From 4de4a781df78e5c002b75d5520bbdc5203d08a54 Mon Sep 17 00:00:00 2001
From: esara <esara@causely.io>
Date: Wed, 17 Apr 2024 23:10:54 -0400
Subject: [PATCH] install odigos in openshift

---
 README.md                                     |  5 ++--
 .../templates/autoscaler/clusterrole.yaml     | 30 ++++++++-----------
 .../odigos/templates/crds/configuration.yaml  |  2 ++
 .../odigos/templates/odiglet/clusterrole.yaml |  8 +++++
 .../templates/odiglet/clusterrolebinding.yaml | 15 ++++++++++
 .../odigos/templates/odiglet/daemonset.yaml   | 16 ++++++++++
 .../odigos/templates/odiglet/rolebinding.yaml | 18 +++++++++++
 charts/odigos/templates/odigos-config.yaml    |  1 +
 charts/odigos/values.yaml                     |  3 ++
 9 files changed, 79 insertions(+), 19 deletions(-)
 create mode 100644 charts/odigos/templates/odiglet/rolebinding.yaml

diff --git a/README.md b/README.md
index 7ba4d4d..094b2ef 100644
--- a/README.md
+++ b/README.md
@@ -26,11 +26,12 @@ helm upgrade --install odigos odigos/odigos --namespace odigos-system --create-n
 kubectl label namespace odigos-system odigos.io/system-object="true"
 ```
 
-### Upgrade Existing Odigos Installation
+### Install Odigos Odigos in Openshift
 
