diff --git a/pkg/constants/env.go b/pkg/constants/env.go index a1f3f9b9d..8b923e92f 100644 --- a/pkg/constants/env.go +++ b/pkg/constants/env.go @@ -10,7 +10,7 @@ const ( EnvOTELPropagators = "OTEL_PROPAGATORS" EnvOTELTracesSampler = "OTEL_TRACES_SAMPLER" EnvOTELTracesSamplerArg = "OTEL_TRACES_SAMPLER_ARG" - + InstrumentationPrefix = "instrumentation.opentelemetry.io/" AnnotationDefaultAutoInstrumentationJava = InstrumentationPrefix + "default-auto-instrumentation-java-image" AnnotationDefaultAutoInstrumentationNodeJS = InstrumentationPrefix + "default-auto-instrumentation-nodejs-image" diff --git a/pkg/instrumentation/dotnet.go b/pkg/instrumentation/dotnet.go index 73874611e..22ed3e945 100644 --- a/pkg/instrumentation/dotnet.go +++ b/pkg/instrumentation/dotnet.go @@ -97,7 +97,10 @@ func injectDotNetSDK(dotNetSpec v1alpha1.DotNet, pod corev1.Pod, index int, runt setDotNetEnvVar(container, envDotNetOTelAutoHome, dotNetOTelAutoHomePath, doNotConcatEnvValues) setDotNetEnvVar(container, envDotNetSharedStore, dotNetSharedStorePath, concatEnvValues) - + err = injectSecret(&pod, index, dotNetSpec.Resources) + if err != nil { + return pod, err + } container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -112,17 +115,18 @@ func injectDotNetSDK(dotNetSpec v1alpha1.DotNet, pod corev1.Pod, index int, runt SizeLimit: volumeSize(dotNetSpec.VolumeSizeLimit), }, }}) - + volumeMount := corev1.VolumeMount{ + Name: dotnetVolumeName, + MountPath: dotnetInstrMountPath, + } pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{ - Name: dotnetInitContainerName, - Image: dotNetSpec.Image, - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, - Resources: dotNetSpec.Resources, - VolumeMounts: []corev1.VolumeMount{{ - Name: dotnetVolumeName, - MountPath: dotnetInstrMountPath, - }}, + Name: dotnetInitContainerName, + Image: dotNetSpec.Image, + Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Resources: dotNetSpec.Resources, + VolumeMounts: []corev1.VolumeMount{volumeMount}, }) + } return pod, nil } diff --git a/pkg/instrumentation/dotnet_test.go b/pkg/instrumentation/dotnet_test.go index 9870ff5e6..f9b5add2a 100644 --- a/pkg/instrumentation/dotnet_test.go +++ b/pkg/instrumentation/dotnet_test.go @@ -36,6 +36,14 @@ func TestInjectDotNetSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: "opentelemetry-auto-instrumentation-dotnet", VolumeSource: corev1.VolumeSource{ @@ -46,6 +54,18 @@ func TestInjectDotNetSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: "opentelemetry-auto-instrumentation-dotnet", Image: "foo/bar:1", @@ -60,6 +80,10 @@ func TestInjectDotNetSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-dotnet", MountPath: "/otel-auto-instrumentation-dotnet", @@ -141,6 +165,14 @@ func TestInjectDotNetSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: "opentelemetry-auto-instrumentation-dotnet", VolumeSource: corev1.VolumeSource{ @@ -151,6 +183,17 @@ func TestInjectDotNetSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-dotnet", Image: "foo/bar:1", @@ -164,6 +207,10 @@ func TestInjectDotNetSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-dotnet", MountPath: "/otel-auto-instrumentation-dotnet", @@ -370,6 +417,14 @@ func TestInjectDotNetSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: dotnetVolumeName, VolumeSource: corev1.VolumeSource{ @@ -380,6 +435,18 @@ func TestInjectDotNetSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: dotnetInitContainerName, Image: "foo/bar:1", @@ -394,6 +461,10 @@ func TestInjectDotNetSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: "/otel-auto-instrumentation-dotnet", @@ -449,6 +520,14 @@ func TestInjectDotNetSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: dotnetVolumeName, VolumeSource: corev1.VolumeSource{ @@ -459,6 +538,18 @@ func TestInjectDotNetSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: dotnetInitContainerName, Image: "foo/bar:1", @@ -473,6 +564,10 @@ func TestInjectDotNetSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: "/otel-auto-instrumentation-dotnet", diff --git a/pkg/instrumentation/golang.go