Merge branch 'main' into CONTP-247/wassim.dhif/startup-probe

DataDog · Jul 8, 2024 · a86feff · a86feff
2 parents d802c04 + 4c1f839
commit a86feff
Show file tree

Hide file tree

Showing 80 changed files with 4,727 additions and 918 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -6,3 +6,4 @@ updates:
       interval: weekly
     labels:
       - dependencies
+      - qa/skip-qa
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -173,23 +173,6 @@ build_bundle_image:
     - if [ -n "$CI_COMMIT_TAG" ]; then docker buildx imagetools create $TARGET_IMAGE --tag $RELEASE_IMAGE; fi
 
 
-preflight_redhat_image_amd64:
-  stage: test-image
-  rules:
-    - if: $CI_COMMIT_TAG
-      when: on_success
-    - when: never
-  tags:
-    - "arch:amd64"
-  image: $JOB_DOCKER_IMAGE
-  variables:
-    IMG: $BUILD_DOCKER_REGISTRY/$PROJECTNAME:v${CI_PIPELINE_ID}-${CI_COMMIT_SHORT_SHA}-amd64
-  script:
-    - DOCKER_REGISTRY_LOGIN=$(aws ssm get-parameter --region us-east-1 --name ci.datadog-operator.$DOCKER_REGISTRY_LOGIN_SSM_KEY --with-decryption --query "Parameter.Value" --out text)
-    - aws ssm get-parameter --region us-east-1 --name ci.datadog-operator.$DOCKER_REGISTRY_PWD_SSM_KEY --with-decryption --query "Parameter.Value" --out text | docker login --username "$DOCKER_REGISTRY_LOGIN" --password-stdin "$DOCKER_REGISTRY_URL"
-    - make preflight-redhat-container
-
-
 publish_public_main:
   stage: release
   rules:
@@ -222,39 +205,23 @@ publish_public_tag:
     IMG_DESTINATIONS_REGEX_REPL: ':'
     IMG_SIGNING: "false"
 
-# RedHat does not support multi-arch images. Use docker commands in lieu of DataDog/public-images until they do.
 publish_redhat_public_tag:
   stage: release
   rules:
     - if: $CI_COMMIT_TAG
       when: manual
     - when: never
-  needs:
-    - "preflight_redhat_image_amd64"
-  tags: ["runner:docker", "size:large"]
-  image: $JOB_DOCKER_IMAGE
-  script:
-    - apt-get update && apt-get -y install --no-install-recommends build-essential git awscli && apt-get -y clean && rm -rf /var/lib/apt/lists/*
-    # Docker login to pull build image
-    - DOCKER_REGISTRY_LOGIN=$(aws ssm get-parameter --region us-east-1 --name ci.datadog-operator.$DOCKER_REGISTRY_LOGIN_SSM_KEY --with-decryption --query "Parameter.Value" --out text)
-    - aws ssm get-parameter --region us-east-1 --name ci.datadog-operator.$DOCKER_REGISTRY_PWD_SSM_KEY --with-decryption --query "Parameter.Value" --out text | docker login --username "$DOCKER_REGISTRY_LOGIN" --password-stdin "$DOCKER_REGISTRY_URL"
-    - docker pull --platform linux/amd64 $BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-amd64
-    - docker tag $BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-amd64 $RH_PARTNER_REGISTRY/$RH_PARTNER_PROJECT_ID:${CI_COMMIT_TAG:1}
-    # Docker login to push image to Redhat
-    - aws ssm get-parameter --region us-east-1 --name ci.datadog-operator.$RH_PARTNER_REGISTRY_KEY_SSM_KEY --with-decryption --query "Parameter.Value" --out text | docker login -u "$RH_PARTNER_REGISTRY_USER" quay.io --password-stdin
-    - docker push $RH_PARTNER_REGISTRY/$RH_PARTNER_PROJECT_ID:${CI_COMMIT_TAG:1}
-
-  # Save for future use with public-images.
-  # trigger:
-  #   project: DataDog/public-images
-  #   branch: main
-  #   strategy: depend
-  # variables:
-  #   IMG_SOURCES: $BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-amd64
-  #   IMG_DESTINATIONS: operator:$CI_COMMIT_TAG
-  #   IMG_DESTINATIONS_REGEX: ':v'
-  #   IMG_DESTINATIONS_REGEX_REPL: ':'
-  #   IMG_REGISTRIES: redhat-operator
+  trigger:
+    project: DataDog/public-images
+    branch: main
+    strategy: depend
+  variables:
+    IMG_SOURCES: $BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-amd64,$BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-arm64
+    IMG_DESTINATIONS: $RH_PARTNER_PROJECT_ID:$CI_COMMIT_TAG
+    IMG_DESTINATIONS_REGEX: ':v'
+    IMG_DESTINATIONS_REGEX_REPL: ':'
+    IMG_REGISTRIES: redhat-operator
+    IMG_SIGNING: "false"
 
