Skip to content

Commit

Permalink
feat(admission controller): Add new webhook settings (#1461)
Browse files Browse the repository at this point in the history 
* feat(admission controller): Add new webhook settings

Signed-off-by: Wassim DHIF <[email protected]>

* chore: rename parameters

Signed-off-by: Wassim DHIF <[email protected]>

---------

Signed-off-by: Wassim DHIF <[email protected]>
Co-authored-by: Timothée Bavelier <[email protected]>
  • Loading branch information
@wdhif @tbavelier
wdhif and tbavelier authored Nov 26, 2024
1 parent 49004a6 commit d98ded2
Show file tree
Hide file tree
Showing 12 changed files with 375 additions and 45 deletions.
2 changes: 2 additions & 0 deletions api/datadoghq/common/envvar.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ const (
DDAdmissionControllerAgentSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS"
DDAdmissionControllerAgentSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES"
DDAdmissionControllerEnabled = "DD_ADMISSION_CONTROLLER_ENABLED"
DDAdmissionControllerValidationEnabled = "DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED"
DDAdmissionControllerMutationEnabled = "DD_ADMISSION_CONTROLLER_MUTATION_ENABLED"
DDAdmissionControllerInjectConfig = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_ENABLED"
DDAdmissionControllerInjectConfigMode = "DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE"
DDAdmissionControllerInjectTags = "DD_ADMISSION_CONTROLLER_INJECT_TAGS_ENABLED"
Expand Down
24 changes: 14 additions & 10 deletions api/datadoghq/v2alpha1/datadogagent_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ const (

defaultAdmissionControllerAgentSidecarClusterAgentEnabled bool = true
defaultAdmissionControllerEnabled bool = true
defaultAdmissionControllerValidationEnabled bool = true
defaultAdmissionControllerMutationEnabled bool = true
defaultAdmissionControllerMutateUnlabelled bool = false
defaultAdmissionServiceName string = "datadog-admission-controller"
// DefaultAdmissionControllerCWSInstrumentationEnabled default CWS Instrumentation enabled value
Expand Down Expand Up @@ -475,21 +477,23 @@ func defaultFeaturesConfig(ddaSpec *DatadogAgentSpec) {
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.Enabled, defaultAdmissionControllerEnabled)
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.MutateUnlabelled, defaultAdmissionControllerMutateUnlabelled)
apiutils.DefaultStringIfUnset(&ddaSpec.Features.AdmissionController.ServiceName, defaultAdmissionServiceName)

}
agentSidecarInjection := ddaSpec.Features.AdmissionController.AgentSidecarInjection
if agentSidecarInjection != nil && agentSidecarInjection.Enabled != nil && *agentSidecarInjection.Enabled {
apiutils.DefaultBooleanIfUnset(&agentSidecarInjection.ClusterAgentCommunicationEnabled, defaultAdmissionControllerAgentSidecarClusterAgentEnabled)

// AdmissionControllerValidation Feature
if ddaSpec.Features.AdmissionController.Validation == nil {
ddaSpec.Features.AdmissionController.Validation = &AdmissionControllerValidationConfig{}
}
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.Validation.Enabled, defaultAdmissionControllerValidationEnabled)

// CWS Instrumentation in AdmissionController Feature
if ddaSpec.Features.AdmissionController.CWSInstrumentation == nil {
ddaSpec.Features.AdmissionController.CWSInstrumentation = &CWSInstrumentationConfig{}
// AdmissionControllerMutation Feature
if ddaSpec.Features.AdmissionController.Mutation == nil {
ddaSpec.Features.AdmissionController.Mutation = &AdmissionControllerMutationConfig{}
}
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.CWSInstrumentation.Enabled, DefaultAdmissionControllerCWSInstrumentationEnabled)
apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.AdmissionController.Mutation.Enabled, defaultAdmissionControllerMutationEnabled)

if *ddaSpec.Features.AdmissionController.CWSInstrumentation.Enabled {
apiutils.DefaultStringIfUnset(&ddaSpec.Features.AdmissionController.CWSInstrumentation.Mode, DefaultAdmissionControllerCWSInstrumentationMode)
agentSidecarInjection := ddaSpec.Features.AdmissionController.AgentSidecarInjection
if agentSidecarInjection != nil && agentSidecarInjection.Enabled != nil && *agentSidecarInjection.Enabled {
apiutils.DefaultBooleanIfUnset(&agentSidecarInjection.ClusterAgentCommunicationEnabled, defaultAdmissionControllerAgentSidecarClusterAgentEnabled)
}

