From b353f36e99a60a87d16f451ffda78715e7dcd91e Mon Sep 17 00:00:00 2001
From: Ishwar Kanse <ikanse@redhat.com>
Date: Fri, 17 Nov 2023 03:03:00 +0530
Subject: [PATCH] Fix test instrumentation-apache-httpd to work on OpenShift.
 (#2310)

---
 .../00-install-collector.yaml                          | 10 ++++++++++
 .../instrumentation-apache-httpd/01-install-app.yaml   |  6 +++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/tests/e2e-instrumentation/instrumentation-apache-httpd/00-install-collector.yaml b/tests/e2e-instrumentation/instrumentation-apache-httpd/00-install-collector.yaml
index 8d63b5dded..5b0d06576c 100644
--- a/tests/e2e-instrumentation/instrumentation-apache-httpd/00-install-collector.yaml
+++ b/tests/e2e-instrumentation/instrumentation-apache-httpd/00-install-collector.yaml
@@ -19,3 +19,13 @@ spec:
           receivers: [otlp]
           processors: []
           exporters: [debug]
+
+---
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  # Annotate the namespace to allow the application to run using an specific group and user in OpenShift
+  # https://docs.openshift.com/dedicated/authentication/managing-security-context-constraints.html
+  # This annotation has no effect in Kubernetes
+  - command: kubectl annotate namespace ${NAMESPACE} openshift.io/sa.scc.uid-range=1000/1000 --overwrite
+  - command: kubectl annotate namespace ${NAMESPACE} openshift.io/sa.scc.supplemental-groups=3000/1000 --overwrite
diff --git a/tests/e2e-instrumentation/instrumentation-apache-httpd/01-install-app.yaml b/tests/e2e-instrumentation/instrumentation-apache-httpd/01-install-app.yaml
index b323af8710..96f1326117 100644
--- a/tests/e2e-instrumentation/instrumentation-apache-httpd/01-install-app.yaml
+++ b/tests/e2e-instrumentation/instrumentation-apache-httpd/01-install-app.yaml
@@ -18,10 +18,14 @@ spec:
       securityContext:
         runAsUser: 1000
         runAsGroup: 3000
-        fsGroup: 2000
+        fsGroup: 3000
       containers:
       - name: myapp
         image: ghcr.io/open-telemetry/opentelemetry-operator/e2e-test-app-apache-httpd:main
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
         ports:
         - containerPort: 8080
         resources: