diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 752e205c1..b7cfd7d05 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -538,3 +538,14 @@ You are using the datadog.securityAgent.compliance.xccdf.enabled parameter which This version still supports both but the support of the old name will be dropped in the next major version of our Helm chart. More information about this change: https://github.com/DataDog/helm-charts/pull/1161 {{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.enabled }} + {{- if (semverCompare "<7.52.0" .Values.clusterAgent.image.tag) }} +############################################################################## +#### WARNING: Sidecar injection not supported. #### +############################################################################## + +The clusterAgent.admissionController.agentSidecarInjection.enabled is only supported +by Cluster Agent 7.52.0 or later. Enabling this flag will not have any effect. + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/datadog/templates/_ac-agent-sidecar-env.yaml b/charts/datadog/templates/_ac-agent-sidecar-env.yaml new file mode 100644 index 000000000..4fb808ed5 --- /dev/null +++ b/charts/datadog/templates/_ac-agent-sidecar-env.yaml @@ -0,0 +1,43 @@ +{{- define "ac-agent-sidecar-env" -}} +{{- if and .Values.clusterAgent.admissionController.enabled .Values.clusterAgent.admissionController.agentSidecarInjection.enabled }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} +{{- else if .Values.registry }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: {{ .Values.registry }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} +{{- else if .Values.agents.image.name}} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: {{ .Values.agents.image.name }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageTag }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.imageTag }} +{{- else if .Values.agents.image.tag}} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: {{ .Values.agents.image.tag }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }}' +{{- end }} +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }}' +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index c86d8bf45..cd7bd026f 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -235,6 +235,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED value: "true" {{- end }} + {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} {{- if .Values.datadog.apm.instrumentation.enabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 8f805415a..50ae29b3f 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1061,6 +1061,56 @@ clusterAgent: # clusterAgent.admissionController.port -- Set port of cluster-agent admission controller service port: 8000 + agentSidecarInjection: + # clusterAgent.admissionController.agentSidecarInjection.enabled -- Enables Datadog Agent sidecar injection. + + ## When enabled, Admission Controller mutating webhook will inject Agent sidecar with minimal configuration in every pods meeting configured criteria. + ## ref: https://docs.datadoghq.com/integrations/eks_fargate + enabled: false + + # clusterAgent.admissionController.agentSidecarInjection.provider -- Used by Admission Controller to add infrastructure provider specific configurations to the Agent sidecar. + + ## Currently only "fargate" is supported. To use the feature in other environments (including local testing) omit the config. + provider: # "fargate" or "" + + # clusterAgent.admissionController.agentSidecarInjection.clusterAgentEnabled -- Enable communication between Agent sidecars and Cluster Agent. + clusterAgentEnabled: true + + # clusterAgent.admissionController.containerRegistry -- Override default registry for sidecar Agent. + containerRegistry: + + # clusterAgent.admissionController.imageName -- Override default agents.image.name for Agent sidecar. + imageName: + + # clusterAgent.admissionController.imageTag -- Override default agents.image.tag for Agent sidecar. + imageTag: + + # clusterAgent.admissionController.agentSidecarInjection.selectors -- Defines pod selector for sidecar injection, only one rule is supported. + selectors: [] + # - objectSelector: + # matchLabels: + # "podlabelKey1": podlabelValue1 + # "podlabelKey2": podlabelValue2 + # namespaceSelector: + # matchLabels: + # "nsLabelKey1": nsLabelValue1 + # "nsLabelKey2": nsLabelValue2 + + # clusterAgent.admissionController.agentSidecarInjection.profiles -- Defines sidecar configuration override, only one profile is supported. + + ## This setting allows to override sidecar Agent configuration by adding environment variables and providing resource settings. + profiles: [] + # - env: + # - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + # value: "true" + # resources: + # requests: + # cpu: "1" + # memory: "512Mi" + # limits: + # cpu: "2" + # memory: "1024Mi" + # clusterAgent.confd -- Provide additional cluster check configurations. Each key will become a file in /conf.d. ## ref: https://docs.datadoghq.com/agent/autodiscovery/ diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index e46f6cb92..357dd0825 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 2a2bc6b89e48b04b4499adc7d022f736a18ee78f96da00520796532402bd8550 + checksum/clusteragent_token: a27982154deaa89254d681a77c2259d7e679a6d30a8e42c2cc382ab12362901f checksum/install_info: ba661cfd1e600203476c7247bad81157e5bc70aaa7f91e6cdd6be6a469cd0093 spec: serviceAccountName: datadog-cluster-checks diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 66a6c466a..6ed9f117d 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 64345c6150cd562acd79e6965148d36a188d36b4c5656963c7beb3b62ff5bf7d + checksum/clusteragent_token: 5e73a77242cd46ce2e8572b9d427708ef62cda418c62a4441c872f43c0cfc8d7 checksum/clusteragent-configmap: 7f009f417a71add9ae521f09f0eaf63c29efd5cdd701f5d92714fc3ac1800b6f checksum/api_key: dbe0d3b411cc72447e81235afeed9e2102588d5088fcbb696a2db9e4e31af712 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b @@ -105,6 +105,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + + - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 0414ef5f2..ae2757244 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: bf8ff7d8f04853084ee401bfe3e4d5e83c6764f82c63c32bbb749a66681cb397 + checksum/clusteragent_token: ecd48e62f885ce8d94f5a2c8891c6c0e7cb740834f73e72bf03ac9a1ba518412 checksum/clusteragent-configmap: 7f009f417a71add9ae521f09f0eaf63c29efd5cdd701f5d92714fc3ac1800b6f checksum/api_key: dbe0d3b411cc72447e81235afeed9e2102588d5088fcbb696a2db9e4e31af712 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b @@ -106,7 +106,19 @@ spec: - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" - # TODO cluster agent version check + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.53.0 + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 4984ae435..4351d3025 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: be494ddb6dfc1e236fd2df24cd29923903e1dc4d171f4d74795e26e5fc8b6aa9 + checksum/clusteragent_token: e3d005d6dff3e012e59ebf6787cabc97a0ce7a826fb88a985fa9e3ee1c4b897f checksum/clusteragent-configmap: 7f009f417a71add9ae521f09f0eaf63c29efd5cdd701f5d92714fc3ac1800b6f checksum/api_key: dbe0d3b411cc72447e81235afeed9e2102588d5088fcbb696a2db9e4e31af712 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b @@ -106,7 +106,15 @@ spec: - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" - # TODO cluster agent version check + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: fargate + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.51.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index e318205c3..11060037b 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -30,7 +30,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 3b6811ea07d2b99a0f0fdba3311c16fe34515f24ea3bbc3395ed7600d8a541bc + checksum/clusteragent_token: a2247471c9f45da90af6ffbca68d5253753fe8fd99568d95d00bb32c0053dd5d checksum/install_info: ba661cfd1e600203476c7247bad81157e5bc70aaa7f91e6cdd6be6a469cd0093 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 9bd3054df..bab15cc90 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -99,7 +99,7 @@ metadata: app.kubernetes.io/version: "7" type: Opaque data: - token: "QzdpVlQxRTRoU2lSNlFteEZqWjl6RFFJRFV4bzlzRU4=" + token: "VDV4MWZTb1FvWDREcm5hMlBYaklXT0IxQmRlcm1QQUk=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -185,9 +185,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: - install_id: "e2a0fac0-1cd5-44d6-bb6c-8878699e1dd4" + install_id: "a55b4d56-a363-4f59-95e1-a39d8eb06cac" install_type: k8s_manual - install_time: "1709149978" + install_time: "1710523214" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -808,7 +808,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: c9184bcaa371fdfaa1d86bc729cc022ee91730c48a87174a10787cdfe8dc5acc + checksum/clusteragent_token: 239e62f7908327b7110d0e12f11a758f7cd65339d87c7cde816ca9f4daaed148 checksum/install_info: ba661cfd1e600203476c7247bad81157e5bc70aaa7f91e6cdd6be6a469cd0093 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1290,7 +1290,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: de6adc9c0cc883525e7c5915e72c98fe170c0606a36d7a01481988b622d1bcad + checksum/clusteragent_token: 5680d8ac272dacf1ebf5825280bf07461e17b04341ece6697f156307f5804518 checksum/install_info: ba661cfd1e600203476c7247bad81157e5bc70aaa7f91e6cdd6be6a469cd0093 spec: serviceAccountName: datadog-cluster-checks @@ -1471,7 +1471,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 54246db63a3d62937e36712985dc2c26e092adae8cf7460e8bee17e21abdc65c + checksum/clusteragent_token: bad4e1460b330b929541d47c97ff618001505c56ac50e29459be18fa85053376 checksum/clusteragent-configmap: 358d304b0a5c7d72ee884b4973628f54e132dd0725ac3d1a119391f8b18f7105 checksum/install_info: ba661cfd1e600203476c7247bad81157e5bc70aaa7f91e6cdd6be6a469cd0093 spec: @@ -1538,6 +1538,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + + - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 4c3f94016..8118d5128 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -56,8 +56,9 @@ func Test_baseline_manifests(t *testing.T) { ReleaseName: "datadog", ChartPath: "../../charts/datadog", ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml" /*,"./manifests/dca_AC_sidecar_fargateMinimal.yaml"*/}, - Overrides: map[string]string{}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_fargateMinimal.yaml"}, + Overrides: map[string]string{}, }, baselineManifestPath: "./baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml", assertions: verifyDeployment, @@ -68,8 +69,9 @@ func Test_baseline_manifests(t *testing.T) { ReleaseName: "datadog", ChartPath: "../../charts/datadog", ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml" /*,"./manifests/dca_AC_sidecar_advanced.yaml"*/}, - Overrides: map[string]string{}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_advanced.yaml"}, + Overrides: map[string]string{}, }, baselineManifestPath: "./baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml", assertions: verifyDeployment, diff --git a/test/datadog/dca_AC_sidecar_test.go b/test/datadog/dca_AC_sidecar_test.go new file mode 100644 index 000000000..c3fbe8999 --- /dev/null +++ b/test/datadog/dca_AC_sidecar_test.go @@ -0,0 +1,155 @@ +package datadog + +import ( + "encoding/json" + "testing" + + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + DDSidecrEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED" + DDSidecarProvider = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER" + DDSidecarRegistry = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY" + DDSidecarImageName = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME" + DDSidecarImageTag = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG" + DDSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" + DDSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" +) + +func Test_admissionControllerConfig(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "AC sidecar injection, minimal Fargate config", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_fargateMinimal.yaml"}, + Overrides: map[string]string{ + // "clusterAgent.admissionController.enabled": "true", + // "clusterAgent.admissionController.agentSidecarInjection.enabled": "true", + }, + }, + assertions: verifyDeploymentFargateMinimal, + }, + { + name: "AC sidecar injection, advanced config", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_advanced.yaml"}, + Overrides: map[string]string{}, + }, + assertions: verifyDeploymentAdvancedConfig, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +// V1 structs are for the current scope +type Selector struct { + ObjectSelector metav1.LabelSelector `json:"objectSelector,omitempty"` + NamespaceSelector metav1.LabelSelector `json:"namespaceSelector,omitempty"` +} + +type ProfileOverride struct { + EnvVars []corev1.EnvVar `json:"env,omitempty"` + ResourceRequirements corev1.ResourceRequirements `json:"resources,omitempty"` +} + +func verifyDeploymentFargateMinimal(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + dcaContainer := deployment.Spec.Template.Spec.Containers[0] + + acConfigEnv := selectEnvVars(dcaContainer.Env) + + assert.Equal(t, "true", acConfigEnv[DDSidecrEnabled]) + assert.Equal(t, "fargate", acConfigEnv[DDSidecarProvider]) + // Default will be set by DCA + assert.Empty(t, acConfigEnv[DDSidecarRegistry]) + assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) + assert.Equal(t, "7.51.0", acConfigEnv[DDSidecarImageTag]) + assert.Empty(t, acConfigEnv[DDSidecarSelectors]) + assert.Empty(t, acConfigEnv[DDSidecarProfiles]) +} + +func verifyDeploymentAdvancedConfig(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + dcaContainer := deployment.Spec.Template.Spec.Containers[0] + + acConfigEnv := selectEnvVars(dcaContainer.Env) + + assert.Equal(t, "true", acConfigEnv[DDSidecrEnabled]) + assert.Empty(t, acConfigEnv[DDSidecarProvider]) + assert.Equal(t, "gcr.io/datadoghq", acConfigEnv[DDSidecarRegistry]) + assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) + assert.Equal(t, "7.53.0", acConfigEnv[DDSidecarImageTag]) + assert.NotEmpty(t, acConfigEnv[DDSidecarSelectors]) + assert.NotEmpty(t, acConfigEnv[DDSidecarProfiles]) + + selectorsAsString := acConfigEnv[DDSidecarSelectors] + profilesAsString := acConfigEnv[DDSidecarProfiles] + + var selectors []Selector + err := json.Unmarshal([]byte(selectorsAsString), &selectors) + assert.Nil(t, err) + selector := selectors[0] + assert.Equal(t, "nodeless", selector.ObjectSelector.MatchLabels["runsOn"]) + assert.Equal(t, "nginx", selector.ObjectSelector.MatchLabels["app"]) + assert.Equal(t, "true", selector.NamespaceSelector.MatchLabels["agentSidecars"]) + + var profiles []ProfileOverride + err = json.Unmarshal([]byte(profilesAsString), &profiles) + assert.Nil(t, err) + profile := profiles[0] + assert.Equal(t, "DD_ORCHESTRATOR_EXPLORER_ENABLED", profile.EnvVars[0].Name) + assert.Equal(t, "false", profile.EnvVars[0].Value) + assert.Equal(t, "1", profile.ResourceRequirements.Requests.Cpu().String()) + assert.Equal(t, "512Mi", profile.ResourceRequirements.Requests.Memory().String()) + assert.Equal(t, "2", profile.ResourceRequirements.Limits.Cpu().String()) + assert.Equal(t, "1Gi", profile.ResourceRequirements.Limits.Memory().String()) +} + +func selectEnvVars(envVars []corev1.EnvVar) map[string]string { + acConfoigNames := []string{ + DDSidecrEnabled, + DDSidecarProvider, + DDSidecarRegistry, + DDSidecarImageName, + DDSidecarImageTag, + DDSidecarSelectors, + DDSidecarProfiles, + } + + selection := map[string]string{} + + for _, envVar := range envVars { + for _, name := range acConfoigNames { + if envVar.Name == name { + selection[name] = envVar.Value + } + } + } + return selection +} diff --git a/test/datadog/manifests/dca_AC_sidecar_advanced.yaml b/test/datadog/manifests/dca_AC_sidecar_advanced.yaml new file mode 100644 index 000000000..5a2ab3b92 --- /dev/null +++ b/test/datadog/manifests/dca_AC_sidecar_advanced.yaml @@ -0,0 +1,28 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + agentSidecarInjection: + enabled: true + containerRegistry: gcr.io/datadoghq + imageName: agent + imageTag: 7.53.0 + selectors: + - objectSelector: + matchLabels: + "runsOn": nodeless + "app": nginx + namespaceSelector: + matchLabels: + agentSidecars: "true" + profiles: + - env: + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "false" + resources: + requests: + cpu: "1" + memory: "512Mi" + limits: + cpu: "2" + memory: "1024Mi" diff --git a/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml b/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml new file mode 100644 index 000000000..d547c6aea --- /dev/null +++ b/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml @@ -0,0 +1,11 @@ +# agents: +# image: +# tag: 7.51.0 + +clusterAgent: + enabled: true + admissionController: + enabled: true + agentSidecarInjection: + enabled: true + provider: fargate