIVE
               value: "true"
             - name: ROVER_ACCESS_LOG_FLUSH_PERIOD
@@ -100,9 +100,9 @@ spec:
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       volumes:
-        - name: host
+        - name: host-proc
           hostPath:
-            path: /host
+            path: /host/proc
             type: Directory
         - name: host-sys
           hostPath:

test/e2e/cases/process/istio/rover.yaml

@@ -68,8 +68,8 @@ spec:
                 - SYS_ADMIN
             privileged: true
           volumeMounts:
-            - name: host
-              mountPath: /host
+            - name: host-proc
+              mountPath: /host-proc
               readOnly: true
           env:
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ACTIVE
@@ -89,15 +89,15 @@ spec:
               value: "true"
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_ACTIVE
               value: "false"
-            - name: ROVER_HOST_MAPPING
-              value: /host
+            - name: ROVER_HOST_PROC_MAPPING
+              value: /host-proc
             - name: ROVER_CORE_CLUSTER_NAME
               value: e2e
       hostPID: true
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       volumes:
-        - name: host
+        - name: host-proc
           hostPath:
-            path: /host
+            path: /host/proc
             type: Directory

test/e2e/cases/profiling/continuous/rover.yaml

@@ -68,8 +68,8 @@ spec:
                 - SYS_ADMIN
             privileged: true
           volumeMounts:
-            - name: host
-              mountPath: /host
+            - name: host-proc
+              mountPath: /host-proc
               readOnly: true
           env:
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ACTIVE
@@ -93,13 +93,13 @@ spec:
               value: "test-continuous"
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_INSTANCE_NAME
               value: "test-instance"
-            - name: ROVER_HOST_MAPPING
-              value: /host
+            - name: ROVER_HOST_PROC_MAPPING
+              value: /host-proc
       hostPID: true
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       volumes:
-        - name: host
+        - name: host-proc
           hostPath:
-            path: /host
+            path: /host/proc
             type: Directory

test/e2e/cases/profiling/task/network/envoy/rover.yaml

@@ -68,8 +68,8 @@ spec:
                 - SYS_ADMIN
             privileged: true
           volumeMounts:
-            - name: host
-              mountPath: /host
+            - name: host-proc
+              mountPath: /host-proc
               readOnly: true
           env:
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ACTIVE
@@ -83,8 +83,8 @@ spec:
               value: skywalking-oap.istio-system:11800
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_K8S_SERVICE_ACTIVE
               value: "false"
-            - name: ROVER_HOST_MAPPING
-              value: /host
+            - name: ROVER_HOST_PROC_MAPPING
+              value: /host-proc
             - name: ROVER_LOGGER_LEVEL
               value: DEBUG
             - name: ROVER_PROCESS_DISCOVERY_KUBERNETES_ANALYZER_ISTIO_APPLICATION_PROCESS_NAME
@@ -97,7 +97,7 @@ spec:
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       volumes:
-        - name: host
+        - name: host-proc
           hostPath:
-            path: /host
+            path: /host/proc
             type: Directory