 publish_public_latest:
   stage: release
@@ -271,27 +238,21 @@ publish_public_latest:
     IMG_DESTINATIONS: operator:latest
     IMG_SIGNING: "false"
 
-# RedHat does not support multi-arch images. Use docker commands in lieu of DataDog/public-images until they do.
 publish_redhat_public_latest:
   stage: release
   rules:
     - if: $CI_COMMIT_TAG
       when: manual
     - when: never
-  needs:
-    - "preflight_redhat_image_amd64"
-  tags: ["runner:docker", "size:large"]
-  image: $JOB_DOCKER_IMAGE
-  script:
-    - apt-get update && apt-get -y install --no-install-recommends build-essential git awscli && apt-get -y clean && rm -rf /var/lib/apt/lists/*
-    # Docker login to pull build image
-    - DOCKER_REGISTRY_LOGIN=$(aws ssm get-parameter --region us-east-1 --name ci.datadog-operator.$DOCKER_REGISTRY_LOGIN_SSM_KEY --with-decryption --query "Parameter.Value" --out text)
-    - aws ssm get-parameter --region us-east-1 --name ci.datadog-operator.$DOCKER_REGISTRY_PWD_SSM_KEY --with-decryption --query "Parameter.Value" --out text | docker login --username "$DOCKER_REGISTRY_LOGIN" --password-stdin "$DOCKER_REGISTRY_URL"
-    - docker pull --platform linux/amd64 $BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-amd64
-    - docker tag $BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-amd64 $RH_PARTNER_REGISTRY/$RH_PARTNER_PROJECT_ID:latest
-    # Docker login to push image to Redhat
-    - aws ssm get-parameter --region us-east-1 --name ci.datadog-operator.$RH_PARTNER_REGISTRY_KEY_SSM_KEY --with-decryption --query "Parameter.Value" --out text | docker login -u "$RH_PARTNER_REGISTRY_USER" quay.io --password-stdin
-    - docker push $RH_PARTNER_REGISTRY/$RH_PARTNER_PROJECT_ID:latest
+  trigger:
+    project: DataDog/public-images
+    branch: main
+    strategy: depend
+  variables:
+    IMG_SOURCES: $BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-amd64,$BUILD_DOCKER_REGISTRY/$PROJECTNAME:$CI_COMMIT_TAG-arm64
+    IMG_DESTINATIONS: $RH_PARTNER_PROJECT_ID:latest
+    IMG_REGISTRIES: redhat-operator
+    IMG_SIGNING: "false"
 
 trigger_internal_operator_image:
   stage: release
@@ -435,7 +396,9 @@ e2e:
   script:
     - IMAGE_PULL_PASSWORD=$(aws ecr get-login-password) IMG=$TARGET_IMAGE make e2e-tests
 
-submit_preflight_redhat_public_tag:
+
+# Preflight now supports multiarch image checks
+submit_preflight_redhat_image:
   stage: post-release
   rules:
     - if: $CI_COMMIT_TAG
@@ -452,15 +415,14 @@ submit_preflight_redhat_public_tag:
     - export IMG=$RH_PARTNER_REGISTRY/$RH_PARTNER_PROJECT_ID:${CI_COMMIT_TAG:1}
     - make preflight-redhat-container-submit
 
