apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "1" meta.helm.sh/release-name: kube-prometheus-stack meta.helm.sh/release-namespace: monitoring creationTimestamp: "2026-06-09T15:52:14Z" generation: 1 labels: app.kubernetes.io/component: metrics app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: prometheus-node-exporter app.kubernetes.io/part-of: prometheus-node-exporter app.kubernetes.io/version: 1.8.1 helm.sh/chart: prometheus-node-exporter-4.36.0 jobLabel: node-exporter release: kube-prometheus-stack name: kube-prometheus-stack-prometheus-node-exporter namespace: monitoring resourceVersion: "5074" uid: 72338da6-4997-438a-bf65-13e7bfe992b0 spec: revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/name: prometheus-node-exporter template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" container.apparmor.security.beta.kubernetes.io/node-exporter: unconfined creationTimestamp: null labels: app.kubernetes.io/component: metrics app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: prometheus-node-exporter app.kubernetes.io/part-of: prometheus-node-exporter app.kubernetes.io/version: 1.8.1 helm.sh/chart: prometheus-node-exporter-4.36.0 jobLabel: node-exporter release: kube-prometheus-stack spec: automountServiceAccountToken: true containers: - args: - --path.procfs=/host/proc - --path.sysfs=/host/sys - --path.rootfs=/host/root - --path.udev.data=/host/root/run/udev/data - --web.listen-address=[$(HOST_IP)]:9100 - --collector.diskstats.ignored-devices=^(ram|loop|nbd|fd|(h|s|v|xv)d[a-z]|nvme\\d+n\\d+p)\\d+$ - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|fuse.squashfuse_ll|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ - --collector.filesystem.mount-points-exclude=^/(dev|proc|run/credentials/.+|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+|var/lib/kubelet/plugins/kubernetes.io/csi/.+|run/containerd/.+)($|/) - --collector.ethtool - --collector.netclass.ignored-devices=^(lxc|cilium_(host|net)|qbr|qvb|qvo|tap|ovs-system|br|tbr|gre_sys|[0-9a-f]+_eth|vxlan).*$ - --collector.netdev.device-exclude=^(lxc|cilium_(host|net)|qbr|qvb|qvo|tap|ovs-system|br|tbr|gre_sys|[0-9a-f]+_eth|vxlan).*$ - --collector.processes - --collector.systemd - --collector.stat.softirq - --collector.textfile.directory=/run/prometheus - --web.config.file=/config/node-exporter.yml env: - name: HOST_IP value: 0.0.0.0 image: harbor.atmosphere.dev/quay.io/prometheus/node-exporter:v1.8.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: / port: 9100 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: node-exporter ports: - containerPort: 9100 name: http-metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: / port: 9100 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /host/proc name: proc readOnly: true - mountPath: /host/sys name: sys readOnly: true - mountPath: /host/root mountPropagation: HostToContainer name: root readOnly: true - mountPath: /certs name: certs readOnly: true - mountPath: /run/prometheus name: node-exporter-textfiles readOnly: true - mountPath: /config name: kube-prometheus-stack-node-exporter - args: - --template=/config/certificate-template.yml - --ca-path=/certs/ca.crt - --cert-path=/certs/tls.crt - --key-path=/certs/tls.key env: - name: POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar:v1.0.0 imagePullPolicy: IfNotPresent name: pod-tls-sidecar resources: {} securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /certs name: certs - mountPath: /run/prometheus name: node-exporter-textfiles - mountPath: /config name: kube-prometheus-stack-node-exporter - command: - /bin/sh - -ec - |- while true; do tmp="/run/prometheus/libvirt-mounts.prom.$$" awk ' function suspicious(target) { return target ~ /^\/etc\/ceph(\/|$)/ || target ~ /^\/var\/lib\/kubelet\/pods\/[^\/]+\/volumes\/kubernetes\.io~host-path\/etcceph(\/|$)/ || target ~ /^\/var\/lib\/kubelet\/pods\/[^\/]+\/volume-subpaths\/(ceph-etc|ceph-keyring|ceph-admin-keyring|external-ceph-keyring|ceph-keyring-[^\/]+)(\/|$)/ } { total++ target = $5 if (suspicious(target)) { count[target]++ } } END { duplicate = 0 max = 0 targets = 0 for (target in count) { targets++ if (count[target] > max) { max = count[target] } if (count[target] > 1) { duplicate += count[target] - 1 } } print "# HELP node_libvirt_ceph_mount_duplicate_entries Number of extra duplicate libvirt Ceph-related mountinfo entries." print "# TYPE node_libvirt_ceph_mount_duplicate_entries gauge" print "node_libvirt_ceph_mount_duplicate_entries " duplicate print "# HELP node_libvirt_ceph_mount_max_duplicates Maximum mountinfo entries seen for a single libvirt Ceph-related mount target." print "# TYPE node_libvirt_ceph_mount_max_duplicates gauge" print "node_libvirt_ceph_mount_max_duplicates " max print "# HELP node_libvirt_ceph_mount_targets Number of libvirt Ceph-related mount targets seen in mountinfo." print "# TYPE node_libvirt_ceph_mount_targets gauge" print "node_libvirt_ceph_mount_targets " targets print "# HELP node_mountinfo_entries Number of entries in /proc/1/mountinfo." print "# TYPE node_mountinfo_entries gauge" print "node_mountinfo_entries " total } ' /host/proc/1/mountinfo > "${tmp}" mv "${tmp}" /run/prometheus/libvirt-mounts.prom sleep 60 done image: harbor.atmosphere.dev/ghcr.io/containerd/busybox:1.36 imagePullPolicy: IfNotPresent name: mountinfo-textfile-collector resources: {} securityContext: readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /certs name: certs - mountPath: /run/prometheus name: node-exporter-textfiles - mountPath: /host/proc name: proc readOnly: true dnsPolicy: ClusterFirst hostNetwork: true hostPID: true nodeSelector: kubernetes.io/os: linux restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 65534 runAsGroup: 65534 runAsNonRoot: true runAsUser: 65534 serviceAccount: kube-prometheus-stack-prometheus-node-exporter serviceAccountName: kube-prometheus-stack-prometheus-node-exporter terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule operator: Exists volumes: - hostPath: path: /proc type: "" name: proc - hostPath: path: /sys type: "" name: sys - hostPath: path: / type: "" name: root - emptyDir: medium: Memory name: certs - emptyDir: medium: Memory name: node-exporter-textfiles - configMap: defaultMode: 420 name: kube-prometheus-stack-node-exporter name: kube-prometheus-stack-node-exporter updateStrategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate status: currentNumberScheduled: 1 desiredNumberScheduled: 1 numberAvailable: 1 numberMisscheduled: 0 numberReady: 1 observedGeneration: 1 updatedNumberScheduled: 1