Add OpenShift platform tests (#1233)

* # This is a combination of 2 commits. # This is the 1st commit message: Introduce a platform test to exercise OpenShift clusters. Signed-off-by: Pete Wall <[email protected]> # The commit message #2 will be skipped: # WIP # # Signed-off-by: Pete Wall <[email protected]> * First drop of maybe working platform test Signed-off-by: Pete Wall <[email protected]> * More openshift platform test fixes and yamllint issues Signed-off-by: Pete Wall <[email protected]> * Fix actionlint issues Signed-off-by: Pete Wall <[email protected]> * Use OKD's openshift-installer, not the official one. Signed-off-by: Pete Wall <[email protected]> * Be more specific to not accidentally pick up arm64 Signed-off-by: Pete Wall <[email protected]> * I believe openshift cluster creation might not set the local config. Use an environment variable Signed-off-by: Pete Wall <[email protected]> * Update openshift example based on manual testing Signed-off-by: Pete Wall <[email protected]> * Add more troubleshooting to the test runner script Signed-off-by: Pete Wall <[email protected]> * more script traige Signed-off-by: Pete Wall <[email protected]> * Even more checking Signed-off-by: Pete Wall <[email protected]> * Make an absolute symlink Signed-off-by: Pete Wall <[email protected]> * Finish platform test Signed-off-by: Pete Wall <[email protected]> * Update charts/k8s-monitoring/tests/platform/openshift/Makefile Co-authored-by: Robert Lankford <[email protected]> --------- Signed-off-by: Pete Wall <[email protected]> Co-authored-by: Robert Lankford <[email protected]>
grafana · Feb 14, 2025 · e50962c · e50962c
1 parent 28fe62a
commit e50962c
Show file tree

Hide file tree

Showing 20 changed files with 4,779 additions and 164 deletions.
diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml
@@ -61,9 +61,9 @@ jobs:
         run: |
           if [ -f "charts/k8s-monitoring/tests/integration/${{ matrix.test }}/deps.json" ]; then
             # e.g. ["terraform", "vendir"]
-            echo "deps=$(jq --compact-output '.' charts/k8s-monitoring/tests/integration/${{ matrix.test }}/deps.json)" >> $GITHUB_ENV
+            echo "deps=$(jq --compact-output '.' "charts/k8s-monitoring/tests/integration/${{ matrix.test }}/deps.json")" >> "${GITHUB_ENV}"
           else
-            echo "deps=[]" >> $GITHUB_ENV
+            echo "deps=[]" >> "${GITHUB_ENV}"
           fi
 
       - name: Install terraform

diff --git a/.github/workflows/platform-test.yml b/.github/workflows/platform-test.yml
@@ -78,6 +78,8 @@ jobs:
             echo "cluster-type=gke" >> "${GITHUB_OUTPUT}"
           elif [ -f "charts/k8s-monitoring/tests/platform/${{ matrix.test }}/gke-autopilot-cluster-config.yaml" ]; then
             echo "cluster-type=gke" >> "${GITHUB_OUTPUT}"
+          elif [ -f "charts/k8s-monitoring/tests/platform/${{ matrix.test }}/openshift-cluster-config.yaml" ]; then
+            echo "cluster-type=openshift" >> "${GITHUB_OUTPUT}"
           else
             echo "cluster-type=kind" >> "${GITHUB_OUTPUT}"
           fi
@@ -98,6 +100,16 @@ jobs:
         env:
           ARCH: amd64
 
+      - name: Setup OpenShift Installer CLI
+        if: ${{ steps.check-cluster-config.outputs.cluster-type == 'openshift' }}
+        uses: robinraju/release-downloader@v1
+        with:
+          repository: okd-project/okd
+          latest: true
+          fileName: openshift-install-linux-[.0-9]*.tar.gz
+          extract: true
+          out-file-path: /usr/local/bin
+
       - name: Configure AWS Credentials
         if: ${{ steps.check-cluster-config.outputs.cluster-type == 'eks' }}
         uses: aws-actions/configure-aws-credentials@v4
@@ -107,13 +119,13 @@ jobs:
           aws-region: ap-northeast-2
 