b/pkg/instrumentation/golang.go index 110b70049..b3e3ea734 100644 --- a/pkg/instrumentation/golang.go +++ b/pkg/instrumentation/golang.go @@ -42,7 +42,10 @@ func injectGoSDK(goSpec v1alpha1.Go, pod corev1.Pod) (corev1.Pod, error) { true := true zero := int64(0) pod.Spec.ShareProcessNamespace = &true - + volumeMount := corev1.VolumeMount{ + MountPath: "/sys/kernel/debug", + Name: kernelDebugVolumeName, + } goAgent := corev1.Container{ Name: sideCarName, Image: goSpec.Image, @@ -51,12 +54,7 @@ func injectGoSDK(goSpec v1alpha1.Go, pod corev1.Pod) (corev1.Pod, error) { RunAsUser: &zero, Privileged: &true, }, - VolumeMounts: []corev1.VolumeMount{ - { - MountPath: "/sys/kernel/debug", - Name: kernelDebugVolumeName, - }, - }, + VolumeMounts: []corev1.VolumeMount{}, } // Annotation takes precedence for OTEL_GO_AUTO_TARGET_EXE @@ -76,8 +74,17 @@ func injectGoSDK(goSpec v1alpha1.Go, pod corev1.Pod) (corev1.Pod, error) { goAgent.Env = append(goAgent.Env, env) } } - pod.Spec.Containers = append(pod.Spec.Containers, goAgent) + goAgentPtr := &pod.Spec.Containers[len(pod.Spec.Containers)-1] + for index, _ := range pod.Spec.Containers { + err := injectSecret(&pod, index, goAgent.Resources) + if err != nil { + return pod, err + } + } + //we want to add it after injection to make it consistent with other languages + goAgentPtr.VolumeMounts = append(goAgentPtr.VolumeMounts, volumeMount) + pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{ Name: kernelDebugVolumeName, VolumeSource: corev1.VolumeSource{ @@ -86,5 +93,6 @@ func injectGoSDK(goSpec v1alpha1.Go, pod corev1.Pod) (corev1.Pod, error) { }, }, }) + return pod, nil } diff --git a/pkg/instrumentation/golang_test.go b/pkg/instrumentation/golang_test.go index a068767b1..b0bebbc5e 100644 --- a/pkg/instrumentation/golang_test.go +++ b/pkg/instrumentation/golang_test.go @@ -127,6 +127,10 @@ func TestInjectGoSDK(t *testing.T) { Privileged: &true, }, VolumeMounts: []corev1.VolumeMount{ + { + MountPath: certVolumePath, + Name: certVolumeName, + }, { MountPath: "/sys/kernel/debug", Name: kernelDebugVolumeName, @@ -141,6 +145,14 @@ func TestInjectGoSDK(t *testing.T) { }, }, Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: kernelDebugVolumeName, VolumeSource: corev1.VolumeSource{ @@ -150,6 +162,20 @@ func TestInjectGoSDK(t *testing.T) { }, }, }, + InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, + }, }, }, }, @@ -188,6 +214,10 @@ func TestInjectGoSDK(t *testing.T) { Privileged: &true, }, VolumeMounts: []corev1.VolumeMount{ + { + MountPath: certVolumePath, + Name: certVolumeName, + }, { MountPath: "/sys/kernel/debug", Name: kernelDebugVolumeName, @@ -202,6 +232,14 @@ func TestInjectGoSDK(t *testing.T) { }, }, Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: kernelDebugVolumeName, VolumeSource: corev1.VolumeSource{ @@ -211,6 +249,19 @@ func TestInjectGoSDK(t *testing.T) { }, }, }, + InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, + }, }, }, }, @@ -242,6 +293,10 @@ func TestInjectGoSDK(t *testing.T) { Privileged: &true, }, VolumeMounts: []corev1.VolumeMount{ + { + MountPath: certVolumePath, + Name: certVolumeName, + }, { MountPath: "/sys/kernel/debug", Name: kernelDebugVolumeName, @@ -260,6 +315,14 @@ func TestInjectGoSDK(t *testing.T) { }, }, Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: kernelDebugVolumeName, VolumeSource: corev1.VolumeSource{ @@ -269,6 +332,19 @@ func TestInjectGoSDK(t *testing.T) { }, }, }, + InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, + }, }, }, }, diff --git a/pkg/instrumentation/javaagent.go b/pkg/instrumentation/javaagent.go index f68f5213a..b46b25d84 100644 --- a/pkg/instrumentation/javaagent.go +++ b/pkg/instrumentation/javaagent.go @@ -43,7 +43,10 @@ func injectJavaagent(javaSpec v1alpha1.Java, pod corev1.Pod, index int) (corev1. } else { container.Env[idx].Value = container.Env[idx].Value + javaJVMArgument } - + err = injectSecret(&pod, index, javaSpec.Resources) + if err != nil { + return pod, err + } container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -58,16 +61,16 @@ func injectJavaagent(javaSpec v1alpha1.Java, pod corev1.Pod, index int) (corev1. SizeLimit: volumeSize(javaSpec.VolumeSizeLimit), }, }}) - + volumeMount := corev1.VolumeMount{ + Name: javaVolumeName, + MountPath: javaInstrMountPath, + } pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{ - Name: javaInitContainerName, - Image: javaSpec.Image, - Command: []string{"cp", "/javaagent.jar", javaInstrMountPath + "/javaagent.jar"}, - Resources: javaSpec.Resources, - VolumeMounts: []corev1.VolumeMount{{ - Name: javaVolumeName, - MountPath: javaInstrMountPath, - }}, + Name: javaInitContainerName, + Image: javaSpec.Image, + Command: []string{"cp", "/javaagent.jar", javaInstrMountPath + "/javaagent.jar"}, + Resources: javaSpec.Resources, + VolumeMounts: []corev1.VolumeMount{volumeMount}, }) } return pod, err diff --git a/pkg/instrumentation/javaagent_test.go b/pkg/instrumentation/javaagent_test.go index c8f8256b2..dc6c0cf62 100644 --- a/pkg/instrumentation/javaagent_test.go +++ b/pkg/instrumentation/javaagent_test.go @@ -34,6 +34,14 @@ func TestInjectJavaagent(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: "opentelemetry-auto-instrumentation-java", VolumeSource: corev1.VolumeSource{ @@ -44,6 +52,17 @@ func TestInjectJavaagent(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-java", Image: "foo/bar:1", @@ -57,6 +76,10 @@ func TestInjectJavaagent(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-java", MountPath: "/otel-auto-instrumentation-java", @@ -94,6 +117,14 @@ func TestInjectJavaagent(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: "opentelemetry-auto-instrumentation-java", VolumeSource: corev1.VolumeSource{ @@ -104,6 +135,18 @@ func TestInjectJavaagent(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: "opentelemetry-auto-instrumentation-java", Image: "foo/bar:1", @@ -118,6 +161,10 @@ func TestInjectJavaagent(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-java", MountPath: "/otel-auto-instrumentation-java", diff --git a/pkg/instrumentation/nodejs.go b/pkg/instrumentation/nodejs.go index 70e1732ca..ac650cd91 100644 --- a/pkg/instrumentation/nodejs.go +++ b/pkg/instrumentation/nodejs.go @@ -43,6 +43,10 @@ func injectNodeJSSDK(nodeJSSpec v1alpha1.NodeJS, pod corev1.Pod, index int) (cor } else if idx > -1 { container.Env[idx].Value = container.Env[idx].Value + nodeRequireArgument } + err = injectSecret(&pod, index, nodeJSSpec.Resources) + if err != nil { + return pod, err + } container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ Name: nodejsVolumeName, @@ -58,7 +62,6 @@ func injectNodeJSSDK(nodeJSSpec v1alpha1.NodeJS, pod corev1.Pod, index int) (cor SizeLimit: volumeSize(nodeJSSpec.VolumeSizeLimit), }, }}) - pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{ Name: nodejsInitContainerName, Image: nodeJSSpec.Image, @@ -69,6 +72,7 @@ func injectNodeJSSDK(nodeJSSpec v1alpha1.NodeJS, pod corev1.Pod, index int) (cor MountPath: nodejsInstrMountPath, }}, }) + } return pod, nil } diff --git a/pkg/instrumentation/nodejs_test.go b/pkg/instrumentation/nodejs_test.go index a4d47883d..9a03507f1 100644 --- a/pkg/instrumentation/nodejs_test.go +++ b/pkg/instrumentation/nodejs_test.go @@ -34,6 +34,14 @@ func TestInjectNodeJSSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: "opentelemetry-auto-instrumentation-nodejs", VolumeSource: corev1.VolumeSource{ @@ -44,6 +52,17 @@ func TestInjectNodeJSSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-nodejs", Image: "foo/bar:1", @@ -57,6 +76,10 @@ func TestInjectNodeJSSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-nodejs", MountPath: "/otel-auto-instrumentation-nodejs", @@ -94,6 +117,14 @@ func TestInjectNodeJSSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: "opentelemetry-auto-instrumentation-nodejs", VolumeSource: corev1.VolumeSource{ @@ -104,6 +135,18 @@ func TestInjectNodeJSSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: "opentelemetry-auto-instrumentation-nodejs", Image: "foo/bar:1", @@ -118,6 +161,10 @@ func TestInjectNodeJSSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-nodejs", MountPath: "/otel-auto-instrumentation-nodejs", diff --git a/pkg/instrumentation/podmutator_test.go b/pkg/instrumentation/podmutator_test.go index 617482461..c1f324b5e 100644 --- a/pkg/instrumentation/podmutator_test.go +++ b/pkg/instrumentation/podmutator_test.go @@ -199,6 +199,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: javaVolumeName, VolumeSource: corev1.VolumeSource{ @@ -209,6 +217,18 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: javaInitContainerName, Command: []string{"cp", "/javaagent.jar", javaInstrMountPath + "/javaagent.jar"}, @@ -289,6 +309,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -387,6 +411,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: javaVolumeName, VolumeSource: corev1.VolumeSource{ @@ -397,6 +429,18 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: javaInitContainerName, Command: []string{"cp", "/javaagent.jar", javaInstrMountPath + "/javaagent.jar"}, @@ -477,6 +521,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -552,6 +600,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -733,6 +785,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: nodejsVolumeName, VolumeSource: corev1.VolumeSource{ @@ -743,6 +803,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: nodejsInitContainerName, Image: "otel/nodejs:1", @@ -815,6 +886,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -905,6 +980,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: nodejsVolumeName, VolumeSource: corev1.VolumeSource{ @@ -915,6 +998,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: nodejsInitContainerName, Image: "otel/nodejs:1", @@ -987,6 +1081,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -1054,6 +1152,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -1232,6 +1334,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: pythonVolumeName, VolumeSource: corev1.VolumeSource{ @@ -1242,6 +1352,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: pythonInitContainerName, Image: "otel/python:1", @@ -1326,6 +1447,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -1420,6 +1545,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: pythonVolumeName, VolumeSource: corev1.VolumeSource{ @@ -1430,6 +1563,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: pythonInitContainerName, Image: "otel/python:1", @@ -1514,6 +1658,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -1593,6 +1741,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -1769,6 +1921,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: dotnetVolumeName, VolumeSource: corev1.VolumeSource{ @@ -1779,6 +1939,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: dotnetInitContainerName, Image: "otel/dotnet:1", @@ -1871,6 +2042,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -1948,6 +2123,14 @@ func TestMutatePod(t *testing.T) { ObjectMeta: metav1.ObjectMeta{}, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: dotnetVolumeName, VolumeSource: corev1.VolumeSource{ @@ -1958,6 +2141,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: dotnetInitContainerName, Image: "otel/dotnet:1", @@ -2050,6 +2244,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -2136,6 +2334,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: dotnetVolumeName, VolumeSource: corev1.VolumeSource{ @@ -2146,6 +2352,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: dotnetInitContainerName, Image: "otel/dotnet:1", @@ -2238,6 +2455,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -2325,6 +2546,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -2433,6 +2658,7 @@ func TestMutatePod(t *testing.T) { Namespace: "go", }, Spec: v1alpha1.InstrumentationSpec{ + Go: v1alpha1.Go{ Image: "otel/go:1", Env: []corev1.EnvVar{ @@ -2493,9 +2719,28 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ ShareProcessNamespace: &true, + InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, + }, Containers: []corev1.Container{ { Name: "app", + VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, + }, }, { Name: sideCarName, @@ -2505,6 +2750,10 @@ func