DataDog · kisungyi92 · May 22, 2024 · May 13, 2024 · kisungyi92 · May 14, 2024
@@ -17,6 +17,7 @@ const (
 	DDAdmissionControllerServiceName                  = "DD_ADMISSION_CONTROLLER_SERVICE_NAME"
 	DDAdmissionControllerFailurePolicy                = "DD_ADMISSION_CONTROLLER_FAILURE_POLICY"
 	DDAdmissionControllerWebhookName                  = "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME"
+	DDAdmissionControllerRegistryName                 = "DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY"
 	DDAPIKey                                          = "DD_API_KEY"
 	DDAPMEnabled                                      = "DD_APM_ENABLED"
 	DDAPMInstrumentationInstallTime                   = "DD_INSTRUMENTATION_INSTALL_TIME"

@@ -584,6 +584,10 @@ type AdmissionControllerFeatureConfig struct {
 	// Default: "datadog-webhook"
 	// +optional
 	WebhookName *string `json:"webhookName,omitempty"`
+
+	// Registry defines an image registry for the admission controller.
+	// +optional
+	Registry *string `json:"registry,omitempty"`
 }
 
 // ExternalMetricsServerFeatureConfig contains the External Metrics Server feature configuration.

@@ -7817,6 +7817,9 @@ spec:
                         mutateUnlabelled:
                           description: 'MutateUnlabelled enables config injection without the need of pod label ''admission.datadoghq.com/enabled="true"''. Default: false'
                           type: boolean
+                        registry:
+                          description: Registry defines an image registry for the admission controller.
+                          type: string
                         serviceName:
                           description: ServiceName corresponds to the webhook service name.
                           type: string

@@ -15369,6 +15369,9 @@ spec:
                         mutateUnlabelled:
                           description: 'MutateUnlabelled enables config injection without the need of pod label ''admission.datadoghq.com/enabled="true"''. Default: false'
                           type: boolean
+                        registry:
+                          description: Registry defines an image registry for the admission controller.
+                          type: string
                         serviceName:
                           description: ServiceName corresponds to the webhook service name.
                           type: string

@@ -249,7 +249,6 @@ func clusterAgentWithAdmissionControllerDefaultEnvVars(webhookService, agentServ
 		Name:  "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME",
 		Value: "datadog-webhook",
 	})
-
 	return builder.Build()
 }
 

@@ -33,9 +33,9 @@ type admissionControllerFeature struct {
 	agentCommunicationMode string
 	localServiceName       string
 	failurePolicy          string
-
-	serviceAccountName string
-	owner              metav1.Object
+	registry               string
+	serviceAccountName     string
+	owner                  metav1.Object
 }
 
 func buildAdmissionControllerFeature(options *feature.Options) feature.Feature {
@@ -57,6 +57,12 @@ func (f *admissionControllerFeature) Configure(dda *v2alpha1.DatadogAgent) (reqC
 		if ac.ServiceName != nil && *ac.ServiceName != "" {
 			f.serviceName = *ac.ServiceName
 		}
+		// set image registry from feature config or global config if defined
+		if ac.Registry != nil && *ac.Registry != "" {
+			f.registry = *ac.Registry
+		} else if dda.Spec.Global.Registry != nil && *dda.Spec.Global.Registry != "" {
+			f.registry = *dda.Spec.Global.Registry
+		}
 		// agent communication mode set by user
 		if ac.AgentCommunicationMode != nil && *ac.AgentCommunicationMode != "" {
 			f.agentCommunicationMode = *ac.AgentCommunicationMode
@@ -146,6 +152,13 @@ func (f *admissionControllerFeature) ManageClusterAgent(managers feature.PodTemp
 		Value: apiutils.BoolToString(&f.mutateUnlabelled),
 	})
 
+	if f.registry != "" {
+		managers.EnvVar().AddEnvVarToContainer(common.ClusterAgentContainerName, &corev1.EnvVar{
+			Name:  apicommon.DDAdmissionControllerRegistryName,
+			Value: f.registry,
+		})
+	}
+
 	if f.serviceName != "" {
 		managers.EnvVar().AddEnvVarToContainer(common.ClusterAgentContainerName, &corev1.EnvVar{
 			Name:  apicommon.DDAdmissionControllerServiceName,

