Add registry options in admission controller (#1181)

Update docs/configuration.v2alpha1.md Co-authored-by: Rosa Trieu <[email protected]> Update datadoghq.com_datadogagents.yaml Update datadoghq.com_datadogagents.yaml edited some code in features.go to check If there is a value on global.registry Edited comments for better clarification Edited some typos added AC test and deleted for v1alpha1 editing some AC test editing some AC test code changing AC test codes Changing variables in AC feature test code Adding global registry option test case for AC feature test Adding v1alpha1 test case back in AC feature test making empty commit making empty commit with signature
DataDog · May 22, 2024 · 3e962f4 · 3e962f4
1 parent f0e5f6b
commit 3e962f4
Show file tree

Hide file tree

Showing 9 changed files with 73 additions and 17 deletions.
diff --git a/apis/datadoghq/common/envvar.go b/apis/datadoghq/common/envvar.go
@@ -17,6 +17,7 @@ const (
 	DDAdmissionControllerServiceName                  = "DD_ADMISSION_CONTROLLER_SERVICE_NAME"
 	DDAdmissionControllerFailurePolicy                = "DD_ADMISSION_CONTROLLER_FAILURE_POLICY"
 	DDAdmissionControllerWebhookName                  = "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME"
+	DDAdmissionControllerRegistryName                 = "DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY"
 	DDAPIKey                                          = "DD_API_KEY"
 	DDAPMEnabled                                      = "DD_APM_ENABLED"
 	DDAPMInstrumentationInstallTime                   = "DD_INSTRUMENTATION_INSTALL_TIME"

diff --git a/apis/datadoghq/v2alpha1/datadogagent_types.go b/apis/datadoghq/v2alpha1/datadogagent_types.go
@@ -584,6 +584,10 @@ type AdmissionControllerFeatureConfig struct {
 	// Default: "datadog-webhook"
 	// +optional
 	WebhookName *string `json:"webhookName,omitempty"`
+
+	// Registry defines an image registry for the admission controller.
+	// +optional
+	Registry *string `json:"registry,omitempty"`
 }
 
 // ExternalMetricsServerFeatureConfig contains the External Metrics Server feature configuration.

diff --git a/apis/datadoghq/v2alpha1/zz_generated.deepcopy.go b/apis/datadoghq/v2alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml
@@ -7817,6 +7817,9 @@ spec:
                         mutateUnlabelled:
                           description: 'MutateUnlabelled enables config injection without the need of pod label ''admission.datadoghq.com/enabled="true"''. Default: false'
                           type: boolean
+                        registry:
+                          description: Registry defines an image registry for the admission controller.
+                          type: string
                         serviceName:
                           description: ServiceName corresponds to the webhook service name.
                           type: string

diff --git a/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml
@@ -15369,6 +15369,9 @@ spec:
                         mutateUnlabelled:
                           description: 'MutateUnlabelled enables config injection without the need of pod label ''admission.datadoghq.com/enabled="true"''. Default: false'
                           type: boolean
+                        registry:
+                          description: Registry defines an image registry for the admission controller.
+                          type: string
                         serviceName:
                           description: ServiceName corresponds to the webhook service name.
                           type: string

diff --git a/controllers/datadogagent/clusteragent_test.go b/controllers/datadogagent/clusteragent_test.go
@@ -249,7 +249,6 @@ func clusterAgentWithAdmissionControllerDefaultEnvVars(webhookService, agentServ
 		Name:  "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME",
 		Value: "datadog-webhook",
 	})
-
 	return builder.Build()
 }
 

diff --git a/controllers/datadogagent/feature/admissioncontroller/feature.go b/controllers/datadogagent/feature/admissioncontroller/feature.go
@@ -33,9 +33,9 @@ type admissionControllerFeature struct {
 	agentCommunicationMode string
 	localServiceName       string
 	failurePolicy          string
-
-	serviceAccountName string
-	owner              metav1.Object
+	registry               string
+	serviceAccountName     string
+	owner                  metav1.Object
 }
 
