diff --git a/api/datadoghq/common/const.go b/api/datadoghq/common/const.go index 83197494da..8b04d5056d 100644 --- a/api/datadoghq/common/const.go +++ b/api/datadoghq/common/const.go @@ -11,7 +11,8 @@ import ( appsv1 "k8s.io/api/apps/v1" ) -// Datadog const value +// This file tracks constants related to setting up the Datadog Agents + const ( // AgentDeploymentNameLabelKey label key use to link a Resource to a DatadogAgent AgentDeploymentNameLabelKey = "agent.datadoghq.com/name" diff --git a/api/datadoghq/v2alpha1/const.go b/api/datadoghq/v2alpha1/const.go index 3ad73997ef..92400f81db 100644 --- a/api/datadoghq/v2alpha1/const.go +++ b/api/datadoghq/v2alpha1/const.go @@ -1,5 +1,12 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2016-present Datadog, Inc. + package v2alpha1 +// This file tracks constants closely related to the CRD, such as ConditionTypes + const ( // ClusterAgentReconcileConditionType ReconcileConditionType for Cluster Agent component @@ -12,9 +19,4 @@ const ( OverrideReconcileConflictConditionType = "OverrideReconcileConflict" // DatadogAgentReconcileErrorConditionType ReconcileConditionType for DatadogAgent reconcile error DatadogAgentReconcileErrorConditionType = "DatadogAgentReconcileError" - - // ExtraConfdConfigMapName is the name of the ConfigMap storing Custom Confd data - ExtraConfdConfigMapName = "%s-extra-confd" - // ExtraChecksdConfigMapName is the name of the ConfigMap storing Custom Checksd data - ExtraChecksdConfigMapName = "%s-extra-checksd" ) diff --git a/internal/controller/datadogagent/common/const.go b/internal/controller/datadogagent/common/const.go index 1d676af622..126e357ade 100644 --- a/internal/controller/datadogagent/common/const.go +++ b/internal/controller/datadogagent/common/const.go @@ -5,6 +5,8 @@ package common +// This file tracks constants used in features, component default code + // Resource names const ( DatadogTokenOldResourceName = "datadogtoken" // Kept for backward compatibility with agent <7.37.0 diff --git a/internal/controller/datadogagent/const.go b/internal/controller/datadogagent/const.go deleted file mode 100644 index d7e1a157c6..0000000000 --- a/internal/controller/datadogagent/const.go +++ /dev/null @@ -1,25 +0,0 @@ -// Unless explicitly stated otherwise all files in this repository are licensed -// under the Apache License Version 2.0. -// This product includes software developed at Datadog (https://www.datadoghq.com/). -// Copyright 2016-present Datadog, Inc. - -package datadogagent - -const ( - // kind names definition - extendedDaemonSetKind = "ExtendedDaemonSet" - daemonSetKind = "DaemonSet" - deploymentKind = "Deployment" - clusterRoleKind = "ClusterRole" - clusterRoleBindingKind = "ClusterRoleBinding" - roleKind = "Role" - roleBindingKind = "RoleBinding" - configMapKind = "ConfigMap" - serviceAccountKind = "ServiceAccount" - podDisruptionBudgetKind = "PodDisruptionBudget" - secretKind = "Secret" - serviceKind = "Service" - apiServiceKind = "APIService" - networkPolicyKind = "NetworkPolicy" - ciliumNetworkPolicyKind = "CiliumNetworkPolicy" -) diff --git a/internal/controller/datadogagent/controller_reconcile_agent.go b/internal/controller/datadogagent/controller_reconcile_agent.go index 317a6c0211..ee9a95048d 100644 --- a/internal/controller/datadogagent/controller_reconcile_agent.go +++ b/internal/controller/datadogagent/controller_reconcile_agent.go @@ -220,7 +220,7 @@ func (r *Reconciler) deleteV2DaemonSet(logger logr.Logger, dda *datadoghqv2alpha return err } logger.Info("Delete DaemonSet", "daemonSet.Namespace", ds.Namespace, "daemonSet.Name", ds.Name) - event := buildEventInfo(ds.Name, ds.Namespace, daemonSetKind, datadog.DeletionEvent) + event := buildEventInfo(ds.Name, ds.Namespace, kubernetes.DaemonSetKind, datadog.DeletionEvent) r.recordEvent(dda, event) removeStaleStatus(newStatus, ds.Name) @@ -233,7 +233,7 @@ func (r *Reconciler) deleteV2ExtendedDaemonSet(logger logr.Logger, dda *datadogh return err } logger.Info("Delete DaemonSet", "extendedDaemonSet.Namespace", eds.Namespace, "extendedDaemonSet.Name", eds.Name) - event := buildEventInfo(eds.Name, eds.Namespace, extendedDaemonSetKind, datadog.DeletionEvent) + event := buildEventInfo(eds.Name, eds.Namespace, kubernetes.ExtendedDaemonSetKind, datadog.DeletionEvent) r.recordEvent(dda, event) removeStaleStatus(newStatus, eds.Name) diff --git a/internal/controller/datadogagent/controller_reconcile_ccr.go b/internal/controller/datadogagent/controller_reconcile_ccr.go index f4b3d6dfa2..48c0ffb691 100644 --- a/internal/controller/datadogagent/controller_reconcile_ccr.go +++ b/internal/controller/datadogagent/controller_reconcile_ccr.go @@ -15,11 +15,12 @@ import ( "github.com/DataDog/datadog-operator/internal/controller/datadogagent/feature" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/override" "github.com/DataDog/datadog-operator/pkg/controller/utils/datadog" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/DataDog/datadog-operator/pkg/kubernetes" "github.com/go-logr/logr" appsv1 "k8s.io/api/apps/v1" "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) @@ -102,7 +103,7 @@ func (r *Reconciler) cleanupV2ClusterChecksRunner(logger logr.Logger, dda *datad } } else { logger.Info("Deleting Cluster Checks Runner Deployment", "deployment.Namespace", ClusterChecksRunnerDeployment.Namespace, "deployment.Name", ClusterChecksRunnerDeployment.Name) - event := buildEventInfo(ClusterChecksRunnerDeployment.Name, ClusterChecksRunnerDeployment.Namespace, deploymentKind, datadog.DeletionEvent) + event := buildEventInfo(ClusterChecksRunnerDeployment.Name, ClusterChecksRunnerDeployment.Namespace, kubernetes.DeploymentKind, datadog.DeletionEvent) r.recordEvent(dda, event) if err := r.client.Delete(context.TODO(), ClusterChecksRunnerDeployment); err != nil { return reconcile.Result{}, err diff --git a/internal/controller/datadogagent/controller_reconcile_dca.go b/internal/controller/datadogagent/controller_reconcile_dca.go index 3916bd8a48..41389069a6 100644 --- a/internal/controller/datadogagent/controller_reconcile_dca.go +++ b/internal/controller/datadogagent/controller_reconcile_dca.go @@ -15,6 +15,7 @@ import ( "github.com/DataDog/datadog-operator/internal/controller/datadogagent/feature" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/override" "github.com/DataDog/datadog-operator/pkg/controller/utils/datadog" + "github.com/DataDog/datadog-operator/pkg/kubernetes" "github.com/go-logr/logr" appsv1 "k8s.io/api/apps/v1" @@ -108,7 +109,7 @@ func (r *Reconciler) cleanupV2ClusterAgent(logger logr.Logger, dda *datadoghqv2a return reconcile.Result{}, err } logger.Info("Deleting Cluster Agent Deployment", "deployment.Namespace", clusterAgentDeployment.Namespace, "deployment.Name", clusterAgentDeployment.Name) - event := buildEventInfo(clusterAgentDeployment.Name, clusterAgentDeployment.Namespace, clusterRoleBindingKind, datadog.DeletionEvent) + event := buildEventInfo(clusterAgentDeployment.Name, clusterAgentDeployment.Namespace, kubernetes.ClusterRoleBindingKind, datadog.DeletionEvent) r.recordEvent(dda, event) if err := r.client.Delete(context.TODO(), clusterAgentDeployment); err != nil { return reconcile.Result{}, err diff --git a/internal/controller/datadogagent/controller_reconcile_v2_common.go