TestMutatePod(t *testing.T) { Privileged: &true, }, VolumeMounts: []corev1.VolumeMount{ + { + MountPath: certVolumePath, + Name: certVolumeName, + }, { MountPath: "/sys/kernel/debug", Name: kernelDebugVolumeName, @@ -2567,6 +2816,14 @@ func TestMutatePod(t *testing.T) { }, }, Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: kernelDebugVolumeName, VolumeSource: corev1.VolumeSource{ @@ -3318,6 +3575,7 @@ func TestMutatePod(t *testing.T) { }, }, Spec: corev1.PodSpec{ + Containers: []corev1.Container{ { Name: "dotnet1", @@ -3361,6 +3619,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: javaVolumeName, VolumeSource: corev1.VolumeSource{ @@ -3395,6 +3661,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: javaInitContainerName, Image: "otel/java:1", @@ -3498,6 +3775,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -3569,6 +3850,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -3616,6 +3901,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -3663,6 +3952,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -3710,6 +4003,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -3757,6 +4054,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -3820,6 +4121,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -3883,6 +4188,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -3969,6 +4278,19 @@ func TestMutatePod(t *testing.T) { }, }, Spec: corev1.PodSpec{ + InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, + }, Containers: []corev1.Container{ { Name: "dotnet1", @@ -4019,6 +4341,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: javaVolumeName, VolumeSource: corev1.VolumeSource{ @@ -4053,6 +4383,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: javaInitContainerName, Image: "otel/java:1", @@ -4156,6 +4497,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -4227,6 +4572,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -4274,6 +4623,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -4321,6 +4674,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -4368,6 +4725,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -4415,6 +4776,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -4478,6 +4843,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -4541,6 +4910,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -4953,6 +5326,14 @@ func TestMutatePod(t *testing.T) { }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: dotnetVolumeName, VolumeSource: corev1.VolumeSource{ @@ -4963,6 +5344,17 @@ func TestMutatePod(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: dotnetInitContainerName, Image: "otel/dotnet:1", @@ -5039,6 +5431,10 @@ func TestMutatePod(t *testing.T) { }, }, VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, diff --git a/pkg/instrumentation/python.go b/pkg/instrumentation/python.go index 90475cc5e..e32b9f2b9 100644 --- a/pkg/instrumentation/python.go +++ b/pkg/instrumentation/python.go @@ -86,12 +86,14 @@ func injectPythonSDK(pythonSpec v1alpha1.Python, pod corev1.Pod, index int) (cor Value: "http/protobuf", }) } - + err = injectSecret(&pod, index, pythonSpec.Resources) + if err != nil { + return pod, err + } container.VolumeMounts = append(container.VolumeMounts, corev1.VolumeMount{ Name: pythonVolumeName, MountPath: pythonInstrMountPath, }) - // We just inject Volumes and init containers for the first processed container. if isInitContainerMissing(pod, pythonInitContainerName) { pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{ @@ -101,17 +103,18 @@ func injectPythonSDK(pythonSpec v1alpha1.Python, pod corev1.Pod, index int) (cor SizeLimit: volumeSize(pythonSpec.VolumeSizeLimit), }, }}) - + volumeMount := corev1.VolumeMount{ + Name: pythonVolumeName, + MountPath: pythonInstrMountPath, + } pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{ - Name: pythonInitContainerName, - Image: pythonSpec.Image, - Command: []string{"cp", "-a", "/autoinstrumentation/.", pythonInstrMountPath}, - Resources: pythonSpec.Resources, - VolumeMounts: []corev1.VolumeMount{{ - Name: pythonVolumeName, - MountPath: pythonInstrMountPath, - }}, + Name: