diff --git a/README.md b/README.md index 7ba4d4d..094b2ef 100644 --- a/README.md +++ b/README.md @@ -26,11 +26,12 @@ helm upgrade --install odigos odigos/odigos --namespace odigos-system --create-n kubectl label namespace odigos-system odigos.io/system-object="true" ``` -### Upgrade Existing Odigos Installation +### Install Odigos Odigos in Openshift ```console helm repo update -helm upgrade odigos odigos/odigos --namespace odigos-system +helm upgrade --install odigos odigos/odigos --namespace odigos-system --create-namespace --set openshift.enabled=true +kubectl label namespace odigos-system odigos.io/system-object="true" ``` ### Uninstall Odigos diff --git a/charts/odigos/templates/autoscaler/clusterrole.yaml b/charts/odigos/templates/autoscaler/clusterrole.yaml index c4c924e..f9dfdd9 100644 --- a/charts/odigos/templates/autoscaler/clusterrole.yaml +++ b/charts/odigos/templates/autoscaler/clusterrole.yaml @@ -4,35 +4,29 @@ metadata: name: odigos-autoscaler rules: - apiGroups: - - odigos.io + - "" resources: - - instrumentedapplications + - configmaps + - services verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - odigos.io - resources: - - instrumentedapplications/finalizers - verbs: - - update - - apiGroups: - - odigos.io + - apps resources: - - instrumentedapplications/status + - daemonsets + - deployments verbs: - get - - patch - - update + - list + - watch - apiGroups: - odigos.io resources: + - instrumentedapplications - collectorsgroups + - odigosconfigurations - destinations - processors verbs: @@ -47,6 +41,7 @@ rules: - odigos.io resources: - collectorsgroups/finalizers + - instrumentedapplications/finalizers - destinations/finalizers verbs: - update @@ -54,6 +49,7 @@ rules: - odigos.io resources: - collectorsgroups/status + - instrumentedapplications/status - destinations/status verbs: - get @@ -104,4 +100,4 @@ rules: verbs: - get - list - - watch \ No newline at end of file + - watch diff --git a/charts/odigos/templates/crds/configuration.yaml b/charts/odigos/templates/crds/configuration.yaml index 71633ce..c7bfebd 100644 --- a/charts/odigos/templates/crds/configuration.yaml +++ b/charts/odigos/templates/crds/configuration.yaml @@ -118,6 +118,8 @@ spec: type: object telemetryEnabled: type: boolean + openshiftEnabled: + type: boolean required: - configVersion - odigosVersion diff --git a/charts/odigos/templates/odiglet/clusterrole.yaml b/charts/odigos/templates/odiglet/clusterrole.yaml index 3a1a2d5..a5dadb3 100644 --- a/charts/odigos/templates/odiglet/clusterrole.yaml +++ b/charts/odigos/templates/odiglet/clusterrole.yaml @@ -32,6 +32,14 @@ rules: - get - list - watch + - apiGroups: + - apps + resources: + - daemonsets/finalizers + - deployments/finalizers + - statefulsets/finalizers + verbs: + - update - apiGroups: - apps resources: diff --git a/charts/odigos/templates/odiglet/clusterrolebinding.yaml b/charts/odigos/templates/odiglet/clusterrolebinding.yaml index 58d94d5..1a7daf9 100644 --- a/charts/odigos/templates/odiglet/clusterrolebinding.yaml +++ b/charts/odigos/templates/odiglet/clusterrolebinding.yaml @@ -10,3 +10,18 @@ roleRef: kind: ClusterRole name: odiglet apiGroup: rbac.authorization.k8s.io +--- +{{ if .Values.openshift.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:openshift:scc:anyuid:{{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:anyuid +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:serviceaccounts:{{ .Release.Namespace }} +{{- end }} diff --git a/charts/odigos/templates/odiglet/daemonset.yaml b/charts/odigos/templates/odiglet/daemonset.yaml index 4833f8f..954c41a 100644 --- a/charts/odigos/templates/odiglet/daemonset.yaml +++ b/charts/odigos/templates/odiglet/daemonset.yaml @@ -63,6 +63,14 @@ spec: - name: run-dir mountPath: /run mountPropagation: Bidirectional + {{ if .Values.openshift.enabled }} + - name: host + mountPath: /host + readOnly: true + - name: selinux + mountPath: /host/etc/selinux + mountPropagation: Bidirectional + {{ end }} - name: var-dir mountPath: /var mountPropagation: Bidirectional @@ -78,6 +86,14 @@ spec: - name: run-dir hostPath: path: /run + {{ if .Values.openshift.enabled }} + - name: host + hostPath: + path: / + - name: selinux + hostPath: + path: /etc/selinux + {{- end }} - name: var-dir hostPath: path: /var diff --git a/charts/odigos/templates/odiglet/rolebinding.yaml b/charts/odigos/templates/odiglet/rolebinding.yaml new file mode 100644 index 0000000..908f085 --- /dev/null +++ b/charts/odigos/templates/odiglet/rolebinding.yaml @@ -0,0 +1,18 @@ +{{ if .Values.openshift.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: system:openshift:scc:privileged + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: + - kind: ServiceAccount + name: odiglet + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: odigos-data-collection + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/odigos/templates/odigos-config.yaml b/charts/odigos/templates/odigos-config.yaml index 04c5620..6be91e7 100644 --- a/charts/odigos/templates/odigos-config.yaml +++ b/charts/odigos/templates/odigos-config.yaml @@ -29,6 +29,7 @@ spec: instrumentorImage: {{ .Values.instrumentor.image.repository }} odigosVersion: {{ .Values.image.tag }} telemetryEnabled: {{ .Values.telemetry.enabled }} + openshiftEnabled: {{ .Values.openshift.enabled }} psp: {{ .Values.psp.enabled }} ignoredNamespaces: {{- toYaml .Values.ignoredNamespaces | nindent 8 }} diff --git a/charts/odigos/values.yaml b/charts/odigos/values.yaml index 283d989..a0dc704 100644 --- a/charts/odigos/values.yaml +++ b/charts/odigos/values.yaml @@ -77,3 +77,6 @@ psp: telemetry: enabled: true + +openshift: + enabled: false