// CWS Instrumentation in AdmissionController Feature
Expand Down
112 changes: 99 additions & 13 deletions api/datadoghq/v2alpha1/datadogagent_default_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -361,7 +367,9 @@ func Test_defaultFeatures(t *testing.T) {
Enabled: apiutils.NewBoolPointer(valueFalse),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
Enabled: apiutils.NewBoolPointer(valueFalse),
Validation: &AdmissionControllerValidationConfig{Enabled: apiutils.NewBoolPointer(valueFalse)},
Mutation: &AdmissionControllerMutationConfig{Enabled: apiutils.NewBoolPointer(valueFalse)},
},
ExternalMetricsServer: &ExternalMetricsServerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
Expand Down Expand Up @@ -463,6 +471,12 @@ func Test_defaultFeatures(t *testing.T) {
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
CWSInstrumentation: &CWSInstrumentationConfig{
Enabled: apiutils.NewBoolPointer(valueFalse),
},
Expand Down Expand Up @@ -599,7 +613,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -734,7 +754,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -864,7 +890,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -996,7 +1028,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1133,7 +1171,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1266,7 +1310,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1396,7 +1446,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(valueFalse),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand All @@ -1417,6 +1473,12 @@ func Test_defaultFeatures(t *testing.T) {
ddaSpec: &DatadogAgentSpec{
Features: &DatadogFeatures{
AdmissionController: &AdmissionControllerFeatureConfig{
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(true),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(true),
},
MutateUnlabelled: apiutils.NewBoolPointer(true),
AgentCommunicationMode: apiutils.NewStringPointer("socket"),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1530,7 +1592,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(valueTrue),
Enabled: apiutils.NewBoolPointer(valueTrue),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(valueTrue),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
AgentCommunicationMode: apiutils.NewStringPointer("socket"),
Expand Down Expand Up @@ -1663,7 +1731,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1815,7 +1889,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down Expand Up @@ -1958,7 +2038,13 @@ func Test_defaultFeatures(t *testing.T) {
UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
},
AdmissionController: &AdmissionControllerFeatureConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerEnabled),
Validation: &AdmissionControllerValidationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerValidationEnabled),
},
Mutation: &AdmissionControllerMutationConfig{
Enabled: apiutils.NewBoolPointer(defaultAdmissionControllerMutationEnabled),
},
MutateUnlabelled: apiutils.NewBoolPointer(defaultAdmissionControllerMutateUnlabelled),
ServiceName: apiutils.NewStringPointer(defaultAdmissionServiceName),
CWSInstrumentation: &CWSInstrumentationConfig{
Expand Down
22 changes: 22 additions & 0 deletions api/datadoghq/v2alpha1/datadogagent_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -690,6 +690,14 @@ type AdmissionControllerFeatureConfig struct {
// +optional
Enabled *bool `json:"enabled,omitempty"`

// Validation contains Admission Controller validation configurations.
// +optional
Validation *AdmissionControllerValidationConfig `json:"validation,omitempty"`

// Mutation contains Admission Controller mutation configurations.
// +optional
Mutation *AdmissionControllerMutationConfig `json:"mutation,omitempty"`

// MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'.
// Default: false
// +optional
Expand Down Expand Up @@ -726,6 +734,20 @@ type AdmissionControllerFeatureConfig struct {
CWSInstrumentation *CWSInstrumentationConfig `json:"cwsInstrumentation,omitempty"`
}

type AdmissionControllerValidationConfig struct {
// Enabled enables the Admission Controller validation webhook.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}

type AdmissionControllerMutationConfig struct {
// Enabled enables the Admission Controller mutation webhook.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}

type AgentSidecarInjectionConfig struct {
// Enabled enables Sidecar injections.
// Default: false
Expand Down
18 changes: 18 additions & 0 deletions api/datadoghq/v2alpha1/test/builder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,12 @@ func (builder *DatadogAgentBuilder) initAdmissionController() {
if builder.datadogAgent.Spec.Features.AdmissionController == nil {
builder.datadogAgent.Spec.Features.AdmissionController = &v2alpha1.AdmissionControllerFeatureConfig{}
}
if builder.datadogAgent.Spec.Features.AdmissionController.Validation == nil {
builder.datadogAgent.Spec.Features.AdmissionController.Validation = &v2alpha1.AdmissionControllerValidationConfig{}
}
if builder.datadogAgent.Spec.Features.AdmissionController.Mutation == nil {
builder.datadogAgent.Spec.Features.AdmissionController.Mutation = &v2alpha1.AdmissionControllerMutationConfig{}
}
if builder.datadogAgent.Spec.Features.AdmissionController.CWSInstrumentation == nil {
builder.datadogAgent.Spec.Features.AdmissionController.CWSInstrumentation = &v2alpha1.CWSInstrumentationConfig{}
}
Expand All @@ -202,6 +208,18 @@ func (builder *DatadogAgentBuilder) WithAdmissionControllerEnabled(enabled bool)
return builder
}

func (builder *DatadogAgentBuilder) WithAdmissionControllerValidationEnabled(enabled bool) *DatadogAgentBuilder {
builder.initAdmissionController()
builder.datadogAgent.Spec.Features.AdmissionController.Validation.Enabled = apiutils.NewBoolPointer(enabled)
return builder
}

func (builder *DatadogAgentBuilder) WithAdmissionControllerMutationEnabled(enabled bool) *DatadogAgentBuilder {
builder.initAdmissionController()
builder.datadogAgent.Spec.Features.AdmissionController.Mutation.Enabled = apiutils.NewBoolPointer(enabled)
return builder
}

func (builder *DatadogAgentBuilder) WithAdmissionControllerMutateUnlabelled(enabled bool) *DatadogAgentBuilder {
builder.initAdmissionController()
builder.datadogAgent.Spec.Features.AdmissionController.MutateUnlabelled = apiutils.NewBoolPointer(enabled)
Expand Down
Loading

0 comments on commit d98ded2

Please sign in to comment.