       - name: Configure GCP Credentials
-        if: ${{ steps.check-cluster-config.outputs.cluster-type == 'gke' }}
+        if: ${{ steps.check-cluster-config.outputs.cluster-type == 'gke' || steps.check-cluster-config.outputs.cluster-type == 'openshift' }}
         uses: google-github-actions/auth@v2
         with:
           credentials_json: '${{ secrets.GCP_SERVICE_ACCOUNT_TOKEN }}'
 
       - name: Set up GCP Cloud SDK
-        if: ${{ steps.check-cluster-config.outputs.cluster-type == 'gke' }}
+        if: ${{ steps.check-cluster-config.outputs.cluster-type == 'gke' || steps.check-cluster-config.outputs.cluster-type == 'openshift' }}
         uses: google-github-actions/setup-gcloud@v2
         with:
           install_components: gke-gcloud-auth-plugin

diff --git a/.yamllint.yml b/.yamllint.yml
@@ -12,6 +12,7 @@ ignore:
   - charts/k8s-monitoring/docs/examples/**/output.yaml
   - charts/k8s-monitoring/tests/integration/**/output.yaml
   - charts/k8s-monitoring/tests/platform/**/output.yaml
+  - charts/k8s-monitoring/tests/platform/**/*-installer-files/**
   - charts/k8s-monitoring-v1/docs/examples/**/output.yaml
   - charts/**/templates
 

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -147,6 +147,14 @@ installing them for a better experience:
 -   [shellspec](https://github.com/shellspec/shellspec) - Used for executing some unit tests.
 -   [vendir](https://carvel.dev/vendir/) - Used for downloading Alloy Module
 
+If you are going to be running platform tests, you might want to install the following tools:
+
+-   [gcloud](https://cloud.google.com/sdk/docs/install) - Used for interacting with Google Cloud Platform.
+-   [aws-cli & eksctl](https://docs.aws.amazon.com/eks/latest/userguide/setting-up.html) - Used for interacting with Amazon Web Services and creating EKS clusters.
+-   [az](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) - Used for interacting with Azure.
+-   openshift-install - Used for creating OKD OpenShift clusters.
+    -   `gh release download --repo okd-project/okd -p "openshift-install-mac-arm64*"`
+
 Each chart has a Makefile with targets to automate much of the process.
 
 ## Contributor Guides

diff --git a/charts/k8s-monitoring/docs/examples/platforms/openshift/README.md b/charts/k8s-monitoring/docs/examples/platforms/openshift/README.md
@@ -61,83 +61,23 @@ clusterEvents:
 podLogs:
   enabled: true
 
+integrations:
+  alloy:
+    instances:
+      - name: alloy
+        labelSelectors:
+          app.kubernetes.io/name: [alloy-metrics, alloy-singleton, alloy-logs]
+
 alloy-metrics:
   enabled: true
-  alloy:
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-          - CHOWN
-          - DAC_OVERRIDE
-          - FOWNER
-          - FSETID
-          - KILL
-          - SETGID
-          - SETUID
-          - SETPCAP
-          - NET_BIND_SERVICE
-          - NET_RAW
-          - SYS_CHROOT
-          - MKNOD
-          - AUDIT_WRITE
-          - SETFCAP
-        drop:
-          - ALL
-      seccompProfile:
-        type: RuntimeDefault
+
 alloy-singleton:
   enabled: true
-  alloy:
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-          - CHOWN
-          - DAC_OVERRIDE
-          - FOWNER
-          - FSETID
-          - KILL
-          - SETGID
-          - SETUID
-          - SETPCAP
-          - NET_BIND_SERVICE
-          - NET_RAW
-          - SYS_CHROOT
-          - MKNOD
-          - AUDIT_WRITE
-          - SETFCAP
-        drop:
-          - ALL
-      seccompProfile:
-        type: RuntimeDefault
+
 alloy-logs:
   enabled: true
-  alloy:
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        add:
-          - CHOWN
-          - DAC_OVERRIDE
-          - FOWNER
-          - FSETID
-          - KILL
-          - SETGID
-          - SETUID
-          - SETPCAP
-          - NET_BIND_SERVICE
-          - NET_RAW
-          - SYS_CHROOT
-          - MKNOD
-          - AUDIT_WRITE
-          - SETFCAP
-        drop:
-          - ALL
-      privileged: false
-      runAsUser: 0
   global:
     podSecurityContext:
       seLinuxOptions:
-        type: spc_t
+        type: container_logreader_t
 ```