Skip to content

Commit

Permalink
Update cli to detect OpenShift and provide notice to install SCC (#2048)
Browse files Browse the repository at this point in the history 
Summary: Update cli to detect OpenShift and provide notice to install
SCC

This updates `px deploy` to detect OpenShift clusters. In addition, it
also prompts a user that they need to install a
SecurityContextConstraint before continuing with the deployment. Note:
the existing SCC instructions no longer work. I've raised
pixie-io/docs.px.dev#291 and verified that a
pixie deploy works properly with the updated instructions.

Relevant Issues: N/A

Type of change: /kind feature

Test Plan: Verified the following with a locally built `px` cli
- [x] deploy command prints appropriate message when KUBECONFIG set to
OpenShift cluster
```
$ oc status
Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+
In project default on server https://api.test-openshift.testing.getcosmic.ai:6443

svc/openshift - kubernetes.default.svc.cluster.local
svc/kubernetes - 172.30.0.1:443 -> 6443

View details with 'oc describe <resource>/<name>' or list resources with 'oc get all'.

$ ./px deploy
Pixie CLI

Running Cluster Checks:
 ✔    Kernel version > 4.14.0
 ✔    Cluster type is supported
 ✔    K8s version > 1.16.0
 ✔    Kubectl > 1.10.0 is present
 ✔    User can create namespace
 ✕    Cluster type is in list of known supported types  ERR: openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for
 ✕    Cluster type is in list of known supported types  ERR: openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for the Pixie install before continuing. See example on https://docs.px.dev/reference/admin/environment-configs/
Some cluster checks failed. Pixie may not work properly on your cluster. Continue with deploy? (y/n) [y] : ^C
```
- Verified that `oc status` returns with a non-zero exit status if
KUBECONFIG points to a different k8s cluster
```
$ kubectl get nodes
NAME                                                  STATUS   ROLES    AGE   VERSION
gke-dev-cluster-ddelnano-default-pool-a27c1ac2-fh3l   Ready    <none>   26d   v1.30.5-gke.1014001
gke-dev-cluster-ddelnano-default-pool-a27c1ac2-qbqs   Ready    <none>   13d   v1.30.5-gke.1014001

$ oc status; echo $?
error: you do not have rights to view project "default" specified in your config or the project doesn't exist
1
```

Changelog Message: Enhanced the `px` cli to detect OpenShift clusters
and prompt to install the appropriate SecurityContextConstraints before
proceeding with a deploy

Signed-off-by: Dom Del Nano <[email protected]>
  • Loading branch information
@ddelnano
ddelnano authored Nov 25, 2024
1 parent fe990c7 commit 8540621
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions src/pixie_cli/pkg/utils/checks.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ const (
ClusterTypeK0s
// ClusterTypeK3s is a k3s cluster.
ClusterTypeK3s
// ClusterTypeOpenShift is an OpenShift cluster.
ClusterTypeOpenShift
)

var allowedClusterTypes = []ClusterType{
Expand All @@ -75,6 +77,8 @@ var allowedClusterTypes = []ClusterType{
ClusterTypeMinikubeHyperkit,
ClusterTypeK0s,
ClusterTypeK3s,
// ClusterTypeOpenShift is omitted because it requires an additional setup (SecurityContextConstraints install).
// This prompts the user to install the SCC instead of blindly failing.
}

// detectClusterType gets the cluster type of the cluster for the current kube config context.
Expand Down Expand Up @@ -153,6 +157,12 @@ func detectClusterType() ClusterType {
}
}

// Check if it is an OpenShift cluster
err = exec.Command("/bin/sh", "-c", "oc status").Run()
if err == nil {
return ClusterTypeOpenShift
}

return ClusterTypeUnknown
}

Expand Down Expand Up @@ -258,6 +268,10 @@ var (
}
}

if clusterType == ClusterTypeOpenShift {
return errors.New("openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for the Pixie install before continuing. See example on https://docs.px.dev/reference/admin/environment-configs/")
}

return errors.New("Cluster type is not in list of known supported cluster types. Please see: https://docs.px.dev/installing-pixie/requirements/")
})
)
Expand Down

0 comments on commit 8540621

Please sign in to comment.