Merge remote-tracking branch 'upstream/main' into bump-go-instrumenta…

…tion

.chloggen/bump-java.yaml

@@ -0,0 +1,16 @@
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. operator, target allocator, github action)
+component: autoinstrumentation
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Bumps java autoinstrumentation version to 1.28.0
+
+# One or more tracking issues related to the change
+issues: [1918]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:

autoinstrumentation/java/version.txt

@@ -1 +1 @@
-1.26.0
+1.28.0

tests/e2e-autoscale/autoscale/wait-until-hpa-ready.go

@@ -32,15 +32,19 @@ import (
 func main() {
 	var hpaName string
 	var timeout time.Duration
-	var kubeconfigPath string
-
-	defaultKubeconfigPath := filepath.Join(homedir.HomeDir(), ".kube", "config")
 
 	pflag.DurationVar(&timeout, "timeout", 5*time.Minute, "The timeout for the check.")
 	pflag.StringVar(&hpaName, "hpa", "", "HPA to check")
-	pflag.StringVar(&kubeconfigPath, "kubeconfig-path", defaultKubeconfigPath, "Absolute path to the KubeconfigPath file")
 	pflag.Parse()
 
+	kubeconfigEnv := os.Getenv("KUBECONFIG")
+	kubeconfigPath := filepath.Join(homedir.HomeDir(), ".kube", "config")
+	if kubeconfigEnv != "" {
+		if _, err := os.Stat(kubeconfigEnv); err != nil {
+			kubeconfigPath = kubeconfigEnv
+		}
+	}
+
 	if len(hpaName) == 0 {
 		fmt.Println("hpa flag is mandatory")
 		os.Exit(1)

tests/e2e/instrumentation-go/01-add-scc.yaml

@@ -0,0 +1,16 @@
+# Create a SA to apply the SCC policy
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: otel-instrumentation-go
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  # Annotate the namespace to allow the application to run using an specific group and user in OpenShift
+  # https://docs.openshift.com/dedicated/authentication/managing-security-context-constraints.html
+  # This annotation has no effect in Kubernetes
+  - script: kubectl annotate namespace ${NAMESPACE} openshift.io/sa.scc.uid-range=0/0 --overwrite
+  - script: kubectl annotate namespace ${NAMESPACE} openshift.io/sa.scc.supplemental-groups=2000/1000 --overwrite
+  # Add the SCC
+  - script: ./add-scc.sh

tests/e2e/instrumentation-go/01-install-app.yaml → tests/e2e/instrumentation-go/02-install-app.yaml

@@ -16,6 +16,11 @@ spec:
         instrumentation.opentelemetry.io/inject-go: "true"
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: /usr/src/app/productcatalogservice
     spec:
+      serviceAccountName: otel-instrumentation-go
+      securityContext:
+        runAsUser: 0
+        runAsGroup: 3000
+        fsGroup: 2000
       containers:
       - name: productcatalogservice
         image: ghcr.io/open-telemetry/demo:1.3.1-productcatalogservice

tests/e2e/instrumentation-go/add-scc.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+if [[ "$(kubectl api-resources --api-group=operator.openshift.io -o name)" ]]; then
+    kubectl apply -f scc.yaml
+    oc adm policy add-scc-to-user otel-go-instrumentation -z otel-instrumentation-go -n $NAMESPACE
+fi

tests/e2e/instrumentation-go/scc.yaml

@@ -0,0 +1,19 @@
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: otel-go-instrumentation
+allowHostDirVolumePlugin: true
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: true
+allowedCapabilities:
+- 'SYS_PTRACE'
+fsGroup:
+  type: RunAsAny
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: RunAsAny
+seccompProfiles:
+- '*'
+supplementalGroups:
+  type: RunAsAny