Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(admission controller): Add new webhook settings #1461

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions api/datadoghq/common/envvar.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ const (
DDAdmissionControllerAgentSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS"
DDAdmissionControllerAgentSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES"
DDAdmissionControllerEnabled = "DD_ADMISSION_CONTROLLER_ENABLED"
DDAdmissionControllerValidationEnabled = "DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED"
DDAdmissionControllerMutationEnabled = "DD_ADMISSION_CONTROLLER_MUTATION_ENABLED"
DDAdmissionControllerInjectConfig = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_ENABLED"
DDAdmissionControllerInjectConfigMode = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE"
DDAdmissionControllerInjectTags = "DD_ADMISSION_CONTROLLER_INJECT_TAGS_ENABLED"
Expand Down
24 changes: 14 additions & 10 deletions api/datadoghq/v2alpha1/datadogagent_default.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ const (

defaultAdmissionControllerAgentSidecarClusterAgentEnabled bool = true
defaultAdmissionControllerEnabled bool = true
defaultAdmissionControllerValidationEnabled bool = true
defaultAdmissionControllerMutationEnabled bool = true
defaultAdmissionControllerMutateUnlabelled bool = false
defaultAdmissionServiceName string = "datadog-admission-controller"
// DefaultAdmissionControllerCWSInstrumentationEnabled default CWS Instrumentation enabled value
Expand Down Expand Up @@ -465,21 +467,23 @@ func defaultFeaturesConfig(ddaSpec *DatadogAgentSpec) {
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.Enabled, defaultAdmissionControllerEnabled)
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.MutateUnlabelled, defaultAdmissionControllerMutateUnlabelled)
apiutils.DefaultStringIfUnset(&ddaSpec.Features.AdmissionController.ServiceName, defaultAdmissionServiceName)

}
agentSidecarInjection := ddaSpec.Features.AdmissionController.AgentSidecarInjection
if agentSidecarInjection != nil && agentSidecarInjection.Enabled != nil && *agentSidecarInjection.Enabled {
apiutils.DefaultBooleanIfUnset(&agentSidecarInjection.ClusterAgentCommunicationEnabled, defaultAdmissionControllerAgentSidecarClusterAgentEnabled)

// AdmissionControllerValidation Feature
if ddaSpec.Features.AdmissionController.AdmissionControllerValidationConfig == nil {
ddaSpec.Features.AdmissionController.AdmissionControllerValidationConfig = &AdmissionControllerValidationConfig{}
}
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.AdmissionControllerValidationConfig.Enabled, defaultAdmissionControllerValidationEnabled)

// CWS Instrumentation in AdmissionController Feature
if ddaSpec.Features.AdmissionController.CWSInstrumentation == nil {
ddaSpec.Features.AdmissionController.CWSInstrumentation = &CWSInstrumentationConfig{}
// AdmissionControllerMutation Feature
if ddaSpec.Features.AdmissionController.AdmissionControllerMutationConfig == nil {
ddaSpec.Features.AdmissionController.AdmissionControllerMutationConfig = &AdmissionControllerMutationConfig{}
}
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.CWSInstrumentation.Enabled, DefaultAdmissionControllerCWSInstrumentationEnabled)
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.AdmissionControllerMutationConfig.Enabled, defaultAdmissionControllerMutationEnabled)

if *ddaSpec.Features.AdmissionController.CWSInstrumentation.Enabled {
apiutils.DefaultStringIfUnset(&ddaSpec.Features.AdmissionController.CWSInstrumentation.Mode, DefaultAdmissionControllerCWSInstrumentationMode)
agentSidecarInjection := ddaSpec.Features.AdmissionController.AgentSidecarInjection
if agentSidecarInjection != nil && agentSidecarInjection.Enabled != nil && *agentSidecarInjection.Enabled {
apiutils.DefaultBooleanIfUnset(&agentSidecarInjection.ClusterAgentCommunicationEnabled, defaultAdmissionControllerAgentSidecarClusterAgentEnabled)
}

// CWS Instrumentation in AdmissionController Feature
Expand Down
112 changes: 99 additions & 13 deletions api/datadoghq/v2alpha1/datadogagent_default_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -274,7 +274,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -355,7 +361,9 @@ func Test_defaultFeatures(t *testing.T) {
Enabled: apiutils.NewBoolPointer(valueFalse),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
Enabled: apiutils.NewBoolPointer(valueFalse),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{Enabled: apiutils.NewBoolPointer(valueFalse)},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{Enabled: apiutils.NewBoolPointer(valueFalse)},
},
ExternalMetricsServer: &ExternalMetricsServerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
Expand Down Expand Up @@ -454,6 +462,12 @@ func Test_defaultFeatures(t *testing.T) {
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
CWSInstrumentation: &CWSInstrumentationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
Expand Down Expand Up @@ -587,7 +601,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -719,7 +739,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -846,7 +872,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -975,7 +1007,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1109,7 +1147,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1239,7 +1283,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1366,7 +1416,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(valueFalse),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand All @@ -1387,6 +1443,12 @@ func Test_defaultFeatures(t *testing.T) {
ddaSpec: &DatadogAgentSpec{
Features: &DatadogFeatures{
AdmissionController: &AdmissionControllerFeatureConfig{
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(true),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(true),
},
MutateUnlabelled: apiutils.NewBoolPointer(true),
AgentCommunicationMode: apiutils.NewStringPointer("socket"),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1497,7 +1559,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueTrue),
Enabled: apiutils.NewBoolPointer(valueTrue),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(valueTrue),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
AgentCommunicationMode: apiutils.NewStringPointer("socket"),
Expand Down Expand Up @@ -1627,7 +1695,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1775,7 +1849,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1915,7 +1995,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
AdmissionControllerValidationConfig: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
AdmissionControllerMutationConfig: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down
22 changes: 22 additions & 0 deletions api/datadoghq/v2alpha1/datadogagent_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,14 @@ type AdmissionControllerFeatureConfig struct {
// +optional
Enabled *bool `json:"enabled,omitempty"`

// AdmissionControllerValidationConfig contains Admission Controller validation configurations.
// +optional
AdmissionControllerValidationConfig *AdmissionControllerValidationConfig `json:"validation,omitempty"`

// AdmissionControllerMutationConfig contains Admission Controller mutation configurations.
// +optional
AdmissionControllerMutationConfig *AdmissionControllerMutationConfig `json:"mutation,omitempty"`

// MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'.
// Default: false
// +optional
Expand Down Expand Up @@ -716,6 +724,20 @@ type AdmissionControllerFeatureConfig struct {
CWSInstrumentation *CWSInstrumentationConfig `json:"cwsInstrumentation,omitempty"`
}

type AdmissionControllerValidationConfig struct {
// Enabled enables the Admission Controller validation webhook.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}

type AdmissionControllerMutationConfig struct {
// Enabled enables the Admission Controller mutation webhook.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}

type AgentSidecarInjectionConfig struct {
// Enabled enables Sidecar injections.
// Default: false
Expand Down
Loading
Loading