 func buildAdmissionControllerFeature(options *feature.Options) feature.Feature {
@@ -57,6 +57,12 @@ func (f *admissionControllerFeature) Configure(dda *v2alpha1.DatadogAgent) (reqC
 		if ac.ServiceName != nil && *ac.ServiceName != "" {
 			f.serviceName = *ac.ServiceName
 		}
+		// set image registry from feature config or global config if defined
+		if ac.Registry != nil && *ac.Registry != "" {
+			f.registry = *ac.Registry
+		} else if dda.Spec.Global.Registry != nil && *dda.Spec.Global.Registry != "" {
+			f.registry = *dda.Spec.Global.Registry
+		}
 		// agent communication mode set by user
 		if ac.AgentCommunicationMode != nil && *ac.AgentCommunicationMode != "" {
 			f.agentCommunicationMode = *ac.AgentCommunicationMode
@@ -146,6 +152,13 @@ func (f *admissionControllerFeature) ManageClusterAgent(managers feature.PodTemp
 		Value: apiutils.BoolToString(&f.mutateUnlabelled),
 	})
 
+	if f.registry != "" {
+		managers.EnvVar().AddEnvVarToContainer(common.ClusterAgentContainerName, &corev1.EnvVar{
+			Name:  apicommon.DDAdmissionControllerRegistryName,
+			Value: f.registry,
+		})
+	}
+
 	if f.serviceName != "" {
 		managers.EnvVar().AddEnvVarToContainer(common.ClusterAgentContainerName, &corev1.EnvVar{
 			Name:  apicommon.DDAdmissionControllerServiceName,

diff --git a/controllers/datadogagent/feature/admissioncontroller/feature_test.go b/controllers/datadogagent/feature/admissioncontroller/feature_test.go
@@ -34,7 +34,9 @@ func TestAdmissionControllerFeature(t *testing.T) {
 			Enabled: apiutils.NewBoolPointer(true),
 		},
 	}
-
+	globalConfig := &v2alpha1.GlobalConfig{
+		Registry: apiutils.NewStringPointer("globalRegistryName"),
+	}
 	tests := test.FeatureTestSuite{
 		//////////////////////////
 		// v1Alpha1.DatadogAgent
@@ -48,34 +50,45 @@ func TestAdmissionControllerFeature(t *testing.T) {
 			Name:          "v1alpha1 admission controller enabled",
 			DDAv1:         newV1Agent(true),
 			WantConfigure: true,
-			ClusterAgent:  testDCAResources("hostip"),
+			ClusterAgent:  testDCAResources("hostip", ""),
 		},
-
 		//////////////////////////
 		// v2Alpha1.DatadogAgent
 		//////////////////////////
 		{
 			Name:          "v2alpha1 admission controller not enabled",
-			DDAv2:         newV2Agent(false, "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}),
+			DDAv2:         newV2Agent(false, "", "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}, nil),
 			WantConfigure: false,
 		},
 		{
 			Name:          "v2alpha1 admission controller enabled",
-			DDAv2:         newV2Agent(true, "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}),
+			DDAv2:         newV2Agent(true, "", "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}, nil),
 			WantConfigure: true,
-			ClusterAgent:  testDCAResources(""),
+			ClusterAgent:  testDCAResources("", ""),
 		},
 		{
 			Name:          "v2alpha1 admission controller enabled, apm uses uds",
-			DDAv2:         newV2Agent(true, "", apmUDS, &v2alpha1.DogstatsdFeatureConfig{}),
+			DDAv2:         newV2Agent(true, "", "", apmUDS, &v2alpha1.DogstatsdFeatureConfig{}, nil),
 			WantConfigure: true,
-			ClusterAgent:  testDCAResources("socket"),
+			ClusterAgent:  testDCAResources("socket", ""),
 		},
 		{
 			Name:          "v2alpha1 admission controller enabled, dsd uses uds",
-			DDAv2:         newV2Agent(true, "", &v2alpha1.APMFeatureConfig{}, dsdUDS),
+			DDAv2:         newV2Agent(true, "", "", &v2alpha1.APMFeatureConfig{}, dsdUDS, nil),
+			WantConfigure: true,
+			ClusterAgent:  testDCAResources("socket", ""),
+		},
+		{
+			Name:          "v2alpha1 admission controller enabled, add custom registry in global config",
+			DDAv2:         newV2Agent(true, "", "", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}, globalConfig),
+			WantConfigure: true,
+			ClusterAgent:  testDCAResources("", "globalRegistryName"),
+		},
+		{
+			Name:          "v2alpha1 admission controller enabled, add custom registry in global config, override with feature config",
+			DDAv2:         newV2Agent(true, "", "testRegistryName", &v2alpha1.APMFeatureConfig{}, &v2alpha1.DogstatsdFeatureConfig{}, globalConfig),
 			WantConfigure: true,
-			ClusterAgent:  testDCAResources("socket"),
+			ClusterAgent:  testDCAResources("", "testRegistryName"),
 		},
 	}
 