b/internal/controller/datadogagent/controller_reconcile_v2_common.go index 40bd5638fe..ba64c3d205 100644 --- a/internal/controller/datadogagent/controller_reconcile_v2_common.go +++ b/internal/controller/datadogagent/controller_reconcile_v2_common.go @@ -103,7 +103,7 @@ func (r *Reconciler) createOrUpdateDeployment(parentLogger logr.Logger, dda *dat updateStatusFunc(nil, newStatus, now, metav1.ConditionFalse, updateSucceeded, "Unable to update Deployment") return reconcile.Result{}, err } - event := buildEventInfo(updateDeployment.Name, updateDeployment.Namespace, deploymentKind, datadog.UpdateEvent) + event := buildEventInfo(updateDeployment.Name, updateDeployment.Namespace, kubernetes.DeploymentKind, datadog.UpdateEvent) r.recordEvent(dda, event) updateStatusFunc(updateDeployment, newStatus, now, metav1.ConditionTrue, updateSucceeded, "Deployment updated") } else { @@ -114,7 +114,7 @@ func (r *Reconciler) createOrUpdateDeployment(parentLogger logr.Logger, dda *dat updateStatusFunc(nil, newStatus, now, metav1.ConditionFalse, createSucceeded, "Unable to create Deployment") return reconcile.Result{}, err } - event := buildEventInfo(deployment.Name, deployment.Namespace, deploymentKind, datadog.CreationEvent) + event := buildEventInfo(deployment.Name, deployment.Namespace, kubernetes.DeploymentKind, datadog.CreationEvent) r.recordEvent(dda, event) updateStatusFunc(deployment, newStatus, now, metav1.ConditionTrue, createSucceeded, "Deployment created") } @@ -245,7 +245,7 @@ func (r *Reconciler) createOrUpdateDaemonset(parentLogger logr.Logger, dda *data updateStatusFunc(updateDaemonset, newStatus, now, metav1.ConditionFalse, updateSucceeded, "Unable to update Daemonset") return reconcile.Result{}, err } - event := buildEventInfo(updateDaemonset.Name, updateDaemonset.Namespace, daemonSetKind, datadog.UpdateEvent) + event := buildEventInfo(updateDaemonset.Name, updateDaemonset.Namespace, kubernetes.DaemonSetKind, datadog.UpdateEvent) r.recordEvent(dda, event) updateStatusFunc(updateDaemonset, newStatus, now, metav1.ConditionTrue, updateSucceeded, "Daemonset updated") } else { @@ -262,7 +262,7 @@ func (r *Reconciler) createOrUpdateDaemonset(parentLogger logr.Logger, dda *data updateStatusFunc(nil, newStatus, now, metav1.ConditionFalse, createSucceeded, "Unable to create Daemonset") return reconcile.Result{}, err } - event := buildEventInfo(daemonset.Name, daemonset.Namespace, daemonSetKind, datadog.CreationEvent) + event := buildEventInfo(daemonset.Name, daemonset.Namespace, kubernetes.DaemonSetKind, datadog.CreationEvent) r.recordEvent(dda, event) updateStatusFunc(daemonset, newStatus, now, metav1.ConditionTrue, createSucceeded, "Daemonset created") } @@ -342,7 +342,7 @@ func (r *Reconciler) createOrUpdateExtendedDaemonset(parentLogger logr.Logger, d updateStatusFunc(updateEDS, newStatus, now, metav1.ConditionFalse, updateSucceeded, "Unable to update ExtendedDaemonSet") return reconcile.Result{}, err } - event := buildEventInfo(updateEDS.Name, updateEDS.Namespace, extendedDaemonSetKind, datadog.UpdateEvent) + event := buildEventInfo(updateEDS.Name, updateEDS.Namespace, kubernetes.ExtendedDaemonSetKind, datadog.UpdateEvent) r.recordEvent(dda, event) updateStatusFunc(updateEDS, newStatus, now, metav1.ConditionTrue, updateSucceeded, "ExtendedDaemonSet updated") } else { @@ -353,7 +353,7 @@ func (r *Reconciler) createOrUpdateExtendedDaemonset(parentLogger logr.Logger, d updateStatusFunc(nil, newStatus, now, metav1.ConditionFalse, createSucceeded, "Unable to create ExtendedDaemonSet") return reconcile.Result{}, err } - event := buildEventInfo(eds.Name, eds.Namespace, extendedDaemonSetKind, datadog.CreationEvent) + event := buildEventInfo(eds.Name, eds.Namespace, kubernetes.ExtendedDaemonSetKind, datadog.CreationEvent) r.recordEvent(dda, event) updateStatusFunc(eds, newStatus, now, metav1.ConditionTrue, createSucceeded, "ExtendedDaemonSet created") } diff --git a/internal/controller/datadogagent/finalizer_test.go b/internal/controller/datadogagent/finalizer_test.go index ea9db52ca1..fce9e75b89 100644 --- a/internal/controller/datadogagent/finalizer_test.go +++ b/internal/controller/datadogagent/finalizer_test.go @@ -11,6 +11,8 @@ import ( agenttestutils "github.com/DataDog/datadog-operator/internal/controller/datadogagent/testutils" "github.com/DataDog/datadog-operator/internal/controller/testutils" "github.com/DataDog/datadog-operator/pkg/agentprofile" + "github.com/DataDog/datadog-operator/pkg/kubernetes/rbac" + "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" @@ -47,7 +49,7 @@ func Test_handleFinalizer(t *testing.T) { existingClusterRoles := []*rbacv1.ClusterRole{ { TypeMeta: metav1.TypeMeta{ - Kind: clusterRoleKind, + Kind: rbac.ClusterRoleKind, APIVersion: rbacv1.SchemeGroupVersion.String(), }, ObjectMeta: metav1.ObjectMeta{ @@ -59,7 +61,7 @@ func Test_handleFinalizer(t *testing.T) { }, { TypeMeta: metav1.TypeMeta{ - Kind: clusterRoleKind, + Kind: rbac.ClusterRoleKind, APIVersion: rbacv1.SchemeGroupVersion.String(), }, ObjectMeta: metav1.ObjectMeta{ @@ -76,7 +78,7 @@ func Test_handleFinalizer(t *testing.T) { existingClusterRoleBindings := []*rbacv1.ClusterRoleBinding{ { TypeMeta: metav1.TypeMeta{ - Kind: clusterRoleBindingKind, + Kind: rbac.ClusterRoleBindingKind, APIVersion: rbacv1.SchemeGroupVersion.String(), }, ObjectMeta: metav1.ObjectMeta{ @@ -88,7 +90,7 @@ func Test_handleFinalizer(t *testing.T) { }, { TypeMeta: metav1.TypeMeta{ - Kind: clusterRoleBindingKind, + Kind: rbac.ClusterRoleBindingKind, APIVersion: rbacv1.SchemeGroupVersion.String(), }, ObjectMeta: metav1.ObjectMeta{ diff --git a/internal/controller/datadogagent/override/const.go b/internal/controller/datadogagent/override/const.go new file mode 100644 index 0000000000..16580815df --- /dev/null +++ b/internal/controller/datadogagent/override/const.go @@ -0,0 +1,15 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2016-present Datadog, Inc. + +package override + +// This file tracks constants used in overrides + +const ( + // extraConfdConfigMapName is the name of the ConfigMap storing Custom Confd data + extraConfdConfigMapName = "%s-extra-confd" + // extraChecksdConfigMapName is the name of the ConfigMap storing Custom Checksd data + extraChecksdConfigMapName = "%s-extra-checksd" +) diff --git a/internal/controller/datadogagent/override/dependencies.go b/internal/controller/datadogagent/override/dependencies.go index aac80e9d6f..a9bf9f2117 100644 --- a/internal/controller/datadogagent/override/dependencies.go +++ b/internal/controller/datadogagent/override/dependencies.go @@ -36,11 +36,11 @@ func Dependencies(logger logr.Logger, manager feature.ResourceManagers, dda *v2a errs = append(errs, overrideCustomConfigs(logger, manager, override.CustomConfigurations, dda.Name, namespace)...) // Handle custom check configurations - confdCMName := fmt.Sprintf(v2alpha1.ExtraConfdConfigMapName, strings.ToLower((string(component)))) + confdCMName := fmt.Sprintf(extraConfdConfigMapName, strings.ToLower((string(component)))) errs = append(errs, overrideExtraConfigs(logger, manager, override.ExtraConfd, namespace, confdCMName, true)...) // Handle custom check files - checksdCMName := fmt.Sprintf(v2alpha1.ExtraChecksdConfigMapName, strings.ToLower((string(component)))) + checksdCMName := fmt.Sprintf(extraChecksdConfigMapName, strings.ToLower((string(component)))) errs = append(errs, overrideExtraConfigs(logger, manager, override.ExtraChecksd, namespace, checksdCMName, false)...) } diff --git a/internal/controller/datadogagent/override/podtemplatespec.go b/internal/controller/datadogagent/override/podtemplatespec.go index c1b6807d07..9f04efe01e 100644 --- a/internal/controller/datadogagent/override/podtemplatespec.go +++ b/internal/controller/datadogagent/override/podtemplatespec.go @@ -69,7 +69,7 @@ func PodTemplateSpec(logger logr.Logger, manager feature.PodTemplateManagers, ov // defined in the init container; just overwrite the Volume to mount the ConfigMap instead of an EmptyDir. // If both ConfigMap and ConfigData exist, ConfigMap has higher priority. if override.ExtraConfd != nil { - cmName := fmt.Sprintf(v2alpha1.ExtraConfdConfigMapName, strings.ToLower((string(componentName)))) + cmName := fmt.Sprintf(extraConfdConfigMapName, strings.ToLower((string(componentName)))) vol := volume.GetVolumeFromMultiCustomConfig(override.ExtraConfd, apicommon.ConfdVolumeName, cmName) manager.Volume().AddVolume(&vol) @@ -86,7 +86,7 @@ func PodTemplateSpec(logger logr.Logger, manager feature.PodTemplateManagers, ov // If both ConfigMap and ConfigData exist, ConfigMap has higher priority. if override.ExtraChecksd != nil { - cmName := fmt.Sprintf(v2alpha1.ExtraChecksdConfigMapName, strings.ToLower((string(componentName)))) + cmName := fmt.Sprintf(extraChecksdConfigMapName, strings.ToLower((string(componentName)))) vol := volume.GetVolumeFromMultiCustomConfig(override.ExtraChecksd, apicommon.ChecksdVolumeName, cmName) manager.Volume().AddVolume(&vol) diff --git a/pkg/kubernetes/const.go b/pkg/kubernetes/const.go index 74886ededd..881b3ef5ef 100644 --- a/pkg/kubernetes/const.go +++ b/pkg/kubernetes/const.go @@ -5,75 +5,80 @@ package kubernetes +// This file tracks string constants that are native to Kubernetes + const ( - // AppKubernetesNameLabelKey The name of the application - AppKubernetesNameLabelKey = "app.kubernetes.io/name" - // AppKubernetesInstanceLabelKey A unique name identifying the instance of an application - AppKubernetesInstanceLabelKey = "app.kubernetes.io/instance" - // AppKubernetesVersionLabelKey The current version of the application - AppKubernetesVersionLabelKey = "app.kubernetes.io/version" - // AppKubernetesComponentLabelKey The component within the architecture + // AppKubernetesComponentLabelKey is the key for the component within the architecture AppKubernetesComponentLabelKey = "app.kubernetes.io/component" - // AppKubernetesPartOfLabelKey The name of a higher level application this one is part of - AppKubernetesPartOfLabelKey = "app.kubernetes.io/part-of" - // AppKubernetesManageByLabelKey The tool being used to manage the operation of an application + // AppKubernetesInstanceLabelKey is the key for a unique name identifying the instance of an application + AppKubernetesInstanceLabelKey = "app.kubernetes.io/instance" + // AppKubernetesManageByLabelKey is the key for the tool being used to manage the operation of an application AppKubernetesManageByLabelKey = "app.kubernetes.io/managed-by" + // AppKubernetesNameLabelKey is the key for the name of the application + AppKubernetesNameLabelKey = "app.kubernetes.io/name" + // AppKubernetesPartOfLabelKey is the key for the name of a higher level application this one is part of + AppKubernetesPartOfLabelKey = "app.kubernetes.io/part-of" + // AppKubernetesVersionLabelKey is the key for the current version of the