From da6ddd99eddeee5f94e53dcd9133711b5483d04f Mon Sep 17 00:00:00 2001 From: Ekhorn Date: Sun, 8 Dec 2024 16:42:46 +0100 Subject: [PATCH 1/2] docs: add rootless example --- docs/running.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/running.md b/docs/running.md index 3a084a0434..915295ed64 100644 --- a/docs/running.md +++ b/docs/running.md @@ -103,6 +103,31 @@ If you are using Docker with the LXC exec driver, then you need to manually spec This is a problem seen in older versions of Docker. To fix, start cAdvisor without the `--volume=/:/rootfs:ro` mount. cAdvisor will degrade gracefully by dropping stats that depend on access to the machine root. +### Rootless (Docker / Podman) + +Running cAdivsor on rootless container runtimes works for the most part. However granting access to the host kernel message buffer (`--device /dev/kmsg`) for OOM (out of memory) detection does not work. + +Based on the container runtime used the socket needs to be changed appriopriately. Additionally the container storage volume, must be changed to the corresponding container runtime user directory. When using Podman you must also include `--volume=/sys/fs/cgroup:/sys/fs/cgroup:ro`. + +```sh +VERSION=v0.49.1 # use the latest release version from https://github.com/google/cadvisor/releases +docker run \ + --volume=/:/rootfs:ro \ + --volume=/var/run:/var/run:ro \ + --volume=/sys:/sys:ro \ + # --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro \ # Required for Podman subcontainers + --volume=$HOME/.local/share/docker/:/var/lib/docker:ro \ # Docker Rootless + # --volume=$HOME/.local/share/containers:/var/lib/containers:ro # Podman Rootless + --volume=/dev/disk/:/dev/disk:ro \ + --docker=unix:///var/run/user/$(id -u)/docker.sock \ + # --podman=unix:///var/run/user/$(id -u)/podman/podman.sock \ # Podman Rootless + --publish=8080:8080 \ + --detach=true \ + --name=cadvisor \ + --privileged \ + gcr.io/cadvisor/cadvisor:$VERSION +``` + ## Standalone cAdvisor is a static Go binary with no external dependencies. To run it standalone all you should need to do is run it! Note that some data sources may require root privileges. cAdvisor will gracefully degrade its features to those it can expose with the access given. From ca9a4d91512bd7ea49f69fef273a87f9aa8c51d5 Mon Sep 17 00:00:00 2001 From: Ekhorn <44117179+Ekhorn@users.noreply.github.com> Date: Sun, 12 Jan 2025 17:33:21 +0100 Subject: [PATCH 2/2] docs: fix rootless example docker/podman arguments location MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ondřej Gajdušek --- docs/running.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/running.md b/docs/running.md index 915295ed64..292ff797ab 100644 --- a/docs/running.md +++ b/docs/running.md @@ -119,13 +119,13 @@ docker run \ --volume=$HOME/.local/share/docker/:/var/lib/docker:ro \ # Docker Rootless # --volume=$HOME/.local/share/containers:/var/lib/containers:ro # Podman Rootless --volume=/dev/disk/:/dev/disk:ro \ - --docker=unix:///var/run/user/$(id -u)/docker.sock \ - # --podman=unix:///var/run/user/$(id -u)/podman/podman.sock \ # Podman Rootless --publish=8080:8080 \ --detach=true \ --name=cadvisor \ --privileged \ - gcr.io/cadvisor/cadvisor:$VERSION + gcr.io/cadvisor/cadvisor:$VERSION \ + --docker=unix:///var/run/user/$(id -u)/docker.sock + # --podman=unix:///var/run/user/$(id -u)/podman/podman.sock # Podman Rootless ``` ## Standalone