Update cli to detect OpenShift and provide notice to install SCC (#2048)

ddelnano · web-flow · commit 854062111cf4 · 2024-11-25T11:18:30.000-08:00
Summary: Update cli to detect OpenShift and provide notice to install SCC This updates `px deploy` to detect OpenShift clusters. In addition, it also prompts a user that they need to install a SecurityContextConstraint before continuing with the deployment. Note: the existing SCC instructions no longer work. I've raised pixie-io/docs.px.dev#291 and verified that a pixie deploy works properly with the updated instructions. Relevant Issues: N/A Type of change: /kind feature Test Plan: Verified the following with a locally built `px` cli - [x] deploy command prints appropriate message when KUBECONFIG set to OpenShift cluster ``` $ oc status Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+ In project default on server https://api.test-openshift.testing.getcosmic.ai:6443 svc/openshift - kubernetes.default.svc.cluster.local svc/kubernetes - 172.30.0.1:443 -> 6443 View details with 'oc describe <resource>/<name>' or list resources with 'oc get all'. $ ./px deploy Pixie CLI Running Cluster Checks: ✔ Kernel version > 4.14.0 ✔ Cluster type is supported ✔ K8s version > 1.16.0 ✔ Kubectl > 1.10.0 is present ✔ User can create namespace ✕ Cluster type is in list of known supported types ERR: openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for ✕ Cluster type is in list of known supported types ERR: openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for the Pixie install before continuing. See example on https://docs.px.dev/reference/admin/environment-configs/ Some cluster checks failed. Pixie may not work properly on your cluster. Continue with deploy? (y/n) [y] : ^C ``` - Verified that `oc status` returns with a non-zero exit status if KUBECONFIG points to a different k8s cluster ``` $ kubectl get nodes NAME STATUS ROLES AGE VERSION gke-dev-cluster-ddelnano-default-pool-a27c1ac2-fh3l Ready <none> 26d v1.30.5-gke.1014001 gke-dev-cluster-ddelnano-default-pool-a27c1ac2-qbqs Ready <none> 13d v1.30.5-gke.1014001 $ oc status; echo $? error: you do not have rights to view project "default" specified in your config or the project doesn't exist 1 ``` Changelog Message: Enhanced the `px` cli to detect OpenShift clusters and prompt to install the appropriate SecurityContextConstraints before proceeding with a deploy Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
diff --git a/src/pixie_cli/pkg/utils/checks.go b/src/pixie_cli/pkg/utils/checks.go
@@ -65,6 +65,8 @@ const (
 	ClusterTypeK0s
 	// ClusterTypeK3s is a k3s cluster.
 	ClusterTypeK3s
+	// ClusterTypeOpenShift is an OpenShift cluster.
+	ClusterTypeOpenShift
 )
 
 var allowedClusterTypes = []ClusterType{
@@ -75,6 +77,8 @@ var allowedClusterTypes = []ClusterType{
 	ClusterTypeMinikubeHyperkit,
 	ClusterTypeK0s,
 	ClusterTypeK3s,
+	// ClusterTypeOpenShift is omitted because it requires an additional setup (SecurityContextConstraints install).
+	// This prompts the user to install the SCC instead of blindly failing.
 }
 
 // detectClusterType gets the cluster type of the cluster for the current kube config context.
@@ -153,6 +157,12 @@ func detectClusterType() ClusterType {
 		}
 	}
 
+	// Check if it is an OpenShift cluster
+	err = exec.Command("/bin/sh", "-c", "oc status").Run()
+	if err == nil {
+		return ClusterTypeOpenShift
+	}
+
 	return ClusterTypeUnknown
 }
 
@@ -258,6 +268,10 @@ var (
 			}
 		}
 
+		if clusterType == ClusterTypeOpenShift {
+			return errors.New("openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for the Pixie install before continuing. See example on https://docs.px.dev/reference/admin/environment-configs/")
+		}
+
 		return errors.New("Cluster type is not in list of known supported cluster types. Please see: https://docs.px.dev/installing-pixie/requirements/")
 	})
 )

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,8 @@ const (`
`65`	`65`	`ClusterTypeK0s`
`66`	`66`	`// ClusterTypeK3s is a k3s cluster.`
`67`	`67`	`ClusterTypeK3s`
	`68`	`+ // ClusterTypeOpenShift is an OpenShift cluster.`
	`69`	`+ ClusterTypeOpenShift`
`68`	`70`	`)`
`69`	`71`
`70`	`72`	`var allowedClusterTypes = []ClusterType{`
`@@ -75,6 +77,8 @@ var allowedClusterTypes = []ClusterType{`
`75`	`77`	`ClusterTypeMinikubeHyperkit,`
`76`	`78`	`ClusterTypeK0s,`
`77`	`79`	`ClusterTypeK3s,`
	`80`	`+ // ClusterTypeOpenShift is omitted because it requires an additional setup (SecurityContextConstraints install).`
	`81`	`+ // This prompts the user to install the SCC instead of blindly failing.`
`78`	`82`	`}`
`79`	`83`
`80`	`84`	`// detectClusterType gets the cluster type of the cluster for the current kube config context.`
`@@ -153,6 +157,12 @@ func detectClusterType() ClusterType {`
`153`	`157`	`}`
`154`	`158`	`}`
`155`	`159`
	`160`	`+ // Check if it is an OpenShift cluster`
	`161`	`+ err = exec.Command("/bin/sh", "-c", "oc status").Run()`
	`162`	`+ if err == nil {`
	`163`	`+ return ClusterTypeOpenShift`
	`164`	`+ }`
	`165`	`+`
`156`	`166`	`return ClusterTypeUnknown`
`157`	`167`	`}`
`158`	`168`
`@@ -258,6 +268,10 @@ var (`
`258`	`268`	`}`
`259`	`269`	`}`
`260`	`270`
	`271`	`+ if clusterType == ClusterTypeOpenShift {`
	`272`	`+ return errors.New("openshift cluster detected. Please note that a Security Context Constraint (SCC) is required to run Pixie. Install a SCC in the namespace designated for the Pixie install before continuing. See example on https://docs.px.dev/reference/admin/environment-configs/")`
	`273`	`+ }`
	`274`	`+`
`261`	`275`	`return errors.New("Cluster type is not in list of known supported cluster types. Please see: https://docs.px.dev/installing-pixie/requirements/")`
`262`	`276`	`})`
`263`	`277`	`)`