application + AppKubernetesVersionLabelKey = "app.kubernetes.io/version" ) -// ObjectKind type for kubernetes resource kind. +// ObjectKind type for kubernetes resource kind. These strings are plural because +// their list kind is used to query the Kubernetes API when cleaning up resources. + +// They are also used in the store for DatadogAgent dependencies. type ObjectKind string const ( - // ConfigMapKind ConfigMaps resource kind - ConfigMapKind ObjectKind = "configmaps" - // ClusterRolesKind ClusterRoles resource kind + // APIServiceKind is the APIService resource kind + APIServiceKind = "apiservices" + // CiliumNetworkPoliciesKind is the CiliumNetworkPolicies resource kind + CiliumNetworkPoliciesKind = "ciliumnetworkpolicies" + // ClusterRolesKind is the ClusterRoles resource kind ClusterRolesKind = "clusterroles" - // ClusterRoleBindingKind ClusterRoleBindings resource kind + // ClusterRoleBindingKind is the ClusterRoleBindings resource kind ClusterRoleBindingKind = "clusterrolebindings" - // RolesKind Roles resource kind - RolesKind = "roles" - // RoleBindingKind RoleBinding resource kind - RoleBindingKind = "rolebindings" - // ValidatingWebhookConfigurationsKind ValidatingWebhookConfigurations resource kind - ValidatingWebhookConfigurationsKind = "validatingwebhookconfigurations" - // MutatingWebhookConfigurationsKind MutatingWebhookConfigurations resource kind + // ConfigMapKind is the ConfigMaps resource kind + ConfigMapKind ObjectKind = "configmaps" + // MutatingWebhookConfigurationsKind is the MutatingWebhookConfigurations resource kind MutatingWebhookConfigurationsKind = "mutatingwebhookconfigurations" - // APIServiceKind APIService resource kind - APIServiceKind = "apiservices" - // SecretsKind Secrets resource kind - SecretsKind = "secrets" - // ServicesKind Services resource kind - ServicesKind = "services" - // ServiceAccountsKind ServiceAccounts resource kind - ServiceAccountsKind = "serviceaccounts" - // PodDisruptionBudgetsKind PodDisruptionBudgets resource kind - PodDisruptionBudgetsKind = "poddisruptionbudgets" - // NetworkPoliciesKind NetworkPolicies resource kind + // NetworkPoliciesKind is the NetworkPolicies resource kind NetworkPoliciesKind = "networkpolicies" - // PodSecurityPoliciesKind PodSecurityPolicies resource kind - PodSecurityPoliciesKind = "podsecuritypolicies" - // CiliumNetworkPoliciesKind CiliumNetworkPolicies resource kind - CiliumNetworkPoliciesKind = "ciliumnetworkpolicies" - // NodeKind Nodes resource kind + // NodeKind is the Nodes resource kind NodeKind = "nodes" + // PodDisruptionBudgetsKind is the PodDisruptionBudgets resource kind + PodDisruptionBudgetsKind = "poddisruptionbudgets" + // PodSecurityPoliciesKind is the PodSecurityPolicies resource kind + PodSecurityPoliciesKind = "podsecuritypolicies" + // RoleBindingKind is the RoleBinding resource kind + RoleBindingKind = "rolebindings" + // RolesKind is the Roles resource kind + RolesKind = "roles" + // SecretsKind is the Secrets resource kind + SecretsKind = "secrets" + // ServiceAccountsKind is the ServiceAccounts resource kind + ServiceAccountsKind = "serviceaccounts" + // ServicesKind is the Services resource kind + ServicesKind = "services" + // ValidatingWebhookConfigurationsKind is the ValidatingWebhookConfigurations resource kind + ValidatingWebhookConfigurationsKind = "validatingwebhookconfigurations" ) -// GetResourcesKind return the list of all possible ObjectKind supported as DatadogAgent dependencies +// getResourcesKind return the list of all possible ObjectKind supported as DatadogAgent dependencies func getResourcesKind(withCiliumResources, withPodSecurityPolicy