-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Odigos instrumentation does not work on RedHat Openshift #1128
Comments
The solution for the first two problems is to use a more permissive SCC, respectively for each odigos component
The solution to the third problem is use the generated clusterrole for the odiglet (specifically to allow the modification of the finalizer of the controllers): And the lastly, the fourth problem is caused by the enforced selinux policy that is default on the ocp nodes.
which results in
but if you
then the hostmounted files inside the container became readable and the applications start. But this one is not a good enough solution, let me research how to do this safely in OCP. |
Describe the bug
We are trying to instrument applications running RedHat Openshift (OCP 4.15 is the latest as of now). There are couple of problems:
a) the odiglet and odigos-data-collections requires privileged SCC
b) other odigos services require at least the anyuid SCC
c) the odiglet clusterrole is missing kubernetes permissions
d) the virtual device is not readable
and if you exec in
you can also see this in the selinux audit.log
Expected behavior
expected for the instrumentedapplications cr to be created, instrumentation to be injected and readable
The text was updated successfully, but these errors were encountered: