diff --git a/api/datadoghq/v2alpha1/datadogagent_default.go b/api/datadoghq/v2alpha1/datadogagent_default.go index 5caa18d50..978c22e03 100644 --- a/api/datadoghq/v2alpha1/datadogagent_default.go +++ b/api/datadoghq/v2alpha1/datadogagent_default.go @@ -79,6 +79,9 @@ const ( defaultAdmissionControllerMutationEnabled bool = true defaultAdmissionControllerMutateUnlabelled bool = false defaultAdmissionServiceName string = "datadog-admission-controller" + + defaultAdmissionControllerKubernetesAdmissionEventsEnabled bool = false + // DefaultAdmissionControllerCWSInstrumentationEnabled default CWS Instrumentation enabled value DefaultAdmissionControllerCWSInstrumentationEnabled bool = false // DefaultAdmissionControllerCWSInstrumentationMode default CWS Instrumentation mode @@ -495,6 +498,12 @@ func defaultFeaturesConfig(ddaSpec *DatadogAgentSpec) { apiutils.DefaultBooleanIfUnset(&agentSidecarInjection.ClusterAgentCommunicationEnabled, defaultAdmissionControllerAgentSidecarClusterAgentEnabled) } + // K8s Admission Events in AdmissonController Feature + if ddaSpec.Features.AdmissionController.KubernetesAdmissionEvents == nil { + ddaSpec.Features.AdmissionController.KubernetesAdmissionEvents = &KubernetesAdmissionEventsConfig{} + } + apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.KubernetesAdmissionEvents.Enabled, defaultAdmissionControllerKubernetesAdmissionEventsEnabled) + // CWS Instrumentation in AdmissionController Feature if ddaSpec.Features.AdmissionController.CWSInstrumentation == nil { ddaSpec.Features.AdmissionController.CWSInstrumentation = &CWSInstrumentationConfig{} diff --git a/api/datadoghq/v2alpha1/datadogagent_default_test.go b/api/datadoghq/v2alpha1/datadogagent_default_test.go index 143da79b4..fc8a80ef3 100644 --- a/api/datadoghq/v2alpha1/datadogagent_default_test.go +++ b/api/datadoghq/v2alpha1/datadogagent_default_test.go @@ -288,6 +288,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -479,6 +482,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(valueFalse), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(valueFalse), + }, }, ExternalMetricsServer: &ExternalMetricsServerFeatureConfig{ Enabled: apiutils.NewBoolPointer(valueFalse), @@ -624,6 +630,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -765,6 +774,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -901,6 +913,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1039,6 +1054,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1182,6 +1200,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1321,6 +1342,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1457,6 +1481,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1483,6 +1510,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(true), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, }, }, @@ -1605,6 +1635,9 @@ func Test_defaultFeatures(t *testing.T) { Enabled: apiutils.NewBoolPointer(valueTrue), Mode: apiutils.NewStringPointer(DefaultAdmissionControllerCWSInstrumentationMode), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1742,6 +1775,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1900,6 +1936,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -2049,6 +2088,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), diff --git a/api/datadoghq/v2alpha1/datadogagent_types.go b/api/datadoghq/v2alpha1/datadogagent_types.go index 1ca103536..f92c17c35 100644 --- a/api/datadoghq/v2alpha1/datadogagent_types.go +++ b/api/datadoghq/v2alpha1/datadogagent_types.go @@ -729,6 +729,10 @@ type AdmissionControllerFeatureConfig struct { // +optional Registry *string `json:"registry,omitempty"` + // KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration. + // +optional + KubernetesAdmissionEvents *KubernetesAdmissionEventsConfig `json:"kubernetesAdmissionEvents,omitempty"` + // CWSInstrumentation holds the CWS Instrumentation endpoint configuration // +optional CWSInstrumentation *CWSInstrumentationConfig `json:"cwsInstrumentation,omitempty"` @@ -809,6 +813,13 @@ type Profile struct { ResourceRequirements *corev1.ResourceRequirements `json:"resources,omitempty"` } +type KubernetesAdmissionEventsConfig struct { + // Enable the Kubernetes Admission Events feature. + // Default: false + // +optional + Enabled *bool `json:"enabled,omitempty"` +} + // CWSInstrumentationConfig contains the configuration of the CWS Instrumentation admission controller endpoint. type CWSInstrumentationConfig struct { // Enable the CWS Instrumentation admission controller endpoint. diff --git a/api/datadoghq/v2alpha1/zz_generated.deepcopy.go b/api/datadoghq/v2alpha1/zz_generated.deepcopy.go index 184b291a0..f5871d649 100644 --- a/api/datadoghq/v2alpha1/zz_generated.deepcopy.go +++ b/api/datadoghq/v2alpha1/zz_generated.deepcopy.go @@ -194,6 +194,11 @@ func (in *AdmissionControllerFeatureConfig) DeepCopyInto(out *AdmissionControlle *out = new(string) **out = **in } + if in.KubernetesAdmissionEvents != nil { + in, out := &in.KubernetesAdmissionEvents, &out.KubernetesAdmissionEvents + *out = new(KubernetesAdmissionEventsConfig) + (*in).DeepCopyInto(*out) + } if in.CWSInstrumentation != nil { in, out := &in.CWSInstrumentation, &out.CWSInstrumentation *out = new(CWSInstrumentationConfig) @@ -1810,6 +1815,26 @@ func (in *KubeletConfig) DeepCopy() *KubeletConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesAdmissionEventsConfig) DeepCopyInto(out *KubernetesAdmissionEventsConfig) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAdmissionEventsConfig. +func (in *KubernetesAdmissionEventsConfig) DeepCopy() *KubernetesAdmissionEventsConfig { + if in == nil { + return nil + } + out := new(KubernetesAdmissionEventsConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LanguageDetectionConfig) DeepCopyInto(out *LanguageDetectionConfig) { *out = *in diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml index f38cf8613..09beaf1d4 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml +++ b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml @@ -435,6 +435,15 @@ spec: failurePolicy: description: FailurePolicy determines how unrecognized and timeout errors are handled. type: string + kubernetesAdmissionEvents: + description: KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration. + properties: + enabled: + description: |- + Enable the Kubernetes Admission Events feature. + Default: false + type: boolean + type: object mutateUnlabelled: description: |- MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. @@ -7170,6 +7179,15 @@ spec: failurePolicy: description: FailurePolicy determines how unrecognized and timeout errors are handled. type: string + kubernetesAdmissionEvents: + description: KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration. + properties: + enabled: + description: |- + Enable the Kubernetes Admission Events feature. + Default: false + type: boolean + type: object mutateUnlabelled: description: |- MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json b/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json index 44de06e17..2133efdcc 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json +++ b/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json @@ -430,6 +430,17 @@ "description": "FailurePolicy determines how unrecognized and timeout errors are handled.", "type": "string" }, + "kubernetesAdmissionEvents": { + "additionalProperties": false, + "description": "KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration.", + "properties": { + "enabled": { + "description": "Enable the Kubernetes Admission Events feature.\nDefault: false", + "type": "boolean" + } + }, + "type": "object" + }, "mutateUnlabelled": { "description": "MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled=\"true\"'.\nDefault: false", "type": "boolean" @@ -7103,6 +7114,17 @@ "description": "FailurePolicy determines how unrecognized and timeout errors are handled.", "type": "string" }, + "kubernetesAdmissionEvents": { + "additionalProperties": false, + "description": "KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration.", + "properties": { + "enabled": { + "description": "Enable the Kubernetes Admission Events feature.\nDefault: false", + "type": "boolean" + } + }, + "type": "object" + }, "mutateUnlabelled": { "description": "MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled=\"true\"'.\nDefault: false", "type": "boolean" diff --git a/docs/configuration.v2alpha1.md b/docs/configuration.v2alpha1.md index 5e5e82982..7810746be 100644 --- a/docs/configuration.v2alpha1.md +++ b/docs/configuration.v2alpha1.md @@ -49,6 +49,7 @@ spec: | features.admissionController.cwsInstrumentation.mode | Defines the behavior of the CWS Instrumentation endpoint, and can be either "init_container" or "remote_copy". Default: "remote_copy" | | features.admissionController.enabled | Enables the Admission Controller. Default: true | | features.admissionController.failurePolicy | FailurePolicy determines how unrecognized and timeout errors are handled. | +| features.admissionController.kubernetesAdmissionEvents.enabled | Enable the Kubernetes Admission Events feature. Default: false | | features.admissionController.mutateUnlabelled | MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. Default: false | | features.admissionController.mutation.enabled | Enables the Admission Controller mutation webhook. Default: true | | features.admissionController.registry | Defines an image registry for the admission controller. | diff --git a/internal/controller/datadogagent/feature/admissioncontroller/envvar.go b/internal/controller/datadogagent/feature/admissioncontroller/envvar.go index 69739f5dd..da94b900b 100644 --- a/internal/controller/datadogagent/feature/admissioncontroller/envvar.go +++ b/internal/controller/datadogagent/feature/admissioncontroller/envvar.go @@ -6,26 +6,27 @@ package admissioncontroller const ( - DDAdmissionControllerAgentSidecarEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED" - DDAdmissionControllerAgentSidecarClusterAgentEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED" - DDAdmissionControllerAgentSidecarProvider = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER" - DDAdmissionControllerAgentSidecarRegistry = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY" - DDAdmissionControllerAgentSidecarImageName = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME" - DDAdmissionControllerAgentSidecarImageTag = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG" - DDAdmissionControllerAgentSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" - DDAdmissionControllerAgentSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" - DDAdmissionControllerEnabled = "DD_ADMISSION_CONTROLLER_ENABLED" - DDAdmissionControllerValidationEnabled = "DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED" - DDAdmissionControllerMutationEnabled = "DD_ADMISSION_CONTROLLER_MUTATION_ENABLED" - DDAdmissionControllerInjectConfig = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_ENABLED" - DDAdmissionControllerInjectConfigMode = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE" - DDAdmissionControllerInjectTags = "DD_ADMISSION_CONTROLLER_INJECT_TAGS_ENABLED" - DDAdmissionControllerLocalServiceName = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME" - DDAdmissionControllerMutateUnlabelled = "DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED" - DDAdmissionControllerServiceName = "DD_ADMISSION_CONTROLLER_SERVICE_NAME" - DDAdmissionControllerFailurePolicy = "DD_ADMISSION_CONTROLLER_FAILURE_POLICY" - DDAdmissionControllerWebhookName = "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME" - DDAdmissionControllerRegistryName = "DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY" - DDAdmissionControllerCWSInstrumentationEnabled = "DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_ENABLED" - DDAdmissionControllerCWSInstrumentationMode = "DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_MODE" + DDAdmissionControllerAgentSidecarEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED" + DDAdmissionControllerAgentSidecarClusterAgentEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED" + DDAdmissionControllerAgentSidecarProvider = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER" + DDAdmissionControllerAgentSidecarRegistry = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY" + DDAdmissionControllerAgentSidecarImageName = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME" + DDAdmissionControllerAgentSidecarImageTag = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG" + DDAdmissionControllerAgentSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" + DDAdmissionControllerAgentSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" + DDAdmissionControllerEnabled = "DD_ADMISSION_CONTROLLER_ENABLED" + DDAdmissionControllerValidationEnabled = "DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED" + DDAdmissionControllerMutationEnabled = "DD_ADMISSION_CONTROLLER_MUTATION_ENABLED" + DDAdmissionControllerInjectConfig = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_ENABLED" + DDAdmissionControllerInjectConfigMode = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE" + DDAdmissionControllerInjectTags = "DD_ADMISSION_CONTROLLER_INJECT_TAGS_ENABLED" + DDAdmissionControllerLocalServiceName = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME" + DDAdmissionControllerMutateUnlabelled = "DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED" + DDAdmissionControllerServiceName = "DD_ADMISSION_CONTROLLER_SERVICE_NAME" + DDAdmissionControllerFailurePolicy = "DD_ADMISSION_CONTROLLER_FAILURE_POLICY" + DDAdmissionControllerWebhookName = "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME" + DDAdmissionControllerRegistryName = "DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY" + DDAdmissionControllerCWSInstrumentationEnabled = "DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_ENABLED" + DDAdmissionControllerCWSInstrumentationMode = "DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_MODE" + DDAdmissionControllerKubernetesAdmissionEventsEnabled = "DD_ADMISSION_CONTROLLER_KUBERNETES_ADMISSION_EVENTS_ENABLED" ) diff --git a/internal/controller/datadogagent/feature/admissioncontroller/feature.go b/internal/controller/datadogagent/feature/admissioncontroller/feature.go index 62ddc2bd4..f2720a2fe 100644 --- a/internal/controller/datadogagent/feature/admissioncontroller/feature.go +++ b/internal/controller/datadogagent/feature/admissioncontroller/feature.go @@ -48,6 +48,8 @@ type admissionControllerFeature struct { cwsInstrumentationEnabled bool cwsInstrumentationMode string + + kubernetesAdmissionEvents *KubernetesAdmissionEventConfig } type ValidationConfig struct { @@ -69,6 +71,10 @@ type AgentSidecarInjectionConfig struct { profiles []*v2alpha1.Profile } +type KubernetesAdmissionEventConfig struct { + enabled bool +} + func buildAdmissionControllerFeature(options *feature.Options) feature.Feature { return &admissionControllerFeature{} } @@ -140,6 +146,10 @@ func (f *admissionControllerFeature) Configure(dda *v2alpha1.DatadogAgent) (reqC f.cwsInstrumentationMode = apiutils.StringValue(ac.CWSInstrumentation.Mode) } + if ac.KubernetesAdmissionEvents != nil && apiutils.BoolValue(ac.KubernetesAdmissionEvents.Enabled) { + f.kubernetesAdmissionEvents = &KubernetesAdmissionEventConfig{enabled: true} + } + _, f.networkPolicy = v2alpha1.IsNetworkPolicyEnabled(dda) sidecarConfig := dda.Spec.Features.AdmissionController.AgentSidecarInjection @@ -357,6 +367,13 @@ func (f *admissionControllerFeature) ManageClusterAgent(managers feature.PodTemp }) } + if f.kubernetesAdmissionEvents != nil { + managers.EnvVar().AddEnvVarToContainer(apicommon.ClusterAgentContainerName, &corev1.EnvVar{ + Name: DDAdmissionControllerKubernetesAdmissionEventsEnabled, + Value: apiutils.BoolToString(&f.kubernetesAdmissionEvents.enabled), + }) + } + if f.agentCommunicationMode != "" { managers.EnvVar().AddEnvVarToContainer(apicommon.ClusterAgentContainerName, &corev1.EnvVar{ Name: DDAdmissionControllerInjectConfigMode,