feat(datadog): support for registry overrrides (#1376)

(1) Adds support for setting the container registry at the `admissionController` level, which is the [default checked by the datadog-agent](https://github.com/DataDog/datadog-agent/blob/e7aacda40982105c0d9a411f618f268e8d0e9dfd/pkg/clusteragent/admission/mutate/common/common.go#L185-L194). (2) Removes the setting of DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY to registry becauset that behavior is implied by (1).
DataDog · Apr 30, 2024 · 1172656 · 1172656
1 parent ea26a30
commit 1172656
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 7 deletions.
diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Datadog changelog
 
+## 3.59.7
+
+* Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry
+* No longer set `DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY` to registry as a fallback,
+  that option is implicit from us now setting the higher level `clusterAgent.admissionController.containerRegistry`.
+
 ## 3.59.6
 
 * Add configuration option datadog.apm.instrumentation.skipKPITelemetry.

diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: datadog
-version: 3.59.6
+version: 3.59.7
 appVersion: "7"
 description: Datadog Agent
 keywords:

diff --git a/charts/datadog/README.md b/charts/datadog/README.md
@@ -1,6 +1,6 @@
 # Datadog
 
-![Version: 3.59.6](https://img.shields.io/badge/Version-3.59.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
+![Version: 3.59.7](https://img.shields.io/badge/Version-3.59.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
 
 [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
 
@@ -545,14 +545,15 @@ helm install <RELEASE_NAME> \
 | agents.volumes | list | `[]` | Specify additional volumes to mount in the dd-agent container |
 | clusterAgent.additionalLabels | object | `{}` | Adds labels to the Cluster Agent deployment and pods |
 | clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled | bool | `true` | Enable communication between Agent sidecars and the Cluster Agent. |
-| clusterAgent.admissionController.agentSidecarInjection.containerRegistry | string | `nil` |  |
+| clusterAgent.admissionController.agentSidecarInjection.containerRegistry | string | `nil` | Override the default registry for the sidecar Agent. |
 | clusterAgent.admissionController.agentSidecarInjection.enabled | bool | `false` | Enables Datadog Agent sidecar injection. |
 | clusterAgent.admissionController.agentSidecarInjection.imageName | string | `nil` |  |
 | clusterAgent.admissionController.agentSidecarInjection.imageTag | string | `nil` |  |
 | clusterAgent.admissionController.agentSidecarInjection.profiles | list | `[]` | Defines the sidecar configuration override, currently only one profile is supported. |
 | clusterAgent.admissionController.agentSidecarInjection.provider | string | `nil` | Used by the admission controller to add infrastructure provider-specific configurations to the Agent sidecar. |
 | clusterAgent.admissionController.agentSidecarInjection.selectors | list | `[]` | Defines the pod selector for sidecar injection, currently only one rule is supported. |
 | clusterAgent.admissionController.configMode | string | `nil` | The kind of configuration to be injected, it can be "hostip", "service", or "socket". |
+| clusterAgent.admissionController.containerRegistry | string | `nil` | Override the default registry for the admission controller. |
 | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods |
 | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' |
 | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' |

diff --git a/charts/datadog/templates/_ac-agent-sidecar-env.yaml b/charts/datadog/templates/_ac-agent-sidecar-env.yaml
@@ -14,12 +14,17 @@
   value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.provider }}
 {{- end }}
 
+{{- if .Values.clusterAgent.admissionController.containerRegistry }}
+- name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY
+  value: {{ .Values.clusterAgent.admissionController.containerRegistry }}
+{{- else if .Values.registry }}
+- name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY
+  value: {{ .Values.registry }}
+{{- end }}
+
 {{- if .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }}
 - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY
   value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }}
-{{- else if .Values.registry }}
-- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY
-  value: {{ .Values.registry }}
 {{- end }}
 
 {{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }}

diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml
@@ -1062,6 +1062,12 @@ clusterAgent:
     ## Setting to Fail will require the admission controller to be present and pods to be injected before they are allowed to run.
     failurePolicy: Ignore
 
+    # clusterAgent.admissionController.containerRegistry -- Override the default registry for the admission controller.
+
+    ## The clusterAgent uses this configuration for apm.instrumentation, agentSidecar, and cwsInstrumentation, if
+    ## not otherwise specified.
+    containerRegistry:
+
     remoteInstrumentation:
       # clusterAgent.admissionController.remoteInstrumentation.enabled -- Enable polling and applying library injection using Remote Config.
       ## This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+.
@@ -1086,7 +1092,7 @@ clusterAgent:
       # clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled -- Enable communication between Agent sidecars and the Cluster Agent.
       clusterAgentCommunicationEnabled: true
 
-      # clusterAgent.admissionController.containerRegistry -- Override the default registry for the sidecar Agent.
+      # clusterAgent.admissionController.agentSidecarInjection.containerRegistry -- Override the default registry for the sidecar Agent.
       containerRegistry:
 
       # clusterAgent.admissionController.imageName -- Override the default agents.image.name for the Agent sidecar.