-
 publish_community_operators:
   stage: post-release
   rules:
       - if: $CI_COMMIT_TAG
         when: manual
       - when: never
   needs:
-    - "submit_preflight_redhat_public_tag"
+    - "submit_preflight_redhat_image"
   tags: [ "runner:docker", "size:large" ]
   image: $JOB_DOCKER_IMAGE
   before_script:

diff --git a/Makefile b/Makefile
@@ -234,9 +234,10 @@ bundle: bin/$(PLATFORM)/operator-sdk bin/$(PLATFORM)/yq $(KUSTOMIZE) manifests #
 bundle-redhat: bin/$(PLATFORM)/operator-manifest-tools
 	hack/redhat-bundle.sh
 
+# Build and push the multiarch bundle image.
 .PHONY: bundle-build-push
-bundle-build-push: ## Build and load the bundle image.
-	docker buildx build --push -f bundle.Dockerfile -t $(BUNDLE_IMG) .
+bundle-build-push:
+	docker buildx build --platform linux/amd64,linux/arm64 --push -f bundle.Dockerfile -t $(BUNDLE_IMG) .
 
 .PHONY: bundle-push
 bundle-push:
@@ -349,11 +350,11 @@ bin/$(PLATFORM)/operator-manifest-tools: Makefile
 	hack/install-operator-manifest-tools.sh 0.6.0
 
 bin/$(PLATFORM)/preflight: Makefile
-	hack/install-openshift-preflight.sh 1.9.4
+	hack/install-openshift-preflight.sh 1.9.9
 
 bin/$(PLATFORM)/openapi-gen:
 	mkdir -p $(ROOT)/bin/$(PLATFORM)
-	GOBIN=$(ROOT)/bin/$(PLATFORM) go install k8s.io/kube-openapi/cmd/openapi-gen
+	GOBIN=$(ROOT)/bin/$(PLATFORM) go install k8s.io/kube-openapi/cmd/openapi-gen@v0.0.0-20230717233707-2695361300d9
 
 bin/$(PLATFORM)/kubebuilder:
 	./hack/install-kubebuilder.sh 3.13.0 ./bin/$(PLATFORM)

diff --git a/apis/datadoghq/v1alpha1/datadogagentprofile_validation.go b/apis/datadoghq/v1alpha1/datadogagentprofile_validation.go
@@ -29,21 +29,6 @@ func ValidateDatadogAgentProfileSpec(spec *DatadogAgentProfileSpec) error {
 	if spec.Config.Override == nil {
 		return fmt.Errorf("config override must be defined")
 	}
-	if spec.Config.Override[NodeAgentComponentName] == nil {
-		return fmt.Errorf("node agent override must be defined")
-	}
-	if spec.Config.Override[NodeAgentComponentName].Containers == nil {
-		return fmt.Errorf("node agent container must be defined")
-	}
-	containsAtLeastOneContainerResourceOverride := false
-	for _, container := range spec.Config.Override[NodeAgentComponentName].Containers {
-		if container.Resources != nil {
-			containsAtLeastOneContainerResourceOverride = true
-		}
-	}
-	if !containsAtLeastOneContainerResourceOverride {
-		return fmt.Errorf("at least one container resource must be defined")
-	}
 
