Skip to content

Commit

Permalink
feat(admission controller): Add new webhook settings
Browse files Browse the repository at this point in the history 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
  • Loading branch information
@wdhif
wdhif committed Oct 15, 2024
1 parent 24f18f9 commit c3dfa7f
Show file tree
Hide file tree
Showing 11 changed files with 337 additions and 31 deletions.
2 changes: 2 additions & 0 deletions api/datadoghq/common/envvar.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ const (
DDAdmissionControllerAgentSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS"
DDAdmissionControllerAgentSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES"
DDAdmissionControllerEnabled = "DD_ADMISSION_CONTROLLER_ENABLED"
DDAdmissionControllerValidationEnabled = "DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED"
DDAdmissionControllerMutationEnabled = "DD_ADMISSION_CONTROLLER_MUTATION_ENABLED"
DDAdmissionControllerInjectConfig = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_ENABLED"
DDAdmissionControllerInjectConfigMode = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE"
DDAdmissionControllerInjectTags = "DD_ADMISSION_CONTROLLER_INJECT_TAGS_ENABLED"
Expand Down
14 changes: 14 additions & 0 deletions api/datadoghq/v2alpha1/datadogagent_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ const (

defaultAdmissionControllerAgentSidecarClusterAgentEnabled bool = true
defaultAdmissionControllerEnabled bool = true
defaultAdmissionControllerValidationEnabled bool = true
defaultAdmissionControllerMutationEnabled bool = true
defaultAdmissionControllerMutateUnlabelled bool = false
defaultAdmissionServiceName string = "datadog-admission-controller"
// DefaultAdmissionControllerCWSInstrumentationEnabled default CWS Instrumentation enabled value
Expand Down Expand Up @@ -465,8 +467,20 @@ func defaultFeaturesConfig(ddaSpec *DatadogAgentSpec) {
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.Enabled, defaultAdmissionControllerEnabled)
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.MutateUnlabelled, defaultAdmissionControllerMutateUnlabelled)
apiutils.DefaultStringIfUnset(&ddaSpec.Features.AdmissionController.ServiceName, defaultAdmissionServiceName)
}

// AdmissionControllerValidation Feature
if ddaSpec.Features.AdmissionController.AdmissionControllerValidationConfig == nil {
ddaSpec.Features.AdmissionController.AdmissionControllerValidationConfig = &AdmissionControllerValidationConfig{}
}
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.AdmissionControllerValidationConfig.Enabled, defaultAdmissionControllerValidationEnabled)

// AdmissionControllerMutation Feature
if ddaSpec.Features.AdmissionController.AdmissionControllerMutationConfig == nil {
ddaSpec.Features.AdmissionController.AdmissionControllerMutationConfig = &AdmissionControllerMutationConfig{}
}
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.AdmissionControllerMutationConfig.Enabled, defaultAdmissionControllerMutationEnabled)

agentSidecarInjection := ddaSpec.Features.AdmissionController.AgentSidecarInjection
if agentSidecarInjection != nil && agentSidecarInjection.Enabled != nil && *agentSidecarInjection.Enabled {
apiutils.DefaultBooleanIfUnset(&agentSidecarInjection.ClusterAgentCommunicationEnabled, defaultAdmissionControllerAgentSidecarClusterAgentEnabled)
Expand Down
112 changes: 99 additions & 13 deletions api/datadoghq/v2alpha1/datadogagent_default_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -355,7 +361,9 @@ func Test_defaultFeatures(t *testing.T) {
Enabled: apiutils.NewBoolPointer(valueFalse),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
Enabled: apiutils.NewBoolPointer(valueFalse),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{Enabled: apiutils.NewBoolPointer(valueFalse)},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{Enabled: apiutils.NewBoolPointer(valueFalse)},
},
ExternalMetricsServer: &ExternalMetricsServerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
Expand Down Expand Up @@ -454,6 +462,12 @@ func Test_defaultFeatures(t *testing.T) {
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
CWSInstrumentation: &CWSInstrumentationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
Expand Down Expand Up @@ -587,7 +601,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -719,7 +739,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -846,7 +872,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -975,7 +1007,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1109,7 +1147,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1239,7 +1283,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1366,7 +1416,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(valueFalse),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand All @@ -1387,6 +1443,12 @@ func Test_defaultFeatures(t *testing.T) {
ddaSpec: &DatadogAgentSpec{
Features: &DatadogFeatures{
AdmissionController: &AdmissionControllerFeatureConfig{
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(true),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(true),
},
MutateUnlabelled: apiutils.NewBoolPointer(true),
AgentCommunicationMode: apiutils.NewStringPointer("socket"),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1497,7 +1559,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueTrue),
Enabled: apiutils.NewBoolPointer(valueTrue),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(valueTrue),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
AgentCommunicationMode: apiutils.NewStringPointer("socket"),
Expand Down Expand Up @@ -1627,7 +1695,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1775,7 +1849,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1915,7 +1995,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down
22 changes: 22 additions & 0 deletions api/datadoghq/v2alpha1/datadogagent_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,14 @@ type AdmissionControllerFeatureConfig struct {
// +optional
Enabled *bool `json:"enabled,omitempty"`