bool) []ObjectKind { resources := []ObjectKind{ - ConfigMapKind, + APIServiceKind, ClusterRolesKind, ClusterRoleBindingKind, + ConfigMapKind, + MutatingWebhookConfigurationsKind, + NetworkPoliciesKind, + PodDisruptionBudgetsKind, RolesKind, RoleBindingKind, - ValidatingWebhookConfigurationsKind, - MutatingWebhookConfigurationsKind, - APIServiceKind, SecretsKind, - ServicesKind, ServiceAccountsKind, - PodDisruptionBudgetsKind, - NetworkPoliciesKind, + ServicesKind, + ValidatingWebhookConfigurationsKind, } if withCiliumResources { @@ -86,3 +91,13 @@ func getResourcesKind(withCiliumResources, withPodSecurityPolicy bool) []ObjectK return resources } + +// These constants are used in Datadog event submission +const ( + // ExtendedDaemonSetKind is the ExtendedDaemonset resource kind + ExtendedDaemonSetKind = "extendeddaemonset" + // DaemonSetKind is the Daemonset resource kind + DaemonSetKind = "daemonset" + // DeploymentKind is the Deployment resource kind + DeploymentKind = "deployment" +) diff --git a/pkg/kubernetes/rbac/const.go b/pkg/kubernetes/rbac/const.go index 0882e7ba7b..2cf8a351aa 100644 --- a/pkg/kubernetes/rbac/const.go +++ b/pkg/kubernetes/rbac/const.go @@ -5,106 +5,108 @@ package rbac -// Consts used to setup Rbac config +// This file tracks string constants that are used to set up RBAC configurations. + const ( Wildcard = "*" // API Groups - CoreAPIGroup = "" - ExtensionsAPIGroup = "extensions" - OpenShiftQuotaAPIGroup = "quota.openshift.io" - RbacAPIGroup = "rbac.authorization.k8s.io" + AdmissionAPIGroup = "admissionregistration.k8s.io" + APIExtensionsAPIGroup = "apiextensions.k8s.io" + AppsAPIGroup = "apps" + AuthorizationAPIGroup = "authorization.k8s.io" AutoscalingAPIGroup = "autoscaling" + AutoscalingK8sIoAPIGroup = "autoscaling.k8s.io" + BatchAPIGroup = "batch" CertificatesAPIGroup = "certificates.k8s.io" - StorageAPIGroup = "storage.k8s.io" CoordinationAPIGroup = "coordination.k8s.io" + CoreAPIGroup = "" DatadogAPIGroup = "datadoghq.com" - AdmissionAPIGroup = "admissionregistration.k8s.io" - AppsAPIGroup = "apps" - BatchAPIGroup = "batch" - PolicyAPIGroup = "policy" - NetworkingAPIGroup = "networking.k8s.io" - AutoscalingK8sIoAPIGroup = "autoscaling.k8s.io" - AuthorizationAPIGroup = "authorization.k8s.io" + ExtensionsAPIGroup = "extensions" ExternalMetricsAPIGroup = "external.metrics.k8s.io" + NetworkingAPIGroup = "networking.k8s.io" + OpenShiftQuotaAPIGroup = "quota.openshift.io" + PolicyAPIGroup = "policy" + RbacAPIGroup = "rbac.authorization.k8s.io" RegistrationAPIGroup = "apiregistration.k8s.io" - APIExtensionsAPIGroup = "apiextensions.k8s.io" + StorageAPIGroup = "storage.k8s.io" // Resources APIServicesResource = "apiservices" - CustomResourceDefinitionsResource = "customresourcedefinitions" - ServicesResource = "services" - EventsResource = "events" - EndpointsResource = "endpoints" - PodsResource = "pods" - PodsExecResource = "pods/exec" - NodesResource = "nodes" - ComponentStatusesResource = "componentstatuses" CertificatesSigningRequestsResource = "certificatesigningrequests" - ConfigMapsResource = "configmaps" - ResourceQuotasResource = "resourcequotas" - ReplicationControllersResource = "replicationcontrollers" - LimitRangesResource = "limitranges" - PersistentVolumeClaimsResource = "persistentvolumeclaims" - PersistentVolumesResource = "persistentvolumes" - LeasesResource = "leases" ClusterResourceQuotasResource = "clusterresourcequotas" - NodeMetricsResource = "nodes/metrics" - NodeSpecResource = "nodes/spec" - NodeProxyResource = "nodes/proxy" - NodeStats = "nodes/stats" - HorizontalPodAutoscalersRecource = "horizontalpodautoscalers" + ClusterRoleBindingResource = "clusterrolebindings" + ClusterRoleResource = "clusterroles" + ComponentStatusesResource = "componentstatuses" + ConfigMapsResource = "configmaps" + CronjobsResource = "cronjobs" + CustomResourceDefinitionsResource = "customresourcedefinitions" + DaemonsetsResource = "daemonsets" DatadogMetricsResource = "datadogmetrics" DatadogMetricsStatusResource = "datadogmetrics/status" DatadogPodAutoscalersResource = "datadogpodautoscalers" DatadogPodAutoscalersStatusResource = "datadogpodautoscalers/status" - WpaResource = "watermarkpodautoscalers" + DeploymentsResource = "deployments" + EndpointsResource = "endpoints" + EventsResource = "events" + ExtendedDaemonSetReplicaSetResource = "extendeddaemonsetreplicasets" + HorizontalPodAutoscalersRecource = "horizontalpodautoscalers" + IngressesResource = "ingresses" + JobsResource = "jobs" + LeasesResource = "leases" + LimitRangesResource = "limitranges" MutatingConfigResource = "mutatingwebhookconfigurations" - ValidatingConfigResource = "validatingwebhookconfigurations" - SecretsResource = "secrets" + NamespaceResource = "namespaces" + NetworkPolicyResource = "networkpolicies" + NodeMetricsResource = "nodes/metrics" + NodeProxyResource = "nodes/proxy" + NodeSpecResource = "nodes/spec" + NodesResource = "nodes" + NodeStats = "nodes/stats" + PersistentVolumeClaimsResource = "persistentvolumeclaims" + PersistentVolumesResource = "persistentvolumes" PodDisruptionBudgetsResource = "poddisruptionbudgets" + PodSecurityPolicyResource = "podsecuritypolicies" + PodsExecResource = "pods/exec" + PodsResource = "pods" ReplicasetsResource = "replicasets" - DeploymentsResource = "deployments" + ReplicationControllersResource = "replicationcontrollers" + ResourceQuotasResource = "resourcequotas" + RoleBindingResource = "rolebindings" + RoleResource = "roles" + SecretsResource = "secrets" + ServiceAccountResource = "serviceaccounts" + ServicesResource = "services" StatefulsetsResource = "statefulsets" - DaemonsetsResource = "daemonsets" - JobsResource = "jobs" - CronjobsResource = "cronjobs" StorageClassesResource = "storageclasses" + SubjectAccessReviewResource = "subjectaccessreviews" + ValidatingConfigResource = "validatingwebhookconfigurations" VolumeAttachments = "volumeattachments" - ExtendedDaemonSetReplicaSetResource = "extendeddaemonsetreplicasets" - ServiceAccountResource = "serviceaccounts" - NamespaceResource = "namespaces" - PodSecurityPolicyResource = "podsecuritypolicies" - ClusterRoleBindingResource = "clusterrolebindings" - RoleBindingResource = "rolebindings" - NetworkPolicyResource = "networkpolicies" - IngressesResource = "ingresses" VPAResource = "verticalpodautoscalers" - SubjectAccessReviewResource = "subjectaccessreviews" - ClusterRoleResource = "clusterroles" - RoleResource = "roles" + WpaResource = "watermarkpodautoscalers" // Non resource URLs - VersionURL = "/version" HealthzURL = "/healthz" - MetricsURL = "/metrics" MetricsSLIsURL = "/metrics/slis" + MetricsURL = "/metrics" + VersionURL = "/version" // Verbs + CreateVerb = "create" + DeleteVerb = "delete" GetVerb = "get" ListVerb = "list" - WatchVerb = "watch" - UpdateVerb = "update" PatchVerb = "patch" - CreateVerb = "create" - DeleteVerb = "delete" + UpdateVerb = "update" + WatchVerb = "watch" - // Rbac resource kinds + // RBAC resource kinds (singular) - ClusterRoleKind = "ClusterRole" - RoleKind = "Role" - ServiceAccountKind = "ServiceAccount" + ClusterRoleBindingKind = "ClusterRoleBinding" + ClusterRoleKind = "ClusterRole" + RoleKind = "Role" + ServiceAccountKind = "ServiceAccount" )