v2 extension sample

DataDog · Feb 9, 2024 · 8e57f3f · 8e57f3f
1 parent 6158e74
commit 8e57f3f
Show file tree

Hide file tree

Showing 4 changed files with 140 additions and 11 deletions.
diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml
@@ -242,6 +242,10 @@ spec:
           - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS
             value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }}'
           {{- end }}
+          {{- if .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }}
+          - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES
+            value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }}'
+          {{- end }}
           {{- end }}
           # end sidecar injection
           - name: DD_REMOTE_CONFIGURATION_ENABLED

diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml
@@ -1058,13 +1058,53 @@ clusterAgent:
     port: 8000
     agentSidecarInjection:
       enabled: true
+      provider: fargate
       selectors:
-      - objectSelector:
+      - name: fargate-profile1
+        objectSelector:
           matchLabels:
-            injectsidecar: "true"
+            application-fargate: "true"
         namespaceSelector:
           matchLabels:
             injectsidecar: "true"
+      - name: fargate-profile2
+        namespaceSelector:
+          matchLabels:
+            nsName: frontend_or_backend
+      profiles:
+        - name: standard
+          default: true
+          env:
+            - name: DD_CARDINALITY
+              value: orchestrator
+            - name: DD_PROCESS_ENABLE
+              value: "true"
+          resources:
+            requests:
+              cpu: 500m
+              memory: 500Mi
+            limits:
+            cpu: 500m
+            memory: 500Mi
+        - name: large
+          basedOnDefault: true
+          selectors:
+          - fargate-profile1
+          resources:
+            requests:
+              cpu: "1"
+              memory: 800Mi
+            limits:
+              cpu: "1"
+              memory: 800Mi
+      # enabled: true
+      # selectors:
+      # - objectSelector:
+      #     matchLabels:
+      #       injectsidecar: "true"
+      #   namespaceSelector:
+      #     matchLabels:
+      #       injectsidecar: "true"
       # - objectSelector:
       #     matchExpressions:
       #       - key: runlevel
@@ -1076,6 +1116,30 @@ clusterAgent:
       #     matchLabels:
       #       nsKey3: nsValue3
       #       nsKey4: nsValue4
+      # profiles:
+      #   - env:
+      #       - name: PROVIDER_1
+      #         value: true
+      #       - name: DD_APM_ENABLED
+      #         value: true
+      #     resources:
+      #       requests:
+      #         cpu: "1"
+      #         memory: "512Mi"
+      #       limits:
+      #         cpu: "2"
+      #         memory: "1024Mi"
+      #   - env:
+      #       - name: ENV_VAR
+      #         value: value
+      #     resources:
+      #       requests:
+      #         cpu: "0.3"
+      #         memory: "128Mi"
+      #       limits:
+      #         cpu: "0.5"
+      #         memory: "256Mi"
+
 
 
   # clusterAgent.confd -- Provide additional cluster check configurations. Each key will become a file in /conf.d.

diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml
@@ -35,7 +35,7 @@ spec:
 
       name: datadog-cluster-agent
       annotations:
-        checksum/clusteragent_token: 8d602b609b9e6fc8533b36f8c29d2e4d11cb64016d11adc538285afdbbfffa7b
+        checksum/clusteragent_token: 60c2185d51b4f61be96fb8b028440a891ed206c63738cfdeb7238a73fcb292c8
         checksum/clusteragent-configmap: 3f31a62941835a795f0e91cf7b1d73bcff008bc6209660cfcc057d21d4dc5beb
         checksum/api_key: f2ebb229936b8c29e5a679f9ceb3770e693e8957e437b067c5b84d7fd88aa0d5
         checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
@@ -108,7 +108,9 @@ spec:
           - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED
             value: "true"
           - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS
-            value: '[{"namespaceSelector":{"matchLabels":{"injectsidecar":true}},"objectSelector":{"matchLabels":{"injectsidecar":true}}}]'
+            value: '[{"name":"fargate-profile1","namespaceSelector":{"matchLabels":{"injectsidecar":"true"}},"objectSelector":{"matchLabels":{"application-fargate":"true"}}},{"name":"fargate-profile2","namespaceSelector":{"matchLabels":{"nsName":"frontend_or_backend"}}}]'
+          - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES
+            value: '[{"default":true,"env":[{"name":"DD_CARDINALITY","value":"orchestrator"},{"name":"DD_PROCESS_ENABLE","value":"true"}],"name":"standard","resources":{"cpu":"500m","limits":null,"memory":"500Mi","requests":{"cpu":"500m","memory":"500Mi"}}},{"basedOnDefault":true,"name":"large","resources":{"limits":{"cpu":"1","memory":"800Mi"},"requests":{"cpu":"1","memory":"800Mi"}},"selectors":["fargate-profile1"]}]'
           # end sidecar injection
           - name: DD_REMOTE_CONFIGURATION_ENABLED
             value: "false"

diff --git a/test/datadog/dac_ac_test.go b/test/datadog/dac_ac_test.go
@@ -7,6 +7,7 @@ import (
 	"github.com/DataDog/helm-charts/test/common"
 	"github.com/stretchr/testify/assert"
 	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -47,23 +48,81 @@ func Test_admissionControllerConfig(t *testing.T) {
 	}
 }
 
