From 8e57f3f5c5dda74c687dbab782fd424947be6276 Mon Sep 17 00:00:00 2001 From: Levan Machablishvili Date: Thu, 8 Feb 2024 22:29:55 -0500 Subject: [PATCH] v2 extension sample --- .../templates/cluster-agent-deployment.yaml | 4 + charts/datadog/values.yaml | 68 ++++++++++++++++- .../cluster-agent-deployment_default.yaml | 6 +- test/datadog/dac_ac_test.go | 73 +++++++++++++++++-- 4 files changed, 140 insertions(+), 11 deletions(-) diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 82168e5ab..3045bd077 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -242,6 +242,10 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }}' {{- end }} + {{- if .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }} + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }}' + {{- end }} {{- end }} # end sidecar injection - name: DD_REMOTE_CONFIGURATION_ENABLED diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index efd9b639f..dfc3ee4da 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1058,13 +1058,53 @@ clusterAgent: port: 8000 agentSidecarInjection: enabled: true + provider: fargate selectors: - - objectSelector: + - name: fargate-profile1 + objectSelector: matchLabels: - injectsidecar: "true" + application-fargate: "true" namespaceSelector: matchLabels: injectsidecar: "true" + - name: fargate-profile2 + namespaceSelector: + matchLabels: + nsName: frontend_or_backend + profiles: + - name: standard + default: true + env: + - name: DD_CARDINALITY + value: orchestrator + - name: DD_PROCESS_ENABLE + value: "true" + resources: + requests: + cpu: 500m + memory: 500Mi + limits: + cpu: 500m + memory: 500Mi + - name: large + basedOnDefault: true + selectors: + - fargate-profile1 + resources: + requests: + cpu: "1" + memory: 800Mi + limits: + cpu: "1" + memory: 800Mi + # enabled: true + # selectors: + # - objectSelector: + # matchLabels: + # injectsidecar: "true" + # namespaceSelector: + # matchLabels: + # injectsidecar: "true" # - objectSelector: # matchExpressions: # - key: runlevel @@ -1076,6 +1116,30 @@ clusterAgent: # matchLabels: # nsKey3: nsValue3 # nsKey4: nsValue4 + # profiles: + # - env: + # - name: PROVIDER_1 + # value: true + # - name: DD_APM_ENABLED + # value: true + # resources: + # requests: + # cpu: "1" + # memory: "512Mi" + # limits: + # cpu: "2" + # memory: "1024Mi" + # - env: + # - name: ENV_VAR + # value: value + # resources: + # requests: + # cpu: "0.3" + # memory: "128Mi" + # limits: + # cpu: "0.5" + # memory: "256Mi" + # clusterAgent.confd -- Provide additional cluster check configurations. Each key will become a file in /conf.d. diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 0999be11b..62a7995a8 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -35,7 +35,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 8d602b609b9e6fc8533b36f8c29d2e4d11cb64016d11adc538285afdbbfffa7b + checksum/clusteragent_token: 60c2185d51b4f61be96fb8b028440a891ed206c63738cfdeb7238a73fcb292c8 checksum/clusteragent-configmap: 3f31a62941835a795f0e91cf7b1d73bcff008bc6209660cfcc057d21d4dc5beb checksum/api_key: f2ebb229936b8c29e5a679f9ceb3770e693e8957e437b067c5b84d7fd88aa0d5 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b @@ -108,7 +108,9 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS - value: '[{"namespaceSelector":{"matchLabels":{"injectsidecar":true}},"objectSelector":{"matchLabels":{"injectsidecar":true}}}]' + value: '[{"name":"fargate-profile1","namespaceSelector":{"matchLabels":{"injectsidecar":"true"}},"objectSelector":{"matchLabels":{"application-fargate":"true"}}},{"name":"fargate-profile2","namespaceSelector":{"matchLabels":{"nsName":"frontend_or_backend"}}}]' + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '[{"default":true,"env":[{"name":"DD_CARDINALITY","value":"orchestrator"},{"name":"DD_PROCESS_ENABLE","value":"true"}],"name":"standard","resources":{"cpu":"500m","limits":null,"memory":"500Mi","requests":{"cpu":"500m","memory":"500Mi"}}},{"basedOnDefault":true,"name":"large","resources":{"limits":{"cpu":"1","memory":"800Mi"},"requests":{"cpu":"1","memory":"800Mi"}},"selectors":["fargate-profile1"]}]' # end