pythonInitContainerName, + Image: pythonSpec.Image, + Command: []string{"cp", "-a", "/autoinstrumentation/.", pythonInstrMountPath}, + Resources: pythonSpec.Resources, + VolumeMounts: []corev1.VolumeMount{volumeMount}, }) + } return pod, nil } diff --git a/pkg/instrumentation/python_test.go b/pkg/instrumentation/python_test.go index 4122c2083..b90f47225 100644 --- a/pkg/instrumentation/python_test.go +++ b/pkg/instrumentation/python_test.go @@ -34,6 +34,14 @@ func TestInjectPythonSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: pythonVolumeName, VolumeSource: corev1.VolumeSource{ @@ -44,6 +52,17 @@ func TestInjectPythonSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-python", Image: "foo/bar:1", @@ -57,6 +76,10 @@ func TestInjectPythonSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-python", MountPath: "/otel-auto-instrumentation-python", @@ -110,6 +133,14 @@ func TestInjectPythonSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: "opentelemetry-auto-instrumentation-python", VolumeSource: corev1.VolumeSource{ @@ -120,6 +151,18 @@ func TestInjectPythonSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + Resources: testResourceRequirements, + WorkingDir: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-python", Image: "foo/bar:1", @@ -134,6 +177,10 @@ func TestInjectPythonSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-python", MountPath: "/otel-auto-instrumentation-python", @@ -187,6 +234,14 @@ func TestInjectPythonSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: pythonVolumeName, VolumeSource: corev1.VolumeSource{ @@ -197,6 +252,17 @@ func TestInjectPythonSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-python", Image: "foo/bar:1", @@ -210,6 +276,10 @@ func TestInjectPythonSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-python", MountPath: "/otel-auto-instrumentation-python", @@ -263,6 +333,14 @@ func TestInjectPythonSDK(t *testing.T) { expected: corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: "opentelemetry-auto-instrumentation-python", VolumeSource: corev1.VolumeSource{ @@ -273,6 +351,17 @@ func TestInjectPythonSDK(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-python", Image: "foo/bar:1", @@ -286,6 +375,10 @@ func TestInjectPythonSDK(t *testing.T) { Containers: []corev1.Container{ { VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: "opentelemetry-auto-instrumentation-python", MountPath: "/otel-auto-instrumentation-python", diff --git a/pkg/instrumentation/sdk.go b/pkg/instrumentation/sdk.go index 01b0ba368..1f42246e1 100644 --- a/pkg/instrumentation/sdk.go +++ b/pkg/instrumentation/sdk.go @@ -5,7 +5,10 @@ package instrumentation import ( "context" + "errors" "fmt" + "k8s.io/apimachinery/pkg/api/resource" + "os" "sort" "strings" "time" @@ -29,9 +32,15 @@ import ( ) const ( - volumeName = "opentelemetry-auto-instrumentation" - initContainerName = "opentelemetry-auto-instrumentation" - sideCarName = "opentelemetry-auto-instrumentation" + volumeName = "opentelemetry-auto-instrumentation" + initContainerName = "opentelemetry-auto-instrumentation" + sideCarName = "opentelemetry-auto-instrumentation" + shellContainerName = "bash" + initCertContainerName = "cert-init-container" + certVolumeName = "cert-volume" + certVolumePath = "/cert-volume" + certSecretPath = "/etc/amazon-cloudwatch-app-signals-cert" + caBundleSecretPath = certSecretPath + "/tls-ca.crt" ) // inject a new sidecar container to the given pod, based on the given AmazonCloudWatchAgent. @@ -42,6 +51,7 @@ type sdkInjector struct { } func (i *sdkInjector) inject(ctx context.Context, insts languageInstrumentations, ns corev1.Namespace, pod corev1.Pod) corev1.Pod { + i.logger.V(0).Info("injection is called and starting") if len(pod.Spec.Containers) < 1 { return pod } @@ -87,6 +97,7 @@ func (i *sdkInjector) inject(ctx context.Context, insts languageInstrumentations } } if insts.Python.Instrumentation != nil { + i.logger.V(0).Info("going to inject python") otelinst := *insts.Python.Instrumentation var err error i.logger.V(1).Info("injecting