From 15c6ec640fe3e045c917922fb0509cfbdb675672 Mon Sep 17 00:00:00 2001 From: Ishwar Kanse Date: Wed, 23 Oct 2024 19:50:15 +0530 Subject: [PATCH 1/3] Test operator metrics can be scraped by OpenShift Monitoring (#3377) --- .../monitoring/chainsaw-test.yaml | 26 ++++++++++++++++++- .../e2e-openshift/monitoring/check_metrics.sh | 2 +- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/tests/e2e-openshift/monitoring/chainsaw-test.yaml b/tests/e2e-openshift/monitoring/chainsaw-test.yaml index 0cf36e93f0..4752e8ccb3 100755 --- a/tests/e2e-openshift/monitoring/chainsaw-test.yaml +++ b/tests/e2e-openshift/monitoring/chainsaw-test.yaml @@ -1,4 +1,3 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json apiVersion: chainsaw.kyverno.io/v1alpha1 kind: Test metadata: @@ -14,6 +13,31 @@ spec: file: 00-workload-monitoring.yaml - assert: file: 00-assert.yaml + - name: Enable OpenShift platform monitoring on the OpenTelemetry operator namespace + try: + - command: + entrypoint: oc + args: + - get + - pods + - -A + - -l control-plane=controller-manager + - -l app.kubernetes.io/name=opentelemetry-operator + - -o + - jsonpath={.items[0].metadata.namespace} + outputs: + - name: OTEL_NAMESPACE + value: ($stdout) + - command: + env: + - name: otelnamespace + value: ($OTEL_NAMESPACE) + entrypoint: oc + args: + - label + - namespace + - $otelnamespace + - openshift.io/cluster-monitoring=true - name: step-01 try: - apply: diff --git a/tests/e2e-openshift/monitoring/check_metrics.sh b/tests/e2e-openshift/monitoring/check_metrics.sh index e92a1649e4..8dd65fc4e0 100755 --- a/tests/e2e-openshift/monitoring/check_metrics.sh +++ b/tests/e2e-openshift/monitoring/check_metrics.sh @@ -4,7 +4,7 @@ TOKEN=$(oc create token prometheus-user-workload -n openshift-user-workload-moni THANOS_QUERIER_HOST=$(oc get route thanos-querier -n openshift-monitoring -o json | jq -r '.spec.host') #Check metrics for OpenTelemetry collector instance. -metrics="otelcol_process_uptime otelcol_process_runtime_total_sys_memory_bytes otelcol_process_memory_rss otelcol_exporter_sent_spans otelcol_process_cpu_seconds otelcol_process_memory_rss otelcol_process_runtime_heap_alloc_bytes otelcol_process_runtime_total_alloc_bytes otelcol_process_runtime_total_sys_memory_bytes otelcol_process_uptime otelcol_receiver_accepted_spans otelcol_receiver_refused_spans" +metrics="otelcol_process_uptime otelcol_process_runtime_total_sys_memory_bytes otelcol_process_memory_rss otelcol_exporter_sent_spans otelcol_process_cpu_seconds otelcol_process_memory_rss otelcol_process_runtime_heap_alloc_bytes otelcol_process_runtime_total_alloc_bytes otelcol_process_runtime_total_sys_memory_bytes otelcol_process_uptime otelcol_receiver_accepted_spans otelcol_receiver_refused_spans opentelemetry_collector_info opentelemetry_collector_exporters opentelemetry_collector_receivers" for metric in $metrics; do query="$metric" From f374ea38d5b84b45ca3ca888d7a2607d1279a1aa Mon Sep 17 00:00:00 2001 From: Jacob Aronoff Date: Wed, 23 Oct 2024 14:38:30 -0400 Subject: [PATCH 2/3] Remove TA maintainers code ownership (#3386) --- .github/CODEOWNERS | 3 --- README.md | 9 --------- 2 files changed, 12 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 209e0fe34b..68f4834a72 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -17,6 +17,3 @@ # AutoInstrumentation owners # TBD - -# Target Allocator owners -cmd/otel-allocator @open-telemetry/operator-ta-maintainers diff --git a/README.md b/README.md index cfc2867391..cca3c34ebc 100644 --- a/README.md +++ b/README.md @@ -860,15 +860,6 @@ Emeritus Approvers: - [Owais Lone](https://github.com/owais), Splunk - [Pablo Baeyens](https://github.com/mx-psi), DataDog -Target Allocator Maintainers ([@open-telemetry/operator-ta-maintainers](https://github.com/orgs/open-telemetry/teams/operator-ta-maintainers)): - -- [Sebastian Poxhofer](https://github.com/secustor) - -Emeritus Target Allocator Maintainers - -- [Anthony Mirabella](https://github.com/Aneurysm9), AWS -- [Kristina Pathak](https://github.com/kristinapathak), Lightstep - Maintainers ([@open-telemetry/operator-maintainers](https://github.com/orgs/open-telemetry/teams/operator-maintainers)): - [Jacob Aronoff](https://github.com/jaronoff97), Lightstep From 22e8c06f20f0be6eee1df3e139040240cfa13f07 Mon Sep 17 00:00:00 2001 From: Jacob Aronoff Date: Wed, 23 Oct 2024 14:38:46 -0400 Subject: [PATCH 3/3] target allocator don't run as root (#3385) --- .chloggen/ta-no-root.yaml | 16 ++++++++++++++++ cmd/otel-allocator/Dockerfile | 6 ++++-- 2 files changed, 20 insertions(+), 2 deletions(-) create mode 100755 .chloggen/ta-no-root.yaml diff --git a/.chloggen/ta-no-root.yaml b/.chloggen/ta-no-root.yaml new file mode 100755 index 0000000000..6daeb7840f --- /dev/null +++ b/.chloggen/ta-no-root.yaml @@ -0,0 +1,16 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: bug_fix + +# The name of the component, or a single word describing the area of concern, (e.g. collector, target allocator, auto-instrumentation, opamp, github action) +component: target allocator + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Change docker image to run as non-root + +# One or more tracking issues related to the change +issues: [3378] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: diff --git a/cmd/otel-allocator/Dockerfile b/cmd/otel-allocator/Dockerfile index 2e57628925..26ed93dbe0 100644 --- a/cmd/otel-allocator/Dockerfile +++ b/cmd/otel-allocator/Dockerfile @@ -1,5 +1,5 @@ # Get CA certificates from the Alpine package repo -FROM alpine:3.20 as certificates +FROM alpine:3.20 AS certificates RUN apk --no-cache add ca-certificates @@ -8,7 +8,7 @@ FROM scratch ARG TARGETARCH -WORKDIR /root/ +WORKDIR / # Copy the certs COPY --from=certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt @@ -16,4 +16,6 @@ COPY --from=certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-ce # Copy binary built on the host COPY bin/targetallocator_${TARGETARCH} ./main +USER 65532:65532 + ENTRYPOINT ["./main"]