[system-probe] Add missing system probe settings for parity with helm…

… chart (#149) Adds missing toggles for OOMKill and TCPQueueLength modules as well as collectDNSStats setting.
DataDog · Sep 7, 2020 · 20bdcff · 20bdcff
1 parent 4faeb97
commit 20bdcff
Show file tree

Hide file tree

Showing 10 changed files with 479 additions and 46 deletions.
diff --git a/deploy/crds/datadoghq.com_datadogagents_crd.yaml b/deploy/crds/datadoghq.com_datadogagents_crd.yaml
@@ -2605,6 +2605,9 @@ spec:
                     bpfDebugEnabled:
                       description: BPFDebugEnabled logging for kernel debug
                       type: boolean
+                    collectDNSStats:
+                      description: CollectDNSStats enables DNS stat collection
+                      type: boolean
                     conntrackEnabled:
                       description: 'ConntrackEnabled enable the system-probe agent
                         to connect to the netlink/conntrack subsystem to add NAT information
@@ -2615,6 +2618,13 @@ spec:
                         expvar for system-probe agent
                       format: int32
                       type: integer
+                    enableOOMKill:
+                      description: EnableOOMKill enables the OOM kill eBPF-based check
+                      type: boolean
+                    enableTCPQueueLength:
+                      description: EnableTCPQueueLength enables the TCP queue length
+                        eBPF-based check
+                      type: boolean
                     enabled:
                       description: 'Enable this to activate live process monitoring.
                         Note: /etc/passwd is automatically mounted to allow username

diff --git a/deploy/crds/v1/datadoghq.com_datadogagents_crd.yaml b/deploy/crds/v1/datadoghq.com_datadogagents_crd.yaml
@@ -2691,6 +2691,9 @@ spec:
                       bpfDebugEnabled:
                         description: BPFDebugEnabled logging for kernel debug
                         type: boolean
+                      collectDNSStats:
+                        description: CollectDNSStats enables DNS stat collection
+                        type: boolean
                       conntrackEnabled:
                         description: 'ConntrackEnabled enable the system-probe agent
                           to connect to the netlink/conntrack subsystem to add NAT
@@ -2701,6 +2704,14 @@ spec:
                           expvar for system-probe agent
                         format: int32
                         type: integer
+                      enableOOMKill:
+                        description: EnableOOMKill enables the OOM kill eBPF-based
+                          check
+                        type: boolean
+                      enableTCPQueueLength:
+                        description: EnableTCPQueueLength enables the TCP queue length
+                          eBPF-based check
+                        type: boolean
                       enabled:
                         description: 'Enable this to activate live process monitoring.
                           Note: /etc/passwd is automatically mounted to allow username

diff --git a/deploy/crds/v1beta1/datadoghq.com_datadogagents_crd.yaml b/deploy/crds/v1beta1/datadoghq.com_datadogagents_crd.yaml
@@ -2605,6 +2605,9 @@ spec:
                     bpfDebugEnabled:
                       description: BPFDebugEnabled logging for kernel debug
                       type: boolean
+                    collectDNSStats:
+                      description: CollectDNSStats enables DNS stat collection
+                      type: boolean
                     conntrackEnabled:
                       description: 'ConntrackEnabled enable the system-probe agent
                         to connect to the netlink/conntrack subsystem to add NAT information
@@ -2615,6 +2618,13 @@ spec:
                         expvar for system-probe agent
                       format: int32
                       type: integer
+                    enableOOMKill:
+                      description: EnableOOMKill enables the OOM kill eBPF-based check
+                      type: boolean
+                    enableTCPQueueLength:
+                      description: EnableTCPQueueLength enables the TCP queue length
+                        eBPF-based check
+                      type: boolean
                     enabled:
                       description: 'Enable this to activate live process monitoring.
                         Note: /etc/passwd is automatically mounted to allow username

diff --git a/pkg/apis/datadoghq/v1alpha1/const.go b/pkg/apis/datadoghq/v1alpha1/const.go
@@ -145,6 +145,10 @@ const (
 	SystemProbeAgentSecurityVolumePath = "/etc/config"
 	SystemProbeSecCompRootVolumeName   = "seccomp-root"
 	SystemProbeSecCompRootVolumePath   = "/host/var/lib/kubelet/seccomp"
+	SystemProbeLibModulesVolumeName    = "modules"
+	SystemProbeLibModulesVolumePath    = "/lib/modules"
+	SystemProbeUsrSrcVolumeName        = "src"
+	SystemProbeUsrSrcVolumePath        = "/usr/src"
 	AgentCustomConfigVolumeName        = "custom-datadog-yaml"
 	AgentCustomConfigVolumePath        = "/etc/datadog-agent/datadog.yaml"
 	AgentCustomConfigVolumeSubPath     = "datadog.yaml"

diff --git a/pkg/apis/datadoghq/v1alpha1/datadogagent_types.go b/pkg/apis/datadoghq/v1alpha1/datadogagent_types.go
@@ -391,6 +391,15 @@ type SystemProbeSpec struct {
 	// DebugPort Specify the port to expose pprof and expvar for system-probe agent
 	DebugPort int32 `json:"debugPort,omitempty"`
 
