From 88e40cd1f8f90fe3111a548add4ca3be9a961fc3 Mon Sep 17 00:00:00 2001 From: Gabriel Dos Santos Date: Tue, 17 Dec 2024 14:25:56 -0500 Subject: [PATCH 1/3] Support k8s admin events in operator --- LICENSE-3rdparty.csv | 2 + .../v2alpha1/datadogagent_default.go | 9 ++++ .../v2alpha1/datadogagent_default_test.go | 42 +++++++++++++++++++ api/datadoghq/v2alpha1/datadogagent_types.go | 11 +++++ .../v2alpha1/zz_generated.deepcopy.go | 25 +++++++++++ .../bases/v1/datadoghq.com_datadogagents.yaml | 18 ++++++++ .../datadoghq.com_datadogagents_v2alpha1.json | 22 ++++++++++ docs/configuration.v2alpha1.md | 1 + 8 files changed, 130 insertions(+) diff --git a/LICENSE-3rdparty.csv b/LICENSE-3rdparty.csv index 074c2d407..36c78c185 100644 --- a/LICENSE-3rdparty.csv +++ b/LICENSE-3rdparty.csv @@ -80,6 +80,7 @@ core,github.com/richardartoul/molecule/src/codec,Apache-2.0 core,github.com/richardartoul/molecule/src/protowire,BSD-3-Clause core,github.com/secure-systems-lab/go-securesystemslib/cjson,MIT core,github.com/shirou/gopsutil/v3,BSD-3-Clause +core,github.com/shoenig/go-m1cpu,MPL-2.0 core,github.com/spaolacci/murmur3,BSD-3-Clause core,github.com/spf13/afero,Apache-2.0 core,github.com/spf13/cast,MIT @@ -88,6 +89,7 @@ core,github.com/spf13/pflag,BSD-3-Clause core,github.com/stretchr/objx,MIT core,github.com/stretchr/testify,MIT core,github.com/tinylib/msgp/msgp,MIT +core,github.com/tklauser/go-sysconf,BSD-3-Clause core,github.com/x448/float16,MIT core,github.com/zorkian/go-datadog-api,BSD-3-Clause core,go.etcd.io/bbolt,MIT diff --git a/api/datadoghq/v2alpha1/datadogagent_default.go b/api/datadoghq/v2alpha1/datadogagent_default.go index 5caa18d50..978c22e03 100644 --- a/api/datadoghq/v2alpha1/datadogagent_default.go +++ b/api/datadoghq/v2alpha1/datadogagent_default.go @@ -79,6 +79,9 @@ const ( defaultAdmissionControllerMutationEnabled bool = true defaultAdmissionControllerMutateUnlabelled bool = false defaultAdmissionServiceName string = "datadog-admission-controller" + + defaultAdmissionControllerKubernetesAdmissionEventsEnabled bool = false + // DefaultAdmissionControllerCWSInstrumentationEnabled default CWS Instrumentation enabled value DefaultAdmissionControllerCWSInstrumentationEnabled bool = false // DefaultAdmissionControllerCWSInstrumentationMode default CWS Instrumentation mode @@ -495,6 +498,12 @@ func defaultFeaturesConfig(ddaSpec *DatadogAgentSpec) { apiutils.DefaultBooleanIfUnset(&agentSidecarInjection.ClusterAgentCommunicationEnabled, defaultAdmissionControllerAgentSidecarClusterAgentEnabled) } + // K8s Admission Events in AdmissonController Feature + if ddaSpec.Features.AdmissionController.KubernetesAdmissionEvents == nil { + ddaSpec.Features.AdmissionController.KubernetesAdmissionEvents = &KubernetesAdmissionEventsConfig{} + } + apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.KubernetesAdmissionEvents.Enabled, defaultAdmissionControllerKubernetesAdmissionEventsEnabled) + // CWS Instrumentation in AdmissionController Feature if ddaSpec.Features.AdmissionController.CWSInstrumentation == nil { ddaSpec.Features.AdmissionController.CWSInstrumentation = &CWSInstrumentationConfig{} diff --git a/api/datadoghq/v2alpha1/datadogagent_default_test.go b/api/datadoghq/v2alpha1/datadogagent_default_test.go index 143da79b4..fc8a80ef3 100644 --- a/api/datadoghq/v2alpha1/datadogagent_default_test.go +++ b/api/datadoghq/v2alpha1/datadogagent_default_test.go @@ -288,6 +288,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -479,6 +482,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(valueFalse), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(valueFalse), + }, }, ExternalMetricsServer: &ExternalMetricsServerFeatureConfig{ Enabled: apiutils.NewBoolPointer(valueFalse), @@ -624,6 +630,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -765,6 +774,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -901,6 +913,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1039,6 +1054,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1182,6 +1200,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1321,6 +1342,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1457,6 +1481,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1483,6 +1510,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(true), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, }, }, @@ -1605,6 +1635,9 @@ func Test_defaultFeatures(t *testing.T) { Enabled: apiutils.NewBoolPointer(valueTrue), Mode: apiutils.NewStringPointer(DefaultAdmissionControllerCWSInstrumentationMode), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1742,6 +1775,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -1900,6 +1936,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), @@ -2049,6 +2088,9 @@ func Test_defaultFeatures(t *testing.T) { CWSInstrumentation: &CWSInstrumentationConfig{ Enabled: apiutils.NewBoolPointer(DefaultAdmissionControllerCWSInstrumentationEnabled), }, + KubernetesAdmissionEvents: &KubernetesAdmissionEventsConfig{ + Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerKubernetesAdmissionEventsEnabled), + }, }, PrometheusScrape: &PrometheusScrapeFeatureConfig{ Enabled: apiutils.NewBoolPointer(defaultPrometheusScrapeEnabled), diff --git a/api/datadoghq/v2alpha1/datadogagent_types.go b/api/datadoghq/v2alpha1/datadogagent_types.go index 1ca103536..f92c17c35 100644 --- a/api/datadoghq/v2alpha1/datadogagent_types.go +++ b/api/datadoghq/v2alpha1/datadogagent_types.go @@ -729,6 +729,10 @@ type AdmissionControllerFeatureConfig struct { // +optional Registry *string `json:"registry,omitempty"` + // KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration. + // +optional + KubernetesAdmissionEvents *KubernetesAdmissionEventsConfig `json:"kubernetesAdmissionEvents,omitempty"` + // CWSInstrumentation holds the CWS Instrumentation endpoint configuration // +optional CWSInstrumentation *CWSInstrumentationConfig `json:"cwsInstrumentation,omitempty"` @@ -809,6 +813,13 @@ type Profile struct { ResourceRequirements *corev1.ResourceRequirements `json:"resources,omitempty"` } +type KubernetesAdmissionEventsConfig struct { + // Enable the Kubernetes Admission Events feature. + // Default: false + // +optional + Enabled *bool `json:"enabled,omitempty"` +} + // CWSInstrumentationConfig contains the configuration of the CWS Instrumentation admission controller endpoint. type CWSInstrumentationConfig struct { // Enable the CWS Instrumentation admission controller endpoint. diff --git a/api/datadoghq/v2alpha1/zz_generated.deepcopy.go b/api/datadoghq/v2alpha1/zz_generated.deepcopy.go index 184b291a0..f5871d649 100644 --- a/api/datadoghq/v2alpha1/zz_generated.deepcopy.go +++ b/api/datadoghq/v2alpha1/zz_generated.deepcopy.go @@ -194,6 +194,11 @@ func (in *AdmissionControllerFeatureConfig) DeepCopyInto(out *AdmissionControlle *out = new(string) **out = **in } + if in.KubernetesAdmissionEvents != nil { + in, out := &in.KubernetesAdmissionEvents, &out.KubernetesAdmissionEvents + *out = new(KubernetesAdmissionEventsConfig) + (*in).DeepCopyInto(*out) + } if in.CWSInstrumentation != nil { in, out := &in.CWSInstrumentation, &out.CWSInstrumentation *out = new(CWSInstrumentationConfig) @@ -1810,6 +1815,26 @@ func (in *KubeletConfig) DeepCopy() *KubeletConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubernetesAdmissionEventsConfig) DeepCopyInto(out *KubernetesAdmissionEventsConfig) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesAdmissionEventsConfig. +func (in *KubernetesAdmissionEventsConfig) DeepCopy() *KubernetesAdmissionEventsConfig { + if in == nil { + return nil + } + out := new(KubernetesAdmissionEventsConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LanguageDetectionConfig) DeepCopyInto(out *LanguageDetectionConfig) { *out = *in diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml index f38cf8613..09beaf1d4 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml +++ b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml @@ -435,6 +435,15 @@ spec: failurePolicy: description: FailurePolicy determines how unrecognized and timeout errors are handled. type: string + kubernetesAdmissionEvents: + description: KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration. + properties: + enabled: + description: |- + Enable the Kubernetes Admission Events feature. + Default: false + type: boolean + type: object mutateUnlabelled: description: |- MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. @@ -7170,6 +7179,15 @@ spec: failurePolicy: description: FailurePolicy determines how unrecognized and timeout errors are handled. type: string + kubernetesAdmissionEvents: + description: KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration. + properties: + enabled: + description: |- + Enable the Kubernetes Admission Events feature. + Default: false + type: boolean + type: object mutateUnlabelled: description: |- MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json b/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json index 44de06e17..2133efdcc 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json +++ b/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json @@ -430,6 +430,17 @@ "description": "FailurePolicy determines how unrecognized and timeout errors are handled.", "type": "string" }, + "kubernetesAdmissionEvents": { + "additionalProperties": false, + "description": "KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration.", + "properties": { + "enabled": { + "description": "Enable the Kubernetes Admission Events feature.\nDefault: false", + "type": "boolean" + } + }, + "type": "object" + }, "mutateUnlabelled": { "description": "MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled=\"true\"'.\nDefault: false", "type": "boolean" @@ -7103,6 +7114,17 @@ "description": "FailurePolicy determines how unrecognized and timeout errors are handled.", "type": "string" }, + "kubernetesAdmissionEvents": { + "additionalProperties": false, + "description": "KubernetesAdmissionEvents holds the Kubernetes Admission Events configuration.", + "properties": { + "enabled": { + "description": "Enable the Kubernetes Admission Events feature.\nDefault: false", + "type": "boolean" + } + }, + "type": "object" + }, "mutateUnlabelled": { "description": "MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled=\"true\"'.\nDefault: false", "type": "boolean" diff --git a/docs/configuration.v2alpha1.md b/docs/configuration.v2alpha1.md index 5e5e82982..7810746be 100644 --- a/docs/configuration.v2alpha1.md +++ b/docs/configuration.v2alpha1.md @@ -49,6 +49,7 @@ spec: | features.admissionController.cwsInstrumentation.mode | Defines the behavior of the CWS Instrumentation endpoint, and can be either "init_container" or "remote_copy". Default: "remote_copy" | | features.admissionController.enabled | Enables the Admission Controller. Default: true | | features.admissionController.failurePolicy | FailurePolicy determines how unrecognized and timeout errors are handled. | +| features.admissionController.kubernetesAdmissionEvents.enabled | Enable the Kubernetes Admission Events feature. Default: false | | features.admissionController.mutateUnlabelled | MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. Default: false | | features.admissionController.mutation.enabled | Enables the Admission Controller mutation webhook. Default: true | | features.admissionController.registry | Defines an image registry for the admission controller. | From b786e54c7515a505f108cc9921b9d419f5c7e674 Mon Sep 17 00:00:00 2001 From: Gabriel Dos Santos Date: Tue, 17 Dec 2024 14:35:54 -0500 Subject: [PATCH 2/3] Undo licnese changes --- LICENSE-3rdparty.csv | 2 -- 1 file changed, 2 deletions(-) diff --git a/LICENSE-3rdparty.csv