open-telemetry · pavolloffay · Feb 2, 2023 · Feb 1, 2023 · pavolloffay · Feb 1, 2023
@@ -5,7 +5,7 @@
 # you can just add --addons "metrics-server" to the start command.
 
 
-if [[ "$(kubectl api-resources)" =~ "openshift" ]]; then
+if [[ "$(kubectl api-resources --api-group=operator.openshift.io -o name)" ]]; then
     echo "Connected to an OpenShift cluster. metrics-server installation is not needed"
 elif [[ "$(kubectl get deployment metrics-server -n kube-system 2>&1 )" =~ "NotFound" ]]; then
     kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if [[ "$(kubectl api-resources)" =~ "openshift" ]]; then
+if [[ "$(kubectl api-resources --api-group=operator.openshift.io -o name)" ]]; then
     echo "Connected to an OpenShift cluster. OpenShift routes installation is not needed"
 else
     kubectl apply -f https://raw.githubusercontent.com/openshift/router/release-4.12/deploy/router_rbac.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - script: ./add-scc-openshift.sh
@@ -1,9 +1,9 @@
 apiVersion: opentelemetry.io/v1alpha1
 kind: OpenTelemetryCollector
 metadata:
-  name: daemonset 
+  name: daemonset
 spec:
-  mode: daemonset 
+  mode: daemonset
   hostNetwork: true
   config: |
     receivers:

@@ -10,5 +10,3 @@ spec:
        - args:
          - --config=/conf/collector.yaml
          name: otc-container
-status:
-  numberReady: 1
@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - script: ./add-sa-collector.sh
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    app.kubernetes.io/name: daemonset-collector
+    app.kubernetes.io/part-of: opentelemetry
+status:
+  phase: Running
@@ -0,0 +1,5 @@
+#!/bin/bash
+if [[ "$(kubectl api-resources --api-group=operator.openshift.io -o name)" ]]; then
+    echo "Adding service account to the OpenTelemetry Collector"
+    kubectl patch otelcol daemonset --type=merge -p '{"spec":{"serviceAccount":"otel-collector-daemonset"}}' -n $NAMESPACE
+fi
@@ -0,0 +1,10 @@
+#!/bin/bash
+if [[ "$(kubectl api-resources --api-group=operator.openshift.io -o name)" ]]; then
+    echo "Running the test against an OpenShift Cluster"
+    echo "Creating an Service Account"
+    echo "Creating a Security Context Constrain"
+    echo "Setting the Service Account for the Daemonset"
+    echo "Adding the new policy to the Service Account"
+    kubectl apply -f scc.yaml -n $NAMESPACE
+    oc adm policy add-scc-to-user -z otel-collector-daemonset daemonset-with-hostport -n $NAMESPACE
+fi
@@ -0,0 +1,22 @@
+kind: SecurityContextConstraints
+apiVersion: security.openshift.io/v1
+metadata:
+  name: daemonset-with-hostport
+  annotations:
+    kubernetes.io/description: 'Allows DaemonSets to bind to a well-known host port'
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+allowHostPorts: true
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: true
+allowHostPID: false
+allowPrivilegedContainer: false
+readOnlyRootFilesystem: false
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-collector-daemonset