-type Selector struct {
-	ObjectSelector    metav1.LabelSelector `yaml:"objectSelector"`
-	NamespaceSelector metav1.LabelSelector `yaml:"namespaceSelector"`
+// V1 structs are for the current scope
+type SelectorV1 struct {
+	ObjectSelector    metav1.LabelSelector `json:"objectSelector"`
+	NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"`
+}
+
+type ProfileV1 struct {
+	EnvVars              []corev1.EnvVar             `json:"env,omitempty"`
+	ResourceRequirements corev1.ResourceRequirements `json:"resources,omitempty"`
+}
+
+// V2 structs are for one possibility of extending V1
+type SelectorV2 struct {
+	Name string `yaml:"name"`
+
+	ObjectSelector    metav1.LabelSelector `json:"objectSelector"`
+	NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"`
+}
+
+type ProfileV2 struct {
+	Name           string   `yaml:"name"`
+	Default        bool     `yaml:"default"`
+	basedOnDefault bool     `yaml:"basedOnDefault"`
+	Selectors      []string `yaml:selectors`
+
+	EnvVars              []corev1.EnvVar             `json:"env,omitempty"`
+	ResourceRequirements corev1.ResourceRequirements `json:"resources,omitempty"`
 }
 
 func verifyDeploymentACConfig(t *testing.T, baselineManifestPath, manifest string) {
 	var deployment appsv1.Deployment
 	common.Unmarshal(t, manifest, &deployment)
 	dcaContainer := deployment.Spec.Template.Spec.Containers[0]
-	var selectorsAsString string
+	var selectorsAsString, profilesAsString string
 	for _, envVar := range dcaContainer.Env {
 		if "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" == envVar.Name {
 			selectorsAsString = envVar.Value
 		}
+		if "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" == envVar.Name {
+			profilesAsString = envVar.Value
+		}
 	}
 
-	var selectors []Selector
-	json.Unmarshal([]byte(selectorsAsString), &selectors)
-	t.Log("print", "selector struct", selectors, "selector string", selectorsAsString)
+	// Unmarshal into v1 struct
+	var selectorsV1 []SelectorV1
+	err := json.Unmarshal([]byte(selectorsAsString), &selectorsV1)
+	t.Log("print", "selector struct", selectorsV1, "selector string", selectorsAsString, "error", err)
+
+	var profilesV1 []ProfileV1
+	err = json.Unmarshal([]byte(profilesAsString), &profilesV1)
+	t.Log("print", "profile struct", profilesV1, "profile string", profilesAsString, "error", err)
+
+	// Unmarshal into v2 structs
+	var selectorsV2 []SelectorV2
+	err = json.Unmarshal([]byte(selectorsAsString), &selectorsV2)
+	t.Log("print", "selector struct", selectorsV2, "selector string", selectorsAsString, "error", err)
+
+	var profilesV2 []ProfileV2
+	err = json.Unmarshal([]byte(profilesAsString), &profilesV2)
+	t.Log("print", "profile struct", profilesV2, "profile string", profilesAsString, "error", err)
+
+	assert.Equal(t, 2, len(selectorsV1))
+	assert.Equal(t, 2, len(selectorsV2))
+	assert.Equal(t, selectorsV1[0].NamespaceSelector, selectorsV2[0].NamespaceSelector)
+	assert.Equal(t, selectorsV1[1].NamespaceSelector, selectorsV2[1].NamespaceSelector)
+	assert.Equal(t, selectorsV1[0].ObjectSelector, selectorsV2[0].ObjectSelector)
+	assert.Equal(t, selectorsV1[1].ObjectSelector, selectorsV2[1].ObjectSelector)
+
+	assert.Equal(t, 2, len(profilesV1))
+	assert.Equal(t, 2, len(profilesV2))
+	assert.Equal(t, profilesV1[0].EnvVars, profilesV1[0].EnvVars)
+	assert.Equal(t, profilesV2[1].EnvVars, profilesV2[1].EnvVars)
+	assert.Equal(t, profilesV1[0].ResourceRequirements, profilesV1[0].ResourceRequirements)
+	assert.Equal(t, profilesV2[1].ResourceRequirements, profilesV2[1].ResourceRequirements)
+
+	assert.Equal(t, "fargate-profile1", selectorsV2[0].Name)
+	assert.Equal(t, true, profilesV2[0].Default)
 }