b/LICENSE-3rdparty.csv index 36c78c185..074c2d407 100644 --- a/LICENSE-3rdparty.csv +++ b/LICENSE-3rdparty.csv @@ -80,7 +80,6 @@ core,github.com/richardartoul/molecule/src/codec,Apache-2.0 core,github.com/richardartoul/molecule/src/protowire,BSD-3-Clause core,github.com/secure-systems-lab/go-securesystemslib/cjson,MIT core,github.com/shirou/gopsutil/v3,BSD-3-Clause -core,github.com/shoenig/go-m1cpu,MPL-2.0 core,github.com/spaolacci/murmur3,BSD-3-Clause core,github.com/spf13/afero,Apache-2.0 core,github.com/spf13/cast,MIT @@ -89,7 +88,6 @@ core,github.com/spf13/pflag,BSD-3-Clause core,github.com/stretchr/objx,MIT core,github.com/stretchr/testify,MIT core,github.com/tinylib/msgp/msgp,MIT -core,github.com/tklauser/go-sysconf,BSD-3-Clause core,github.com/x448/float16,MIT core,github.com/zorkian/go-datadog-api,BSD-3-Clause core,go.etcd.io/bbolt,MIT From d0c213bd74cffd87823854b504b7a0f116e4e3ad Mon Sep 17 00:00:00 2001 From: Gabriel Dos Santos Date: Tue, 17 Dec 2024 16:42:50 -0500 Subject: [PATCH 3/3] Typo fix on expected envvar --- .../feature/admissioncontroller/envvar.go | 45 ++++++++++--------- .../feature/admissioncontroller/feature.go | 17 +++++++ 2 files changed, 40 insertions(+), 22 deletions(-) diff --git a/internal/controller/datadogagent/feature/admissioncontroller/envvar.go b/internal/controller/datadogagent/feature/admissioncontroller/envvar.go index 69739f5dd..da94b900b 100644 --- a/internal/controller/datadogagent/feature/admissioncontroller/envvar.go +++ b/internal/controller/datadogagent/feature/admissioncontroller/envvar.go @@ -6,26 +6,27 @@ package admissioncontroller const ( - DDAdmissionControllerAgentSidecarEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED" - DDAdmissionControllerAgentSidecarClusterAgentEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED" - DDAdmissionControllerAgentSidecarProvider = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER" - DDAdmissionControllerAgentSidecarRegistry = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY" - DDAdmissionControllerAgentSidecarImageName = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME" - DDAdmissionControllerAgentSidecarImageTag = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG" - DDAdmissionControllerAgentSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" - DDAdmissionControllerAgentSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" - DDAdmissionControllerEnabled = "DD_ADMISSION_CONTROLLER_ENABLED" - DDAdmissionControllerValidationEnabled = "DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED" - DDAdmissionControllerMutationEnabled = "DD_ADMISSION_CONTROLLER_MUTATION_ENABLED" - DDAdmissionControllerInjectConfig = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_ENABLED" - DDAdmissionControllerInjectConfigMode = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE" - DDAdmissionControllerInjectTags = "DD_ADMISSION_CONTROLLER_INJECT_TAGS_ENABLED" - DDAdmissionControllerLocalServiceName = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME" - DDAdmissionControllerMutateUnlabelled = "DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED" - DDAdmissionControllerServiceName = "DD_ADMISSION_CONTROLLER_SERVICE_NAME" - DDAdmissionControllerFailurePolicy = "DD_ADMISSION_CONTROLLER_FAILURE_POLICY" - DDAdmissionControllerWebhookName = "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME" - DDAdmissionControllerRegistryName = "DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY" - DDAdmissionControllerCWSInstrumentationEnabled = "DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_ENABLED" - DDAdmissionControllerCWSInstrumentationMode = "DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_MODE" + DDAdmissionControllerAgentSidecarEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED" + DDAdmissionControllerAgentSidecarClusterAgentEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED" + DDAdmissionControllerAgentSidecarProvider = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER" + DDAdmissionControllerAgentSidecarRegistry = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY" + DDAdmissionControllerAgentSidecarImageName = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME" + DDAdmissionControllerAgentSidecarImageTag = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG" + DDAdmissionControllerAgentSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" + DDAdmissionControllerAgentSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" + DDAdmissionControllerEnabled = "DD_ADMISSION_CONTROLLER_ENABLED" + DDAdmissionControllerValidationEnabled = "DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED" + DDAdmissionControllerMutationEnabled = "DD_ADMISSION_CONTROLLER_MUTATION_ENABLED" + DDAdmissionControllerInjectConfig = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_ENABLED" + DDAdmissionControllerInjectConfigMode = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE" + DDAdmissionControllerInjectTags = "DD_ADMISSION_CONTROLLER_INJECT_TAGS_ENABLED" + DDAdmissionControllerLocalServiceName = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME" + DDAdmissionControllerMutateUnlabelled = "DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED" + DDAdmissionControllerServiceName = "DD_ADMISSION_CONTROLLER_SERVICE_NAME" + DDAdmissionControllerFailurePolicy = "DD_ADMISSION_CONTROLLER_FAILURE_POLICY" + DDAdmissionControllerWebhookName = "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME" + DDAdmissionControllerRegistryName = "DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY" + DDAdmissionControllerCWSInstrumentationEnabled = "DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_ENABLED" + DDAdmissionControllerCWSInstrumentationMode = "DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_MODE" + DDAdmissionControllerKubernetesAdmissionEventsEnabled = "DD_ADMISSION_CONTROLLER_KUBERNETES_ADMISSION_EVENTS_ENABLED" ) diff --git a/internal/controller/datadogagent/feature/admissioncontroller/feature.go b/internal/controller/datadogagent/feature/admissioncontroller/feature.go index 62ddc2bd4..f2720a2fe 100644 --- a/internal/controller/datadogagent/feature/admissioncontroller/feature.go +++ b/internal/controller/datadogagent/feature/admissioncontroller/feature.go @@ -48,6 +48,8 @@ type admissionControllerFeature struct { cwsInstrumentationEnabled bool cwsInstrumentationMode string + + kubernetesAdmissionEvents *KubernetesAdmissionEventConfig } type ValidationConfig struct { @@ -69,6 +71,10 @@ type AgentSidecarInjectionConfig struct { profiles []*v2alpha1.Profile } +type KubernetesAdmissionEventConfig struct { + enabled bool +} + func buildAdmissionControllerFeature(options *feature.Options) feature.Feature { return &admissionControllerFeature{} } @@ -140,6 +146,10 @@ func (f *admissionControllerFeature) Configure(dda *v2alpha1.DatadogAgent) (reqC f.cwsInstrumentationMode = apiutils.StringValue(ac.CWSInstrumentation.Mode) } + if ac.KubernetesAdmissionEvents != nil && apiutils.BoolValue(ac.KubernetesAdmissionEvents.Enabled) { + f.kubernetesAdmissionEvents = &KubernetesAdmissionEventConfig{enabled: true} + } + _, f.networkPolicy = v2alpha1.IsNetworkPolicyEnabled(dda) sidecarConfig := dda.Spec.Features.AdmissionController.AgentSidecarInjection @@ -357,6 +367,13 @@ func (f *admissionControllerFeature) ManageClusterAgent(managers feature.PodTemp }) } + if f.kubernetesAdmissionEvents != nil { + managers.EnvVar().AddEnvVarToContainer(apicommon.ClusterAgentContainerName, &corev1.EnvVar{ + Name: DDAdmissionControllerKubernetesAdmissionEventsEnabled, + Value: apiutils.BoolToString(&f.kubernetesAdmissionEvents.enabled), + }) + } + if f.agentCommunicationMode != "" { managers.EnvVar().AddEnvVarToContainer(apicommon.ClusterAgentContainerName, &corev1.EnvVar{ Name: DDAdmissionControllerInjectConfigMode,