@@ -99,17 +112,17 @@ func newV1Agent(enabled bool) *v1alpha1.DatadogAgent {
 	}
 }
 
-func newV2Agent(enabled bool, acm string, apm *v2alpha1.APMFeatureConfig, dsd *v2alpha1.DogstatsdFeatureConfig) *v2alpha1.DatadogAgent {
+func newV2Agent(enabled bool, acm, registry string, apm *v2alpha1.APMFeatureConfig, dsd *v2alpha1.DogstatsdFeatureConfig, global *v2alpha1.GlobalConfig) *v2alpha1.DatadogAgent {
 	dda := &v2alpha1.DatadogAgent{
 		Spec: v2alpha1.DatadogAgentSpec{
+			Global: &v2alpha1.GlobalConfig{},
 			Features: &v2alpha1.DatadogFeatures{
 				AdmissionController: &v2alpha1.AdmissionControllerFeatureConfig{
 					Enabled:          apiutils.NewBoolPointer(enabled),
 					MutateUnlabelled: apiutils.NewBoolPointer(true),
 					ServiceName:      apiutils.NewStringPointer("testServiceName"),
 				},
 			},
-			Global: &v2alpha1.GlobalConfig{},
 		},
 	}
 	if acm != "" {
@@ -121,10 +134,17 @@ func newV2Agent(enabled bool, acm string, apm *v2alpha1.APMFeatureConfig, dsd *v
 	if dsd != nil {
 		dda.Spec.Features.Dogstatsd = dsd
 	}
+	if registry != "" {
+		dda.Spec.Features.AdmissionController.Registry = apiutils.NewStringPointer(registry)
+
+	}
+	if global != nil {
+		dda.Spec.Global = global
+	}
 	return dda
 }
 
-func testDCAResources(acm string) *test.ComponentTest {
+func testDCAResources(acm string, registry string) *test.ComponentTest {
 	return test.NewDefaultComponentTest().WithWantFunc(
 		func(t testing.TB, mgrInterface feature.PodTemplateManagers) {
 			mgr := mgrInterface.(*fake.PodTemplateManagers)
@@ -159,6 +179,13 @@ func testDCAResources(acm string) *test.ComponentTest {
 				}
 				expectedAgentEnvs = append(expectedAgentEnvs, &acmEnv)
 			}
+			if registry != "" {
+				registryEnv := corev1.EnvVar{
+					Name:  apicommon.DDAdmissionControllerRegistryName,
+					Value: registry,
+				}
+				expectedAgentEnvs = append(expectedAgentEnvs, &registryEnv)
+			}
 
 			assert.ElementsMatch(t,
 				agentEnvs,

diff --git a/docs/configuration.v2alpha1.md b/docs/configuration.v2alpha1.md
@@ -38,6 +38,7 @@ spec:
 | features.admissionController.enabled | Enabled enables the Admission Controller. Default: true |
 | features.admissionController.failurePolicy | FailurePolicy determines how unrecognized and timeout errors are handled. |
 | features.admissionController.mutateUnlabelled | MutateUnlabelled enables config injection without the need of pod label 'admission.datadoghq.com/enabled="true"'. Default: false |
+| features.admissionController.registry | Registry defines an image registry for the admission controller. |
 | features.admissionController.serviceName | ServiceName corresponds to the webhook service name. |
 | features.admissionController.webhookName | WebhookName is a custom name for the MutatingWebhookConfiguration. Default: "datadog-webhook" |
 | features.apm.enabled | Enabled enables Application Performance Monitoring. Default: true |
-Original file line number
+Diff line change
@@ Expand Up @@
     		Name:  "DD_ADMISSION_CONTROLLER_WEBHOOK_NAME",
     		Value: "datadog-webhook",
     	})
     	return builder.Build()
     }
@@ Expand Down @@