Skip to content

Commit

Permalink
Make the go-autoinstrumentation E2E test work in OpenShift (#1920)
Browse files Browse the repository at this point in the history
  • Loading branch information
iblancasa authored Jul 14, 2023
1 parent ec0568f commit ec1e0a3
Show file tree
Hide file tree
Showing 5 changed files with 46 additions and 0 deletions.
16 changes: 16 additions & 0 deletions tests/e2e/instrumentation-go/01-add-scc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Create a SA to apply the SCC policy
apiVersion: v1
kind: ServiceAccount
metadata:
name: otel-instrumentation-go
---
apiVersion: kuttl.dev/v1beta1
kind: TestStep
commands:
# Annotate the namespace to allow the application to run using an specific group and user in OpenShift
# https://docs.openshift.com/dedicated/authentication/managing-security-context-constraints.html
# This annotation has no effect in Kubernetes
- script: kubectl annotate namespace ${NAMESPACE} openshift.io/sa.scc.uid-range=0/0 --overwrite
- script: kubectl annotate namespace ${NAMESPACE} openshift.io/sa.scc.supplemental-groups=2000/1000 --overwrite
# Add the SCC
- script: ./add-scc.sh
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@ spec:
instrumentation.opentelemetry.io/inject-go: "true"
instrumentation.opentelemetry.io/otel-go-auto-target-exe: /usr/src/app/productcatalogservice
spec:
serviceAccountName: otel-instrumentation-go
securityContext:
runAsUser: 0
runAsGroup: 3000
fsGroup: 2000
containers:
- name: productcatalogservice
image: ghcr.io/open-telemetry/demo:1.3.1-productcatalogservice
Expand Down
6 changes: 6 additions & 0 deletions tests/e2e/instrumentation-go/add-scc.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash

if [[ "$(kubectl api-resources --api-group=operator.openshift.io -o name)" ]]; then
kubectl apply -f scc.yaml
oc adm policy add-scc-to-user otel-go-instrumentation -z otel-instrumentation-go -n $NAMESPACE
fi
19 changes: 19 additions & 0 deletions tests/e2e/instrumentation-go/scc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: otel-go-instrumentation
allowHostDirVolumePlugin: true
allowPrivilegeEscalation: true
allowPrivilegedContainer: true
allowedCapabilities:
- 'SYS_PTRACE'
fsGroup:
type: RunAsAny
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- '*'
supplementalGroups:
type: RunAsAny

0 comments on commit ec1e0a3

Please sign in to comment.