@@ -34,7 +34,9 @@ func TestAdmissionControllerFeature(t *testing.T) {
 			Enabled: apiutils.NewBoolPointer(true),
 		},
 	}
-
+	globalConfig := &v2alpha1.GlobalConfig{
+		Registry: apiutils.NewStringPointer("globalRegistryName"),
+	}
 	tests := test.FeatureTestSuite{
 		//////////////////////////
 		// v1Alpha1.DatadogAgent
@@ -48,34 +50,45 @@ func TestAdmissionControllerFeature(t *testing.T) {
 			Name:          "v1alpha1 admission controller enabled",
 			DDAv1:         newV1Agent(true),
 			WantConfigure: true,
-			ClusterAgent:  testDCAResources("hostip"),
+			ClusterAgent:  testDCAResources("hostip", ""),
 		},
-
 		//////////////////////////
 		// v2Alpha1.DatadogAgent
 		//////////////////////////
 		{
 			Name:          "v2alpha1 admission controller not enabled",
-			DDAv2:         newV2Agent(false, "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}),
+			DDAv2:         newV2Agent(false, "", "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}, nil),
 			WantConfigure: false,
 		},
 		{
 			Name:          "v2alpha1 admission controller enabled",
-			DDAv2:         newV2Agent(true, "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}),
+			DDAv2:         newV2Agent(true, "", "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}, nil),
 			WantConfigure: true,
-			ClusterAgent:  testDCAResources(""),
+			ClusterAgent:  testDCAResources("", ""),
 		},
 		{
 			Name:          "v2alpha1 admission controller enabled, apm uses uds",
-			DDAv2:         newV2Agent(true, "", apmUDS, &v2alpha1.DogstatsdFeatureConfig{}),
+			DDAv2:         newV2Agent(true, "", "", apmUDS, &v2alpha1.DogstatsdFeatureConfig{}, nil),
 			WantConfigure: true,
-			ClusterAgent:  testDCAResources("socket"),
+			ClusterAgent:  testDCAResources("socket", ""),
 		},
 		{
 			Name:          "v2alpha1 admission controller enabled, dsd uses uds",
-			DDAv2:         newV2Agent(true, "", &v2alpha1.APMFeatureConfig{}, dsdUDS),
+			DDAv2:         newV2Agent(true, "", "", &v2alpha1.APMFeatureConfig{}, dsdUDS, nil),
+			WantConfigure: true,
+			ClusterAgent:  testDCAResources("socket", ""),
+		},
+		{
+			Name:          "v2alpha1 admission controller enabled, add custom registry in global config",
+			DDAv2:         newV2Agent(true, "", "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}, globalConfig),
+			WantConfigure: true,
+			ClusterAgent:  testDCAResources("", "globalRegistryName"),
+		},
+		{
+			Name:          "v2alpha1 admission controller enabled, add custom registry in global config, override with feature config",
+			DDAv2:         newV2Agent(true, "", "testRegistryName", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}, globalConfig),
 			WantConfigure: true,
-			ClusterAgent:  testDCAResources("socket"),
+			ClusterAgent:  testDCAResources("", "testRegistryName"),
 		},
 	}
 
@@ -99,17 +112,17 @@ func newV1Agent(enabled bool) *v1alpha1.DatadogAgent {
 	}
 }
 
-func newV2Agent(enabled bool, acm string, apm *v2alpha1.APMFeatureConfig, dsd *v2alpha1.DogstatsdFeatureConfig) *v2alpha1.DatadogAgent {
+func newV2Agent(enabled bool, acm, registry string, apm *v2alpha1.APMFeatureConfig, dsd *v2alpha1.DogstatsdFeatureConfig, global *v2alpha1.GlobalConfig) *v2alpha1.DatadogAgent {
 	dda := &v2alpha1.DatadogAgent{
 		Spec: v2alpha1.DatadogAgentSpec{
+			Global: &v2alpha1.GlobalConfig{},
 			Features: &v2alpha1.DatadogFeatures{
 				AdmissionController: &v2alpha1.AdmissionControllerFeatureConfig{
 					Enabled:          apiutils.NewBoolPointer(enabled),
 					MutateUnlabelled: apiutils.NewBoolPointer(true),
 					ServiceName:      apiutils.NewStringPointer("testServiceName"),
 				},
 			},
-			Global: &v2alpha1.GlobalConfig{},
 		},
 	}
 	if acm != "" {
@@ -121,10 +134,17 @@ func newV2Agent(enabled bool, acm string, apm *v2alpha1.APMFeatureConfig, dsd *v
 	if dsd != nil {
 		dda.Spec.Features.Dogstatsd = dsd
 	}
+	if registry != "" {
+		dda.Spec.Features.AdmissionController.Registry = apiutils.NewStringPointer(registry)
+
+	}
+	if global != nil {
+		dda.Spec.Global = global
+	}
 	return dda
 }
 
-func testDCAResources(acm string) *test.ComponentTest {
+func testDCAResources(acm string, registry string) *test.ComponentTest {
 	return test.NewDefaultComponentTest().WithWantFunc(
 		func(t testing.TB, mgrInterface feature.PodTemplateManagers) {
 			mgr := mgrInterface.(*fake.PodTemplateManagers)
@@ -159,6 +179,13 @@ func testDCAResources(acm string) *test.ComponentTest {
 				}
 				expectedAgentEnvs = append(expectedAgentEnvs, &acmEnv)
 			}
+			if registry != "" {
+				registryEnv := corev1.EnvVar{
+					Name:  apicommon.DDAdmissionControllerRegistryName,
+					Value: registry,
+				}
+				expectedAgentEnvs = append(expectedAgentEnvs, &registryEnv)
+			}
 
 			assert.ElementsMatch(t,
 				agentEnvs,

@@ -38,6 +38,7 @@ spec:
 | features.admissionController.enabled | Enabled enables the Admission Controller. Default: true |
 | features.admissionController.failurePolicy | FailurePolicy determines how unrecognized and timeout errors are handled. |
 | features.admissionController.mutateUnlabelled | MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. Default: false |
+| features.admissionController.registry | Registry defines an image registry for the admission controller. |
 | features.admissionController.serviceName | ServiceName corresponds to the webhook service name. |
 | features.admissionController.webhookName | WebhookName is a custom name for the MutatingWebhookConfiguration. Default: "datadog-webhook" |
 | features.apm.enabled | Enabled enables Application Performance Monitoring. Default: true |
-Original file line number
+Diff line change
@@ Expand Up @@
     		Name:  "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME",
     		Value: "datadog-webhook",
     	})
     	return builder.Build()
     }
@@ Expand Down @@