From db72f1276879203e25990f64e9e8c4af92b39226 Mon Sep 17 00:00:00 2001 From: Israel Blancas Date: Thu, 29 Feb 2024 19:18:36 +0100 Subject: [PATCH 1/2] Not preserve the ownership of the files copied in the autoinstrumentation. Closes #2655 Signed-off-by: Israel Blancas --- .chloggen/fix-2655.yaml | 16 +++++++++++++++ pkg/instrumentation/dotnet.go | 2 +- pkg/instrumentation/dotnet_test.go | 8 ++++---- pkg/instrumentation/nodejs.go | 2 +- pkg/instrumentation/nodejs_test.go | 4 ++-- pkg/instrumentation/podmutator_test.go | 28 +++++++++++++------------- pkg/instrumentation/python.go | 2 +- pkg/instrumentation/python_test.go | 8 ++++---- pkg/instrumentation/sdk_test.go | 6 +++--- 9 files changed, 46 insertions(+), 30 deletions(-) create mode 100755 .chloggen/fix-2655.yaml diff --git a/.chloggen/fix-2655.yaml b/.chloggen/fix-2655.yaml new file mode 100755 index 0000000000..79c158692c --- /dev/null +++ b/.chloggen/fix-2655.yaml @@ -0,0 +1,16 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: bug_fix + +# The name of the component, or a single word describing the area of concern, (e.g. operator, target allocator, github action) +component: instrumentation + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: "Not preserve the ownership of the files from the autoinstrumenation when copied to the volume. This avoids isues when instrumenting workloads runned as non-root" + +# One or more tracking issues related to the change +issues: [2655] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: diff --git a/pkg/instrumentation/dotnet.go b/pkg/instrumentation/dotnet.go index 4837257906..437e256fc1 100644 --- a/pkg/instrumentation/dotnet.go +++ b/pkg/instrumentation/dotnet.go @@ -127,7 +127,7 @@ func injectDotNetSDK(dotNetSpec v1alpha1.DotNet, pod corev1.Pod, index int, runt pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{ Name: dotnetInitContainerName, Image: dotNetSpec.Image, - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", dotnetInstrMountPath}, Resources: dotNetSpec.Resources, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, diff --git a/pkg/instrumentation/dotnet_test.go b/pkg/instrumentation/dotnet_test.go index 9da037d516..23d2924208 100644 --- a/pkg/instrumentation/dotnet_test.go +++ b/pkg/instrumentation/dotnet_test.go @@ -60,7 +60,7 @@ func TestInjectDotNetSDK(t *testing.T) { { Name: "opentelemetry-auto-instrumentation-dotnet", Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-dotnet"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-dotnet"}, VolumeMounts: []corev1.VolumeMount{{ Name: "opentelemetry-auto-instrumentation-dotnet", MountPath: "/otel-auto-instrumentation-dotnet", @@ -165,7 +165,7 @@ func TestInjectDotNetSDK(t *testing.T) { { Name: "opentelemetry-auto-instrumentation-dotnet", Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-dotnet"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-dotnet"}, VolumeMounts: []corev1.VolumeMount{{ Name: "opentelemetry-auto-instrumentation-dotnet", MountPath: "/otel-auto-instrumentation-dotnet", @@ -394,7 +394,7 @@ func TestInjectDotNetSDK(t *testing.T) { { Name: dotnetInitContainerName, Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-dotnet"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-dotnet"}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: "/otel-auto-instrumentation-dotnet", @@ -473,7 +473,7 @@ func TestInjectDotNetSDK(t *testing.T) { { Name: dotnetInitContainerName, Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-dotnet"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-dotnet"}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: "/otel-auto-instrumentation-dotnet", diff --git a/pkg/instrumentation/nodejs.go b/pkg/instrumentation/nodejs.go index 6d06bea363..655e35ee5f 100644 --- a/pkg/instrumentation/nodejs.go +++ b/pkg/instrumentation/nodejs.go @@ -73,7 +73,7 @@ func injectNodeJSSDK(nodeJSSpec v1alpha1.NodeJS, pod corev1.Pod, index int) (cor pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{ Name: nodejsInitContainerName, Image: nodeJSSpec.Image, - Command: []string{"cp", "-a", "/autoinstrumentation/.", nodejsInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", nodejsInstrMountPath}, Resources: nodeJSSpec.Resources, VolumeMounts: []corev1.VolumeMount{{ Name: nodejsVolumeName, diff --git a/pkg/instrumentation/nodejs_test.go b/pkg/instrumentation/nodejs_test.go index 4b5d22dd89..7ed4fcd6d3 100644 --- a/pkg/instrumentation/nodejs_test.go +++ b/pkg/instrumentation/nodejs_test.go @@ -58,7 +58,7 @@ func TestInjectNodeJSSDK(t *testing.T) { { Name: "opentelemetry-auto-instrumentation-nodejs", Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-nodejs"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-nodejs"}, VolumeMounts: []corev1.VolumeMount{{ Name: "opentelemetry-auto-instrumentation-nodejs", MountPath: "/otel-auto-instrumentation-nodejs", @@ -118,7 +118,7 @@ func TestInjectNodeJSSDK(t *testing.T) { { Name: "opentelemetry-auto-instrumentation-nodejs", Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-nodejs"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-nodejs"}, VolumeMounts: []corev1.VolumeMount{{ Name: "opentelemetry-auto-instrumentation-nodejs", MountPath: "/otel-auto-instrumentation-nodejs", diff --git a/pkg/instrumentation/podmutator_test.go b/pkg/instrumentation/podmutator_test.go index ffe5327a03..fc906746b8 100644 --- a/pkg/instrumentation/podmutator_test.go +++ b/pkg/instrumentation/podmutator_test.go @@ -677,7 +677,7 @@ func TestMutatePod(t *testing.T) { { Name: nodejsInitContainerName, Image: "otel/nodejs:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", nodejsInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", nodejsInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -849,7 +849,7 @@ func TestMutatePod(t *testing.T) { { Name: nodejsInitContainerName, Image: "otel/nodejs:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", nodejsInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", nodejsInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -1176,7 +1176,7 @@ func TestMutatePod(t *testing.T) { { Name: pythonInitContainerName, Image: "otel/python:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", pythonInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", pythonInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -1364,7 +1364,7 @@ func TestMutatePod(t *testing.T) { { Name: pythonInitContainerName, Image: "otel/python:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", pythonInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", pythonInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -1713,7 +1713,7 @@ func TestMutatePod(t *testing.T) { { Name: dotnetInitContainerName, Image: "otel/dotnet:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", dotnetInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -1892,7 +1892,7 @@ func TestMutatePod(t *testing.T) { { Name: dotnetInitContainerName, Image: "otel/dotnet:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", dotnetInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -2080,7 +2080,7 @@ func TestMutatePod(t *testing.T) { { Name: dotnetInitContainerName, Image: "otel/dotnet:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", dotnetInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -3360,7 +3360,7 @@ func TestMutatePod(t *testing.T) { { Name: nodejsInitContainerName, Image: "otel/nodejs:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", nodejsInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", nodejsInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -3369,7 +3369,7 @@ func TestMutatePod(t *testing.T) { { Name: pythonInitContainerName, Image: "otel/python:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", pythonInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", pythonInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -3378,7 +3378,7 @@ func TestMutatePod(t *testing.T) { { Name: dotnetInitContainerName, Image: "otel/dotnet:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", dotnetInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -4012,7 +4012,7 @@ func TestMutatePod(t *testing.T) { { Name: nodejsInitContainerName, Image: "otel/nodejs:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", nodejsInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", nodejsInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -4021,7 +4021,7 @@ func TestMutatePod(t *testing.T) { { Name: pythonInitContainerName, Image: "otel/python:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", pythonInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", pythonInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -4030,7 +4030,7 @@ func TestMutatePod(t *testing.T) { { Name: dotnetInitContainerName, Image: "otel/dotnet:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", dotnetInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, @@ -4895,7 +4895,7 @@ func TestMutatePod(t *testing.T) { { Name: dotnetInitContainerName, Image: "otel/dotnet:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", dotnetInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, diff --git a/pkg/instrumentation/python.go