feat(ssi): add target based workload selection

[betterengineering]

What this PR does / why we need it:

This change implements Kubernetes SSI | Workload Selection 🎯 which is being released as part of the Datadog Agent in 7.64.0.

Targets can be found here in the cluster agent. The goal is to allow a single operator to be able to configure instrumentation without needing to update any apps or deployments already running there.

Which issue this PR fixes

• INPLAT-423

Special notes for your reviewer:

This change splits out the feature work from #1733 to merge them separately. Also, we will follow up with a future commit to update the examples for instrumentation once the agent has been released.

Tests

I have tested this change using injector-dev using the following scenario:

helm:
  localChartPath: "/Users/mark.spicer/go/src/github.com/DataDog/helm-charts/charts/datadog"
  apps:
  - name: python-injection
    namespace: application
    values:
      service:
        port: 8080
      image:
        repository: registry.ddbuild.io/ci/injector-dev/python
        tag: 2cd78ded
      podLabels:
        tags.datadoghq.com/env: local
        app: "billing-service"
      env:
      - name: DD_TRACE_DEBUG
        value: "true"
      - name: DD_APM_INSTRUMENTATION_DEBUG
        value: "true"
  - name: python-no-injection
    namespace: application
    values:
      service:
        port: 8080
      image:
        repository: registry.ddbuild.io/ci/injector-dev/python
        tag: 2cd78ded
      podLabels:
        tags.datadoghq.com/env: local
      env:
      - name: DD_TRACE_DEBUG
        value: "true"
      - name: DD_APM_INSTRUMENTATION_DEBUG
        value: "true"
  versions:
    agent: "7.64.0-rc.8"
    cluster_agent: "7.64.0-rc.8"
    injector: "0.31.1"
  config:
    datadog:
      apm:
        instrumentation:
          enabled: true
          targets:
            - name: "billing-service"
              podSelector:
                matchLabels:
                  app: "billing-service"
              namespaceSelector:
                matchNames:
                - "application"
              ddTraceVersions: 
                python: "default"
              ddTraceConfigs:
                - name: "DD_PROFILING_ENABLED"
                  value: "true"

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

• Chart Version bumped
• Documentation has been updated with helm-docs (run: .github/helm-docs.sh)
• CHANGELOG.md has been updated
• Variables are documented in the README.md

[clamoriniere]

Hi @betterengineering

the change looks good,
Could you add or update the APM SSI CI helm configuration, so we can validate that the generated manifest is valid: https://github.com/DataDog/helm-charts/blob/main/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml

[clamoriniere]

thanks for the quick update

[clamoriniere]

/merge

[dd-devflow]

View all feedbacks in Devflow UI.
2025-03-07 14:04:38 UTC ℹ️ Start processing command /merge

---

2025-03-07 14:04:44 UTC ℹ️ MergeQueue: waiting for PR to be ready

This merge request is not mergeable yet, because of pending checks/missing approvals. It will be added to the queue as soon as checks pass and/or get approvals.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

---

2025-03-07 14:43:11 UTC ℹ️ MergeQueue: merge request added to the queue

The median merge time in main is 38m.

---

2025-03-07 15:22:10 UTC ℹ️ MergeQueue: This merge request was merged