test(sampleapp): configure Cryostat Agent sample app to use k8s servi…

…ceaccount token auth (#983) * test(sampleapp): configure Cryostat Agent sample app to use k8s serviceaccount token auth * allow default 'auto' authorization type * use unique name so deployment can be scaled to multiple replicas
cryostatio · Dec 20, 2024 · d058b54 · d058b54
1 parent 9ea119d
commit d058b54
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -415,7 +415,6 @@ sample_app_agent: undeploy_sample_app_agent ## Deploy sample app with Cryostat A
 		fi; \
 	fi; \
 	$(CLUSTER_CLIENT) apply $(SAMPLE_APP_FLAGS) -f config/samples/sample-app-agent.yaml; \
-	$(CLUSTER_CLIENT) set env $(SAMPLE_APP_FLAGS) deployment/quarkus-cryostat-agent CRYOSTAT_AGENT_AUTHORIZATION="Bearer $(AUTH_TOKEN)"
 
 .PHONY: undeploy_sample_app_agent_proxy
 undeploy_sample_app_agent_proxy: ## Undeploy sample app with Cryostat Agent configured for TLS client auth on nginx proxy.

diff --git a/config/samples/sample-app-agent.yaml b/config/samples/sample-app-agent.yaml
@@ -15,10 +15,14 @@ spec:
       labels:
         app: quarkus-cryostat-agent
     spec:
+      serviceAccountName: quarkus-cryostat-agent-serviceaccount
       containers:
       - env:
         - name: CRYOSTAT_AGENT_APP_NAME
-          value: agent-test
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
         - name: NAMESPACE
           valueFrom:
             fieldRef:
@@ -35,12 +39,11 @@ spec:
               fieldPath: status.podIP
         - name: CRYOSTAT_AGENT_CALLBACK
           value: http://$(POD_IP):9977
-        - name: CRYOSTAT_AGENT_AUTHORIZATION
-          value: Bearer abcd1234
         - name: JAVA_OPTS_APPEND
           value: |-
             -Dquarkus.http.host=0.0.0.0
             -Djava.util.logging.manager=org.jboss.logmanager.LogManager
+            -Dio.cryostat.agent.shaded.org.slf4j.simpleLogger.defaultLogLevel=info
             -Dcom.sun.management.jmxremote.port=9097
             -Dcom.sun.management.jmxremote.ssl=false
             -Dcom.sun.management.jmxremote.authenticate=false
@@ -102,3 +105,32 @@ spec:
     port: 10010
     protocol: TCP
     targetPort: 10010
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: quarkus-cryostat-agent-serviceaccount
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: quarkus-cryostat-agent-role
+rules:
+- apiGroups:
+  - ""
+  verbs:
+  - create
+  resources:
+  - pods/exec
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: quarkus-cryostat-agent-role-binding
+subjects:
+- kind: ServiceAccount
+  name: quarkus-cryostat-agent-serviceaccount
+roleRef:
+  kind: Role
+  name: quarkus-cryostat-agent-role
+  apiGroup: rbac.authorization.k8s.io