Python instrumentation into pod", "otelinst-namespace", otelinst.Namespace, "otelinst-name", otelinst.Name) @@ -95,6 +106,7 @@ func (i *sdkInjector) inject(ctx context.Context, insts languageInstrumentations for _, container := range strings.Split(pythonContainers, ",") { index := getContainerIndex(container, pod) + i.logger.V(0).Info("injection starting") pod, err = injectPythonSDK(otelinst.Spec.Python, pod, index) if err != nil { i.logger.Info("Skipping Python SDK injection", "reason", err.Error(), "container", pod.Spec.Containers[index].Name) @@ -103,6 +115,8 @@ func (i *sdkInjector) inject(ctx context.Context, insts languageInstrumentations pod = i.injectCommonSDKConfig(ctx, otelinst, ns, pod, index, index) pod = i.setInitContainerSecurityContext(pod, pod.Spec.Containers[index].SecurityContext, pythonInitContainerName) } + i.logger.V(0).Info("injected the pod with init cont: ", "init-containers", pod.Spec.InitContainers) + i.logger.V(0).Info("injected the pod", "pod-spec", pod.Spec) } } if insts.DotNet.Instrumentation != nil { @@ -159,7 +173,7 @@ func (i *sdkInjector) inject(ctx context.Context, insts languageInstrumentations for _, container := range strings.Split(apacheHttpdContainers, ",") { index := getContainerIndex(container, pod) // Apache agent is configured via config files rather than env vars. - // Therefore, service name, otlp endpoint and other attributes are passed to the agent injection method + // Therefore, service name,p otlp endpoint and other attributes are passed to the agent injection method pod = injectApacheHttpdagent(i.logger, otelinst.Spec.ApacheHttpd, pod, index, otelinst.Spec.Endpoint, i.createResourceMap(ctx, otelinst, ns, pod, index)) pod = i.injectCommonEnvVar(otelinst, pod, index) pod = i.injectCommonSDKConfig(ctx, otelinst, ns, pod, index, index) @@ -222,7 +236,63 @@ func getContainerIndex(containerName string, pod corev1.Pod) int { return index } - +func isVolumeMounted(pod *corev1.Pod, volumeName string) bool { + for _, volumes := range pod.Spec.Volumes { + if volumes.Name == volumeName { + return true + } + } + return false +} +func isCertContainerMounted(pod *corev1.Pod, initContainerName string) bool { + for _, initContainer := range pod.Spec.InitContainers { + if initContainer.Name == initContainerName { + return true + } + } + return false +} +func injectSecret(pod *corev1.Pod, index int, resources corev1.ResourceRequirements) error { + secretData, err := os.ReadFile(caBundleSecretPath) + var defaultVolumeLimitSize = resource.MustParse("200Mi") + var secret string + if err != nil { + secret = fmt.Sprintf("%v", err) + //return nil + } else { + secret = string(secretData) + } + volumeMount := corev1.VolumeMount{ + Name: certVolumeName, + MountPath: certVolumePath, + } + if !isVolumeMounted(pod, certVolumeName) { + pod.Spec.Volumes = append(pod.Spec.Volumes, corev1.Volume{ + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }}, + }) + } + container := &pod.Spec.Containers[index] + if container == nil { + return errors.New("Invalid Container") + } + pod.Spec.Containers[index].VolumeMounts = append(container.VolumeMounts, volumeMount) + if !isCertContainerMounted(pod, initCertContainerName) { + pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{ + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", fmt.Sprintf("mkdir -p amazon-cloudwatch-agent && echo '%v' > ./amazon-cloudwatch-agent/ca.crt", + secret)}, + WorkingDir: certVolumePath, + Resources: resources, + VolumeMounts: []corev1.VolumeMount{volumeMount}, + }) + } + return nil +} func (i *sdkInjector) injectCommonEnvVar(otelinst v1alpha1.Instrumentation, pod corev1.Pod, index int) corev1.Pod { container := &pod.Spec.Containers[index] for _, env := range otelinst.Spec.Env { diff --git a/pkg/instrumentation/sdk_test.go b/pkg/instrumentation/sdk_test.go index ddae86f9b..12bc2a9d1 100644 --- a/pkg/instrumentation/sdk_test.go +++ b/pkg/instrumentation/sdk_test.go @@ -7,11 +7,11 @@ import ( "context" "encoding/json" "fmt" + "github.com/stretchr/testify/require" "testing" "github.com/go-logr/logr" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -510,6 +510,14 @@ func TestInjectJava(t *testing.T) { assert.Equal(t, corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: javaVolumeName, VolumeSource: corev1.VolumeSource{ @@ -520,6 +528,18 @@ func TestInjectJava(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: javaInitContainerName, Image: "img:1", @@ -536,6 +556,10 @@ func TestInjectJava(t *testing.T) { Name: "app", Image: "app:latest", VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: javaVolumeName, MountPath: javaInstrMountPath, @@ -614,6 +638,14 @@ func TestInjectNodeJS(t *testing.T) { assert.Equal(t, corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: nodejsVolumeName, VolumeSource: corev1.VolumeSource{ @@ -624,6 +656,18 @@ func TestInjectNodeJS(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + Resources: testResourceRequirements, + }, { Name: nodejsInitContainerName, Image: "img:1", @@ -640,6 +684,10 @@ func TestInjectNodeJS(t *testing.T) { Name: "app", Image: "app:latest", VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -718,6 +766,14 @@ func TestInjectPython(t *testing.T) { assert.Equal(t, corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: pythonVolumeName, VolumeSource: corev1.VolumeSource{ @@ -728,6 +784,17 @@ func TestInjectPython(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: pythonInitContainerName, Image: "img:1", @@ -743,6 +810,10 @@ func TestInjectPython(t *testing.T) { Name: "app", Image: "app:latest", VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -836,6 +907,14 @@ func TestInjectDotNet(t *testing.T) { assert.Equal(t, corev1.Pod{ Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: dotnetVolumeName, VolumeSource: corev1.VolumeSource{ @@ -846,6 +925,17 @@ func TestInjectDotNet(t *testing.T) { }, }, InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, { Name: dotnetInitContainerName, Image: "img:1", @@ -861,6 +951,10 @@ func TestInjectDotNet(t *testing.T) { Name: "app", Image: "app:latest", VolumeMounts: []corev1.VolumeMount{ + { + Name: certVolumeName, + MountPath: certVolumePath, + }, { Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -1040,6 +1134,10 @@ func TestInjectGo(t *testing.T) { { Name: "app", Image: "app:latest", + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, }, { Name: sideCarName, @@ -1049,6 +1147,10 @@ func TestInjectGo(t *testing.T) { Privileged: &true, }, VolumeMounts: []corev1.VolumeMount{ + { + MountPath: certVolumePath, + Name: certVolumeName, + }, { MountPath: "/sys/kernel/debug", Name: kernelDebugVolumeName, @@ -1088,6 +1190,14 @@ func TestInjectGo(t *testing.T) { }, }, Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: kernelDebugVolumeName, VolumeSource: corev1.VolumeSource{ @@ -1097,6 +1207,19 @@ func TestInjectGo(t *testing.T) { }, }, }, + InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, + }, }, }, }, @@ -1141,6 +1264,10 @@ func TestInjectGo(t *testing.T) { { Name: "app", Image: "app:latest", + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, }, { Name: sideCarName, @@ -1150,6 +1277,10 @@ func TestInjectGo(t *testing.T) { Privileged: &true, }, VolumeMounts: []corev1.VolumeMount{ + { + MountPath: certVolumePath, + Name: certVolumeName, + }, { MountPath: "/sys/kernel/debug", Name: kernelDebugVolumeName, @@ -1188,7 +1319,28 @@ func TestInjectGo(t *testing.T) { }, }, }, + InitContainers: []corev1.Container{ + { + Name: initCertContainerName, + Image: shellContainerName, + Command: []string{"/bin/sh", "-c", + "mkdir -p amazon-cloudwatch-agent && echo 'open /etc/amazon-cloudwatch-app-signals-cert/tls-ca.crt: no such file or directory' > ./amazon-cloudwatch-agent/ca.crt"}, + VolumeMounts: []corev1.VolumeMount{{ + Name: certVolumeName, + MountPath: certVolumePath, + }}, + WorkingDir: certVolumePath, + }, + }, Volumes: []corev1.Volume{ + { + Name: certVolumeName, + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{ + SizeLimit: &defaultVolumeLimitSize, + }, + }, + }, { Name: kernelDebugVolumeName, VolumeSource: corev1.VolumeSource{