// AdmissionControllerValidationConfig contains Admission Controller validation configurations.
// +optional
AdmissionControllerValidationConfig *AdmissionControllerValidationConfig `json:"validation,omitempty"`

// AdmissionControllerMutationConfig contains Admission Controller mutation configurations.
// +optional
AdmissionControllerMutationConfig *AdmissionControllerMutationConfig `json:"mutation,omitempty"`

// MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'.
// Default: false
// +optional
Expand Down Expand Up @@ -716,6 +724,20 @@ type AdmissionControllerFeatureConfig struct {
CWSInstrumentation *CWSInstrumentationConfig `json:"cwsInstrumentation,omitempty"`
}

type AdmissionControllerValidationConfig struct {
// Enabled enables the Admission Controller validation webhook.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}

type AdmissionControllerMutationConfig struct {
// Enabled enables the Admission Controller mutation webhook.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}

type AgentSidecarInjectionConfig struct {
// Enabled enables Sidecar injections.
// Default: false
Expand Down
24 changes: 24 additions & 0 deletions api/datadoghq/v2alpha1/test/builder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,12 @@ func (builder *DatadogAgentBuilder) initAdmissionController() {
if builder.datadogAgent.Spec.Features.AdmissionController == nil {
builder.datadogAgent.Spec.Features.AdmissionController = &v2alpha1.AdmissionControllerFeatureConfig{}
}
if builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerValidationConfig == nil {
builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerValidationConfig = &v2alpha1.AdmissionControllerValidationConfig{}
}
if builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerMutationConfig == nil {
builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerMutationConfig = &v2alpha1.AdmissionControllerMutationConfig{}
}
if builder.datadogAgent.Spec.Features.AdmissionController.CWSInstrumentation == nil {
builder.datadogAgent.Spec.Features.AdmissionController.CWSInstrumentation = &v2alpha1.CWSInstrumentationConfig{}
}
Expand All @@ -187,6 +193,24 @@ func (builder *DatadogAgentBuilder) WithAdmissionControllerEnabled(enabled bool)
return builder
}

func (builder *DatadogAgentBuilder) WithAdmissionControllerValidationEnabled(enabled bool) *DatadogAgentBuilder {
builder.initAdmissionController()
if builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerValidationConfig == nil {
builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerValidationConfig = &v2alpha1.AdmissionControllerValidationConfig{}
}
builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerValidationConfig.Enabled = apiutils.NewBoolPointer(enabled)
return builder
}

func (builder *DatadogAgentBuilder) WithAdmissionControllerMutationEnabled(enabled bool) *DatadogAgentBuilder {
builder.initAdmissionController()
if builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerMutationConfig == nil {
builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerMutationConfig = &v2alpha1.AdmissionControllerMutationConfig{}
}
builder.datadogAgent.Spec.Features.AdmissionController.AdmissionControllerMutationConfig.Enabled = apiutils.NewBoolPointer(enabled)
return builder
}

func (builder *DatadogAgentBuilder) WithAdmissionControllerMutateUnlabelled(enabled bool) *DatadogAgentBuilder {
builder.initAdmissionController()
builder.datadogAgent.Spec.Features.AdmissionController.MutateUnlabelled = apiutils.NewBoolPointer(enabled)
Expand Down
Loading

0 comments on commit c3dfa7f

Please sign in to comment.