 	return nil
 }
diff --git a/apis/datadoghq/v1alpha1/datadogagentprofile_validation_test.go b/apis/datadoghq/v1alpha1/datadogagentprofile_validation_test.go
@@ -70,56 +70,6 @@ func TestIsValidDatadogAgentProfile(t *testing.T) {
 			},
 		},
 	}
-	missingResources := &DatadogAgentProfileSpec{
-		ProfileAffinity: &ProfileAffinity{
-			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
-				{
-					Key:      "foo",
-					Operator: corev1.NodeSelectorOpIn,
-					Values:   []string{"bar"},
-				},
-			},
-		},
-		Config: &Config{
-			Override: map[ComponentName]*Override{
-				NodeAgentComponentName: {
-					Containers: map[commonv1.AgentContainerName]*Container{
-						commonv1.CoreAgentContainerName: {},
-					},
-				},
-			},
-		},
-	}
-	missingContainer := &DatadogAgentProfileSpec{
-		ProfileAffinity: &ProfileAffinity{
-			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
-				{
-					Key:      "foo",
-					Operator: corev1.NodeSelectorOpIn,
-					Values:   []string{"bar"},
-				},
-			},
-		},
-		Config: &Config{
-			Override: map[ComponentName]*Override{
-				NodeAgentComponentName: {},
-			},
-		},
-	}
-	missingComponent := &DatadogAgentProfileSpec{
-		ProfileAffinity: &ProfileAffinity{
-			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
-				{
-					Key:      "foo",
-					Operator: corev1.NodeSelectorOpIn,
-					Values:   []string{"bar"},
-				},
-			},
-		},
-		Config: &Config{
-			Override: map[ComponentName]*Override{},
-		},
-	}
 	missingOverride := &DatadogAgentProfileSpec{
 		ProfileAffinity: &ProfileAffinity{
 			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
@@ -166,21 +116,6 @@ func TestIsValidDatadogAgentProfile(t *testing.T) {
 			name: "valid dap, resources specified in one container only",
 			spec: validResourceOverrideInOneContainerOnly,
 		},
-		{
-			name:    "missing resources",
-			spec:    missingResources,
-			wantErr: "at least one container resource must be defined",
-		},
-		{
-			name:    "missing container",
-			spec:    missingContainer,
-			wantErr: "node agent container must be defined",
-		},
-		{
-			name:    "missing component",
-			spec:    missingComponent,
-			wantErr: "node agent override must be defined",
-		},
 		{
 			name:    "missing override",
 			spec:    missingOverride,

diff --git a/apis/datadoghq/v2alpha1/datadogagent_types.go b/apis/datadoghq/v2alpha1/datadogagent_types.go
@@ -8,6 +8,7 @@ package v2alpha1
 import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
 
 	commonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1"
 )
@@ -1191,6 +1192,10 @@ type DatadogAgentComponentOverride struct {
 	// +optional
 	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
 
+	// The deployment strategy to use to replace existing pods with new ones.
+	// +optional
+	UpdateStrategy *UpdateStrategy `json:"updateStrategy,omitempty"`
+
 	// Configure the component tolerations.
 	// +optional
 	// +listType=atomic
@@ -1294,6 +1299,29 @@ const (
 	SingleContainerStrategy ContainerStrategyType = "single"
 )
 
+// The deployment strategy to use to replace existing pods with new ones.
+// +k8s:openapi-gen=true
+type UpdateStrategy struct {
+	// Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate"
+	// or "Recreate" for Deployments
+	Type string `json:"type,omitempty"`
+	// Configure the rolling update strategy of the Deployment or DaemonSet.
+	RollingUpdate *RollingUpdate `json:"rollingUpdate,omitempty"`
+}
+
+// RollingUpdate describes how to replace existing pods with new ones.
+// +k8s:openapi-gen=true
+type RollingUpdate struct {
+	// The maximum number of pods that can be unavailable during the update.
+	// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+	// Refer to the Kubernetes API documentation for additional details..
+	MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"`
+
+	// MaxSurge behaves differently based on the Kubernetes resource. Refer to the
+	// Kubernetes API documentation for additional details.
+	MaxSurge *intstr.IntOrString `json:"maxSurge,omitempty"`
+}
+
 // FIPSConfig contains the FIPS configuration.
 // +k8s:openapi-gen=true
 type FIPSConfig struct {

diff --git a/apis/datadoghq/v2alpha1/zz_generated.deepcopy.go b/apis/datadoghq/v2alpha1/zz_generated.deepcopy.go