b/pkg/instrumentation/python.go index 0be23ee413..ca51bbcd7c 100644 --- a/pkg/instrumentation/python.go +++ b/pkg/instrumentation/python.go @@ -116,7 +116,7 @@ func injectPythonSDK(pythonSpec v1alpha1.Python, pod corev1.Pod, index int) (cor pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{ Name: pythonInitContainerName, Image: pythonSpec.Image, - Command: []string{"cp", "-a", "/autoinstrumentation/.", pythonInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", pythonInstrMountPath}, Resources: pythonSpec.Resources, VolumeMounts: []corev1.VolumeMount{{ Name: pythonVolumeName, diff --git a/pkg/instrumentation/python_test.go b/pkg/instrumentation/python_test.go index 7f7510c719..04aa11c61a 100644 --- a/pkg/instrumentation/python_test.go +++ b/pkg/instrumentation/python_test.go @@ -58,7 +58,7 @@ func TestInjectPythonSDK(t *testing.T) { { Name: "opentelemetry-auto-instrumentation-python", Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-python"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-python"}, VolumeMounts: []corev1.VolumeMount{{ Name: "opentelemetry-auto-instrumentation-python", MountPath: "/otel-auto-instrumentation-python", @@ -134,7 +134,7 @@ func TestInjectPythonSDK(t *testing.T) { { Name: "opentelemetry-auto-instrumentation-python", Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-python"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-python"}, VolumeMounts: []corev1.VolumeMount{{ Name: "opentelemetry-auto-instrumentation-python", MountPath: "/otel-auto-instrumentation-python", @@ -211,7 +211,7 @@ func TestInjectPythonSDK(t *testing.T) { { Name: "opentelemetry-auto-instrumentation-python", Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-python"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-python"}, VolumeMounts: []corev1.VolumeMount{{ Name: "opentelemetry-auto-instrumentation-python", MountPath: "/otel-auto-instrumentation-python", @@ -287,7 +287,7 @@ func TestInjectPythonSDK(t *testing.T) { { Name: "opentelemetry-auto-instrumentation-python", Image: "foo/bar:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", "/otel-auto-instrumentation-python"}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", "/otel-auto-instrumentation-python"}, VolumeMounts: []corev1.VolumeMount{{ Name: "opentelemetry-auto-instrumentation-python", MountPath: "/otel-auto-instrumentation-python", diff --git a/pkg/instrumentation/sdk_test.go b/pkg/instrumentation/sdk_test.go index 7851879fe3..a1024be110 100644 --- a/pkg/instrumentation/sdk_test.go +++ b/pkg/instrumentation/sdk_test.go @@ -641,7 +641,7 @@ func TestInjectNodeJS(t *testing.T) { { Name: nodejsInitContainerName, Image: "img:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", nodejsInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", nodejsInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: nodejsVolumeName, MountPath: nodejsInstrMountPath, @@ -746,7 +746,7 @@ func TestInjectPython(t *testing.T) { { Name: pythonInitContainerName, Image: "img:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", pythonInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", pythonInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: pythonVolumeName, MountPath: pythonInstrMountPath, @@ -865,7 +865,7 @@ func TestInjectDotNet(t *testing.T) { { Name: dotnetInitContainerName, Image: "img:1", - Command: []string{"cp", "-a", "/autoinstrumentation/.", dotnetInstrMountPath}, + Command: []string{"cp", "-r", "/autoinstrumentation/.", dotnetInstrMountPath}, VolumeMounts: []corev1.VolumeMount{{ Name: dotnetVolumeName, MountPath: dotnetInstrMountPath, From 7cfda9fd080b4a2ff63db43734b0caeec465e240 Mon Sep 17 00:00:00 2001 From: Israel Blancas Date: Fri, 1 Mar 2024 13:30:20 +0100 Subject: [PATCH 2/2] Update .chloggen/fix-2655.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Mikołaj Świątek --- .chloggen/fix-2655.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.chloggen/fix-2655.yaml b/.chloggen/fix-2655.yaml index 79c158692c..73da99b38d 100755 --- a/.chloggen/fix-2655.yaml +++ b/.chloggen/fix-2655.yaml @@ -5,7 +5,7 @@ change_type: bug_fix component: instrumentation # A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: "Not preserve the ownership of the files from the autoinstrumenation when copied to the volume. This avoids isues when instrumenting workloads runned as non-root" +note: "Don't preserve ownership of files copied from the autoinstrumenation image. This avoids issues when instrumenting workloads running as non-root" # One or more tracking issues related to the change issues: [2655]