feat: fix file permission for sidecars

Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com>

pkg/instance/storage.go

@@ -130,6 +130,9 @@ func (s *storage) AddFileBytes(bytes []byte, dest string, chown string) error {
 	if _, err := tmpfile.Write(bytes); err != nil {
 		return err
 	}
+	if err := tmpfile.Chmod(0644); err != nil {
+		return err
+	}
 	if err := tmpfile.Close(); err != nil {
 		return err
 	}

pkg/k8s/pod.go

@@ -29,6 +29,7 @@ const (
 	podFilesConfigmapNameSuffix = "-config"
 
 	initContainerNameSuffix = "-init"
+	initContainerImage      = "nicolaka/netshoot"
 	defaultContainerUser    = 0
 )
 
@@ -594,7 +595,7 @@ func (c *Client) prepareInitContainers(config ContainerConfig, init bool) []v1.C
 	return []v1.Container{
 		{
 			Name:  config.Name + initContainerNameSuffix,
-			Image: config.Image,
+			Image: initContainerImage,
 			SecurityContext: &v1.SecurityContext{
 				RunAsUser: ptr.To[int64](defaultContainerUser),
 			},
@@ -619,9 +620,11 @@ func (c *Client) preparePodSpec(spec PodConfig, init bool) v1.PodSpec {
 
 	// Prepare sidecar containers and append to the pod spec
 	for _, sidecarConfig := range spec.SidecarConfigs {
+		sidecarInitContainer := c.prepareInitContainers(sidecarConfig, true)
 		sidecarContainer := prepareContainer(sidecarConfig)
 		sidecarVolumes := preparePodVolumes(sidecarConfig)
 
+		podSpec.InitContainers = append(podSpec.InitContainers, sidecarInitContainer...)
 		podSpec.Containers = append(podSpec.Containers, sidecarContainer)
 		podSpec.Volumes = append(podSpec.Volumes, sidecarVolumes...)
 	}

pkg/sidecars/observability/obsy.go

@@ -20,7 +20,7 @@ const (
 	otelAgentName = "otel-agent"
 	// %s will be replaced with the otelCollectorVersion
 	otelAgentConfigFile            = "/etc/otel-agent.yaml"
-	otelAgentConfigFilePermissions = "0:0"
+	otelAgentConfigFilePermissions = "10001:10001"
 
 	otelCollectorCommand   = "/otelcol-contrib"
 	otelCollectorConfigArg = "--config=/etc/otel-agent.yaml"