Update cli to detect OpenShift and provide notice to install SCC #2048
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Dom Del Nano <[email protected]>
|
@pixie-io/maintainers could you review this when you have the chance? |
vihangm
reviewed
Nov 22, 2024
Comment on lines
+271
to
+273
| if clusterType == ClusterTypeOpenShift { | ||
| return errors.New("openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for the Pixie install before continuing. See example on https://docs.px.dev/reference/admin/environment-configs/") | ||
| } |
There was a problem hiding this comment.
shouldn't we allow the installation to go through after they install the SCC? won't this always block the install?
There was a problem hiding this comment.
Errors returned from these "cluster checks" causes the cli to print a warning and prompt the user to continue:
Some cluster checks failed. Pixie may not work properly on your cluster. Continue with deploy? (y/n) [y] :
The message contained in this error struct will be printed on the line before that message (see Test plan output).
vihangm
approved these changes
Nov 25, 2024
ddelnano
added a commit
to ddelnano/pixie
that referenced
this pull request
Dec 9, 2024
…ie-io#2048) Summary: Update cli to detect OpenShift and provide notice to install SCC This updates `px deploy` to detect OpenShift clusters. In addition, it also prompts a user that they need to install a SecurityContextConstraint before continuing with the deployment. Note: the existing SCC instructions no longer work. I've raised pixie-io/docs.px.dev#291 and verified that a pixie deploy works properly with the updated instructions. Relevant Issues: N/A Type of change: /kind feature Test Plan: Verified the following with a locally built `px` cli - [x] deploy command prints appropriate message when KUBECONFIG set to OpenShift cluster ``` $ oc status Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+ In project default on server https://api.test-openshift.testing.getcosmic.ai:6443 svc/openshift - kubernetes.default.svc.cluster.local svc/kubernetes - 172.30.0.1:443 -> 6443 View details with 'oc describe <resource>/<name>' or list resources with 'oc get all'. $ ./px deploy Pixie CLI Running Cluster Checks: ✔ Kernel version > 4.14.0 ✔ Cluster type is supported ✔ K8s version > 1.16.0 ✔ Kubectl > 1.10.0 is present ✔ User can create namespace ✕ Cluster type is in list of known supported types ERR: openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for ✕ Cluster type is in list of known supported types ERR: openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for the Pixie install before continuing. See example on https://docs.px.dev/reference/admin/environment-configs/ Some cluster checks failed. Pixie may not work properly on your cluster. Continue with deploy? (y/n) [y] : ^C ``` - Verified that `oc status` returns with a non-zero exit status if KUBECONFIG points to a different k8s cluster ``` $ kubectl get nodes NAME STATUS ROLES AGE VERSION gke-dev-cluster-ddelnano-default-pool-a27c1ac2-fh3l Ready <none> 26d v1.30.5-gke.1014001 gke-dev-cluster-ddelnano-default-pool-a27c1ac2-qbqs Ready <none> 13d v1.30.5-gke.1014001 $ oc status; echo $? error: you do not have rights to view project "default" specified in your config or the project doesn't exist 1 ``` Changelog Message: Enhanced the `px` cli to detect OpenShift clusters and prompt to install the appropriate SecurityContextConstraints before proceeding with a deploy Signed-off-by: Dom Del Nano <[email protected]>
ddelnano
added a commit
that referenced
this pull request
Dec 16, 2024
Summary: Fix release note generation script Our releases have blank release notes. This makes it difficult for end users to understand what has changed between releases. This PR updates the existing script that was built to auto generate changelog notes. Relevant Issues: N/A Type of change: /kind bug Test Plan: Ran the script for each artifact type and verified the output was expected - [x] cli release notes are expected ``` $ ./scripts/create_release_tag.sh cli -n $ git tag -l --format='%(contents)' release/cli/v0.9.0-pre-ddelnano-fix-release-note-generation.4 ### New Features - (#2048) Enhanced the `px` cli to detect OpenShift clusters and prompt to install the appropriate SecurityContextConstraints before proceeding with a deploy ``` - [x] vizier release notes are expected ``` # Needed to modify prev_tag in script since v0.14.13 to main's HEAD doesn't have vizier changelog messages $ ./scripts/create_release_tag.sh vizier -n $ git tag -l --format='%(contents)' release/vizier/v0.15.0-pre-main.4 ### Bug Fixes - (#2047) Ensures that the `--stirling_bpf_loop_limit` and `--stirling_bpf_chunk_limit` values are respected if explicitly provided on the command line. For 5.1 and later kernels, cli provided values would have been ignored ``` - [x] cloud release notes are generated correctly ``` $ ./scripts/create_release_tag.sh cloud -n Generating changelog from release/cloud/v0.1.8..release/cloud/v0.2.0-pre-ddelnano-fix-release-note-generation.1 $ git tag -l --format='%(contents)' release/cloud/v0.2.0-pre-ddelnano-fix-release-note-generation.1 ### New Features - (#2043) Add support for rendering differential flamegraphs in the `StackTraceFlameGraph` display spec ### Bug Fixes - (#2041) Upgraded bcc and libbpf to support kernels 6.10 and later ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary: Update cli to detect OpenShift and provide notice to install SCC
This updates
px deployto detect OpenShift clusters. In addition, it also prompts a user that they need to install a SecurityContextConstraint before continuing with the deployment. Note: the existing SCC instructions no longer work. I've raised pixie-io/docs.px.dev#291 and verified that a pixie deploy works properly with the updated instructions.Relevant Issues: N/A
Type of change: /kind feature
Test Plan: Verified the following with a locally built
pxclioc statusreturns with a non-zero exit status if KUBECONFIG points to a different k8s clusterChangelog Message: Enhanced the
pxcli to detect OpenShift clusters and prompt to install the appropriate SecurityContextConstraints before proceeding with a deploy