-
Notifications
You must be signed in to change notification settings - Fork 458
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make the go-autoinstrumentation E2E test work in OpenShift (#1920)
- Loading branch information
Showing
5 changed files
with
46 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# Create a SA to apply the SCC policy | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: otel-instrumentation-go | ||
--- | ||
apiVersion: kuttl.dev/v1beta1 | ||
kind: TestStep | ||
commands: | ||
# Annotate the namespace to allow the application to run using an specific group and user in OpenShift | ||
# https://docs.openshift.com/dedicated/authentication/managing-security-context-constraints.html | ||
# This annotation has no effect in Kubernetes | ||
- script: kubectl annotate namespace ${NAMESPACE} openshift.io/sa.scc.uid-range=0/0 --overwrite | ||
- script: kubectl annotate namespace ${NAMESPACE} openshift.io/sa.scc.supplemental-groups=2000/1000 --overwrite | ||
# Add the SCC | ||
- script: ./add-scc.sh |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
|
||
if [[ "$(kubectl api-resources --api-group=operator.openshift.io -o name)" ]]; then | ||
kubectl apply -f scc.yaml | ||
oc adm policy add-scc-to-user otel-go-instrumentation -z otel-instrumentation-go -n $NAMESPACE | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: security.openshift.io/v1 | ||
kind: SecurityContextConstraints | ||
metadata: | ||
name: otel-go-instrumentation | ||
allowHostDirVolumePlugin: true | ||
allowPrivilegeEscalation: true | ||
allowPrivilegedContainer: true | ||
allowedCapabilities: | ||
- 'SYS_PTRACE' | ||
fsGroup: | ||
type: RunAsAny | ||
runAsUser: | ||
type: RunAsAny | ||
seLinuxContext: | ||
type: RunAsAny | ||
seccompProfiles: | ||
- '*' | ||
supplementalGroups: | ||
type: RunAsAny |