fix(setup): runAs root to allow install tooling

camunda · Aug 1, 2023 · 4d121aa · 4d121aa
1 parent c8ea549
commit 4d121aa
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 1 deletion.
diff --git a/go-chaos/internal/network.go b/go-chaos/internal/network.go
@@ -32,6 +32,7 @@ func (c K8Client) ApplyNetworkPatch() error {
 		return err
 	}
 
+	// We need to run the container with root to allow install tooling and give it network admin capabilities
 	patch := []byte(`{
 		"spec":{
 			"template":{
@@ -40,6 +41,7 @@ func (c K8Client) ApplyNetworkPatch() error {
 						{
 							"name": "zeebe",
 							"securityContext":{
+								"runAsUser": 0,
 								"capabilities":{
 									"add":["NET_ADMIN"]
 								}
@@ -61,6 +63,7 @@ func (c K8Client) ApplyNetworkPatchOnGateway() error {
 		return err
 	}
 
+	// We need to run the container with root to allow install tooling and give it network admin capabilities
 	patch := []byte(`{
 		"spec":{
 			"template":{
@@ -69,6 +72,7 @@ func (c K8Client) ApplyNetworkPatchOnGateway() error {
 						{
 							"name": "zeebe-gateway",
 							"securityContext":{
+								"runAsUser": 0,
 								"capabilities":{
 									"add":["NET_ADMIN"]
 								}

diff --git a/go-chaos/internal/stress.go b/go-chaos/internal/stress.go
@@ -14,6 +14,13 @@
 
 package internal
 
+import (
+	"context"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+)
+
 type StressType struct {
 	IoStress  bool
 	CpuStress bool
@@ -52,8 +59,18 @@ func PutStressOnPod(k8Client K8Client, timeoutSec string, podName string, stress
 }
 
 func installStressOnPod(k8Client K8Client, podName string) error {
+	err := k8Client.SetUserToRoot()
+	if err != nil {
+		return err
+	}
+
+	err = k8Client.AwaitReadiness()
+	if err != nil {
+		return err
+	}
+
 	// the -qq flag makes the tool less noisy, remove it to get more output
-	err := k8Client.ExecuteCmdOnPod([]string{"apt", "-qq", "update"}, podName)
+	err = k8Client.ExecuteCmdOnPod([]string{"apt", "-qq", "update"}, podName)
 	if err != nil {
 		return err
 	}
@@ -65,3 +82,31 @@ func installStressOnPod(k8Client K8Client, podName string) error {
 	}
 	return nil
 }
+
+func (c K8Client) SetUserToRoot() error {
+
+	statefulSet, err := c.GetZeebeStatefulSet()
+	if err != nil {
+		return err
+	}
+
+	// We need to run the container with root to allow install tooling
+	patch := []byte(`{
+		"spec":{
+			"template":{
+				"spec":{
+					"containers":[
+						{
+							"name": "zeebe",
+							"securityContext":{
+								"runAsUser": 0
+							}
+						}]
+				}
+			}
+		}
+	}`)
+
+	_, err = c.Clientset.AppsV1().StatefulSets(c.GetCurrentNamespace()).Patch(context.TODO(), statefulSet.Name, types.StrategicMergePatchType, patch, metav1.PatchOptions{})
+	return err
+}