Add verification phase to CLI before installing

[edeNFed]

We would like to add a verification phase before applying resources in the odigos install command. This verification mechanism should be easily extensible as we will add more verifications. Each verification should also recommend to the user how to mitigate in case the verification is failed.

Some of the proposed verifications:

• Check if PodSecurityPolicy is enabled. If enabled the user should use --psp flag when installing
• Check if OPA Gatekeeper is installed, if installed, the user should whiltelist the odigos-system namespace by following this guide.
• Check kernel versions of running nodes

[clavinjune]

could you please assign me on this @edeNFed? but I need more elaboration on the technicality

[clavinjune]

could you please help to review the proposal on how we're gonna add verification phase #986 @edeNFed? thank you 🙇

[clavinjune]

could you please elaborate the Check kernel versions of running nodes part @edeNFed ? thank you 🙇

[clavinjune]

also, when executingodigos install, user have a flexibility to define the namespace, right? so we need to check user-inputted namespace instead of odigos-system for allow-listed?

[edeNFed]

could you please elaborate the Check kernel versions of running nodes part @edeNFed ? thank you 🙇

We should check that at least one Kubernetes node has kernelVersion above 4.14. You can get the kernel version from the nodeInfo field of the node:

  nodeInfo:
    architecture: arm64
    bootID: 98511e31-ee92-4cdf-bfc7-0791f0e58dff
    containerRuntimeVersion: containerd://1.6.9
    kernelVersion: 6.5.11-linuxkit

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[github-actions[bot]]

This issue was closed because it has been stale for 30 days with no activity.