sidecar injection - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" diff --git a/test/datadog/dac_ac_test.go b/test/datadog/dac_ac_test.go index b94c02d71..17ddc0598 100644 --- a/test/datadog/dac_ac_test.go +++ b/test/datadog/dac_ac_test.go @@ -7,6 +7,7 @@ import ( "github.com/DataDog/helm-charts/test/common" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -47,23 +48,81 @@ func Test_admissionControllerConfig(t *testing.T) { } } -type Selector struct { - ObjectSelector metav1.LabelSelector `yaml:"objectSelector"` - NamespaceSelector metav1.LabelSelector `yaml:"namespaceSelector"` +// V1 structs are for the current scope +type SelectorV1 struct { + ObjectSelector metav1.LabelSelector `json:"objectSelector"` + NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"` +} + +type ProfileV1 struct { + EnvVars []corev1.EnvVar `json:"env,omitempty"` + ResourceRequirements corev1.ResourceRequirements `json:"resources,omitempty"` +} + +// V2 structs are for one possibility of extending V1 +type SelectorV2 struct { + Name string `yaml:"name"` + + ObjectSelector metav1.LabelSelector `json:"objectSelector"` + NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"` +} + +type ProfileV2 struct { + Name string `yaml:"name"` + Default bool `yaml:"default"` + basedOnDefault bool `yaml:"basedOnDefault"` + Selectors []string `yaml:selectors` + + EnvVars []corev1.EnvVar `json:"env,omitempty"` + ResourceRequirements corev1.ResourceRequirements `json:"resources,omitempty"` } func verifyDeploymentACConfig(t *testing.T, baselineManifestPath, manifest string) { var deployment appsv1.Deployment common.Unmarshal(t, manifest, &deployment) dcaContainer := deployment.Spec.Template.Spec.Containers[0] - var selectorsAsString string + var selectorsAsString, profilesAsString string for _, envVar := range dcaContainer.Env { if "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" == envVar.Name { selectorsAsString = envVar.Value } + if "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" == envVar.Name { + profilesAsString = envVar.Value + } } - var selectors []Selector - json.Unmarshal([]byte(selectorsAsString), &selectors) - t.Log("print", "selector struct", selectors, "selector string", selectorsAsString) + // Unmarshal into v1 struct + var selectorsV1 []SelectorV1 + err := json.Unmarshal([]byte(selectorsAsString), &selectorsV1) + t.Log("print", "selector struct", selectorsV1, "selector string", selectorsAsString, "error", err) + + var profilesV1 []ProfileV1 + err = json.Unmarshal([]byte(profilesAsString), &profilesV1) + t.Log("print", "profile struct", profilesV1, "profile string", profilesAsString, "error", err) + + // Unmarshal into v2 structs + var selectorsV2 []SelectorV2 + err = json.Unmarshal([]byte(selectorsAsString), &selectorsV2) + t.Log("print", "selector struct", selectorsV2, "selector string", selectorsAsString, "error", err) + + var profilesV2 []ProfileV2 + err = json.Unmarshal([]byte(profilesAsString), &profilesV2) + t.Log("print", "profile struct", profilesV2, "profile string", profilesAsString, "error", err) + + assert.Equal(t, 2, len(selectorsV1)) + assert.Equal(t, 2, len(selectorsV2)) + assert.Equal(t, selectorsV1[0].NamespaceSelector, selectorsV2[0].NamespaceSelector) + assert.Equal(t, selectorsV1[1].NamespaceSelector, selectorsV2[1].NamespaceSelector) + assert.Equal(t, selectorsV1[0].ObjectSelector, selectorsV2[0].ObjectSelector) + assert.Equal(t, selectorsV1[1].ObjectSelector, selectorsV2[1].ObjectSelector) + + assert.Equal(t, 2, len(profilesV1)) + assert.Equal(t, 2, len(profilesV2)) + assert.Equal(t, profilesV1[0].EnvVars, profilesV1[0].EnvVars) + assert.Equal(t, profilesV2[1].EnvVars, profilesV2[1].EnvVars) + assert.Equal(t, profilesV1[0].ResourceRequirements, profilesV1[0].ResourceRequirements) + assert.Equal(t, profilesV2[1].ResourceRequirements, profilesV2[1].ResourceRequirements) + + assert.Equal(t, "fargate-profile1", selectorsV2[0].Name) + assert.Equal(t, true, profilesV2[0].Default) }