 ```console
 helm repo update
-helm upgrade odigos odigos/odigos --namespace odigos-system
+helm upgrade --install odigos odigos/odigos --namespace odigos-system --create-namespace --set openshift.enabled=true
+kubectl label namespace odigos-system odigos.io/system-object="true"
 ```
 
 ### Uninstall Odigos
diff --git a/charts/odigos/templates/autoscaler/clusterrole.yaml b/charts/odigos/templates/autoscaler/clusterrole.yaml
index c4c924e..f9dfdd9 100644
--- a/charts/odigos/templates/autoscaler/clusterrole.yaml
+++ b/charts/odigos/templates/autoscaler/clusterrole.yaml
@@ -4,35 +4,29 @@ metadata:
   name: odigos-autoscaler
 rules:
   - apiGroups:
-      - odigos.io
+      - ""
     resources:
-      - instrumentedapplications
+      - configmaps
+      - services
     verbs:
-      - create
-      - delete
       - get
       - list
-      - patch
-      - update
       - watch
   - apiGroups:
-      - odigos.io
-    resources:
-      - instrumentedapplications/finalizers
-    verbs:
-      - update
-  - apiGroups:
-      - odigos.io
+      - apps
     resources:
-      - instrumentedapplications/status
+      - daemonsets
+      - deployments
     verbs:
       - get
-      - patch
-      - update
+      - list
+      - watch
   - apiGroups:
       - odigos.io
     resources:
+      - instrumentedapplications
       - collectorsgroups
+      - odigosconfigurations
       - destinations
       - processors
     verbs:
@@ -47,6 +41,7 @@ rules:
       - odigos.io
     resources:
       - collectorsgroups/finalizers
+      - instrumentedapplications/finalizers
       - destinations/finalizers
     verbs:
       - update
@@ -54,6 +49,7 @@ rules:
       - odigos.io
     resources:
       - collectorsgroups/status
+      - instrumentedapplications/status
       - destinations/status
     verbs:
       - get
@@ -104,4 +100,4 @@ rules:
     verbs:
       - get
       - list
-      - watch
\ No newline at end of file
+      - watch
diff --git a/charts/odigos/templates/crds/configuration.yaml b/charts/odigos/templates/crds/configuration.yaml
index 71633ce..c7bfebd 100644
--- a/charts/odigos/templates/crds/configuration.yaml
+++ b/charts/odigos/templates/crds/configuration.yaml
@@ -118,6 +118,8 @@ spec:
                 type: object
               telemetryEnabled:
                 type: boolean
+              openshiftEnabled:
+                type: boolean
             required:
             - configVersion
             - odigosVersion
diff --git a/charts/odigos/templates/odiglet/clusterrole.yaml b/charts/odigos/templates/odiglet/clusterrole.yaml
index 3a1a2d5..a5dadb3 100644
--- a/charts/odigos/templates/odiglet/clusterrole.yaml
+++ b/charts/odigos/templates/odiglet/clusterrole.yaml
@@ -32,6 +32,14 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - apps
+    resources:
+      - daemonsets/finalizers
+      - deployments/finalizers
+      - statefulsets/finalizers
+    verbs:
+      - update
   - apiGroups:
       - apps
     resources:
diff --git a/charts/odigos/templates/odiglet/clusterrolebinding.yaml b/charts/odigos/templates/odiglet/clusterrolebinding.yaml
index 58d94d5..1a7daf9 100644
--- a/charts/odigos/templates/odiglet/clusterrolebinding.yaml
+++ b/charts/odigos/templates/odiglet/clusterrolebinding.yaml
@@ -10,3 +10,18 @@ roleRef:
   kind: ClusterRole
   name: odiglet
   apiGroup: rbac.authorization.k8s.io
+---
+{{ if .Values.openshift.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:openshift:scc:anyuid:{{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:anyuid
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:serviceaccounts:{{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/odigos/templates/odiglet/daemonset.yaml b/charts/odigos/templates/odiglet/daemonset.yaml
index 4833f8f..954c41a 100644
--- a/charts/odigos/templates/odiglet/daemonset.yaml
+++ b/charts/odigos/templates/odiglet/daemonset.yaml
@@ -63,6 +63,14 @@ spec:
             - name: run-dir
               mountPath: /run
               mountPropagation: Bidirectional
+            {{ if .Values.openshift.enabled }}
+            - name: host
+              mountPath: /host
+              readOnly: true
+            - name: selinux
+              mountPath: /host/etc/selinux
+              mountPropagation: Bidirectional
+            {{ end }}
             - name: var-dir
               mountPath: /var
               mountPropagation: Bidirectional
@@ -78,6 +86,14 @@ spec:
         - name: run-dir
           hostPath:
             path: /run
+        {{ if .Values.openshift.enabled }}
+        - name: host
+          hostPath:
+            path: /
+        - name: selinux
+          hostPath:
+            path: /etc/selinux
+        {{- end }}
         - name: var-dir
           hostPath:
             path: /var
diff --git a/charts/odigos/templates/odiglet/rolebinding.yaml b/charts/odigos/templates/odiglet/rolebinding.yaml
new file mode 100644
index 0000000..908f085
--- /dev/null
+++ b/charts/odigos/templates/odiglet/rolebinding.yaml
@@ -0,0 +1,18 @@
+{{ if .Values.openshift.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: system:openshift:scc:privileged
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:openshift:scc:privileged
+subjects:
+  - kind: ServiceAccount
+    name: odiglet
+    namespace: {{ .Release.Namespace }}
+  - kind: ServiceAccount
+    name: odigos-data-collection
+    namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/odigos/templates/odigos-config.yaml b/charts/odigos/templates/odigos-config.yaml
index 04c5620..6be91e7 100644
--- a/charts/odigos/templates/odigos-config.yaml
+++ b/charts/odigos/templates/odigos-config.yaml
@@ -29,6 +29,7 @@ spec:
   instrumentorImage: {{ .Values.instrumentor.image.repository }}
   odigosVersion: {{ .Values.image.tag }}
   telemetryEnabled: {{ .Values.telemetry.enabled }}
+  openshiftEnabled: {{ .Values.openshift.enabled }}
   psp: {{ .Values.psp.enabled }}
   ignoredNamespaces:
     {{- toYaml .Values.ignoredNamespaces | nindent 8 }}
diff --git a/charts/odigos/values.yaml b/charts/odigos/values.yaml
index 283d989..a0dc704 100644
--- a/charts/odigos/values.yaml
+++ b/charts/odigos/values.yaml
@@ -77,3 +77,6 @@ psp:
 
 telemetry:
   enabled: true
+
+openshift:
+  enabled: false