+	// EnableTCPQueueLength enables the TCP queue length eBPF-based check
+	EnableTCPQueueLength *bool `json:"enableTCPQueueLength,omitempty"`
+
+	// EnableOOMKill enables the OOM kill eBPF-based check
+	EnableOOMKill *bool `json:"enableOOMKill,omitempty"`
+
+	// CollectDNSStats enables DNS stat collection
+	CollectDNSStats *bool `json:"collectDNSStats,omitempty"`
+
 	// The Datadog SystemProbe supports many environment variables
 	// Ref: https://docs.datadoghq.com/agent/docker/?tab=standard#environment-variables
 	//

diff --git a/pkg/apis/datadoghq/v1alpha1/test/new.go b/pkg/apis/datadoghq/v1alpha1/test/new.go
@@ -28,52 +28,54 @@ var (
 
 // NewDatadogAgentOptions set of option for the DatadogAgent creation
 type NewDatadogAgentOptions struct {
-	Labels                          map[string]string
-	Annotations                     map[string]string
-	Status                          *datadoghqv1alpha1.DatadogAgentStatus
-	UseEDS                          bool
-	ClusterAgentEnabled             bool
-	MetricsServerEnabled            bool
-	MetricsServerPort               int32
-	MetricsServerUseDatadogMetric   bool
-	MetricsServerWPAController      bool
-	ClusterChecksEnabled            bool
-	NodeAgentConfig                 *datadoghqv1alpha1.NodeAgentConfig
-	APMEnabled                      bool
-	ProcessEnabled                  bool
-	SystemProbeEnabled              bool
-	SystemProbeSeccompProfileName   string
-	SystemProbeAppArmorProfileName  string
-	Creds                           *datadoghqv1alpha1.AgentCredentials
-	ClusterName                     *string
-	Confd                           *datadoghqv1alpha1.ConfigDirSpec
-	Checksd                         *datadoghqv1alpha1.ConfigDirSpec
-	Volumes                         []corev1.Volume
-	VolumeMounts                    []corev1.VolumeMount
-	ClusterAgentVolumes             []corev1.Volume
-	ClusterAgentVolumeMounts        []corev1.VolumeMount
-	ClusterAgentEnvVars             []corev1.EnvVar
-	CustomConfig                    string
-	AgentDaemonsetName              string
-	ClusterAgentDeploymentName      string
-	ClusterChecksRunnerEnabled      bool
-	ClusterChecksRunnerVolumes      []corev1.Volume
-	ClusterChecksRunnerVolumeMounts []corev1.VolumeMount
-	ClusterChecksRunnerEnvVars      []corev1.EnvVar
-	APIKeyExistingSecret            string
-	APISecret                       *datadoghqv1alpha1.Secret
-	Site                            string
-	HostPort                        int32
-	HostNetwork                     bool
-	AdmissionControllerEnabled      bool
-	AdmissionMutateUnlabelled       bool
-	AdmissionServiceName            string
-	ComplianceEnabled               bool
-	ComplianceCheckInterval         time.Duration
-	ComplianceConfigDir             *datadoghqv1alpha1.ConfigDirSpec
-	RuntimeSecurityEnabled          bool
-	RuntimeSyscallMonitorEnabled    bool
-	RuntimePoliciesDir              *datadoghqv1alpha1.ConfigDirSpec
+	Labels                           map[string]string
+	Annotations                      map[string]string
+	Status                           *datadoghqv1alpha1.DatadogAgentStatus
+	UseEDS                           bool
+	ClusterAgentEnabled              bool
+	MetricsServerEnabled             bool
+	MetricsServerPort                int32
+	MetricsServerUseDatadogMetric    bool
+	MetricsServerWPAController       bool
+	ClusterChecksEnabled             bool
+	NodeAgentConfig                  *datadoghqv1alpha1.NodeAgentConfig
+	APMEnabled                       bool
+	ProcessEnabled                   bool
+	SystemProbeEnabled               bool
+	SystemProbeSeccompProfileName    string
+	SystemProbeAppArmorProfileName   string
+	SystemProbeTCPQueueLengthEnabled bool
+	SystemProbeOOMKillEnabled        bool
+	Creds                            *datadoghqv1alpha1.AgentCredentials
+	ClusterName                      *string
+	Confd                            *datadoghqv1alpha1.ConfigDirSpec
+	Checksd                          *datadoghqv1alpha1.ConfigDirSpec
+	Volumes                          []corev1.Volume
+	VolumeMounts                     []corev1.VolumeMount
+	ClusterAgentVolumes              []corev1.Volume
+	ClusterAgentVolumeMounts         []corev1.VolumeMount
+	ClusterAgentEnvVars              []corev1.EnvVar
+	CustomConfig                     string
+	AgentDaemonsetName               string
+	ClusterAgentDeploymentName       string
+	ClusterChecksRunnerEnabled       bool
+	ClusterChecksRunnerVolumes       []corev1.Volume
+	ClusterChecksRunnerVolumeMounts  []corev1.VolumeMount
+	ClusterChecksRunnerEnvVars       []corev1.EnvVar
+	APIKeyExistingSecret             string
+	APISecret                        *datadoghqv1alpha1.Secret
+	Site                             string
+	HostPort                         int32
+	HostNetwork                      bool
+	AdmissionControllerEnabled       bool
+	AdmissionMutateUnlabelled        bool
+	AdmissionServiceName             string
+	ComplianceEnabled                bool
+	ComplianceCheckInterval          time.Duration
+	ComplianceConfigDir              *datadoghqv1alpha1.ConfigDirSpec
+	RuntimeSecurityEnabled           bool
+	RuntimeSyscallMonitorEnabled     bool
+	RuntimePoliciesDir               *datadoghqv1alpha1.ConfigDirSpec
 }
 
 // NewDefaultedDatadogAgent returns an initialized and defaulted DatadogAgent for testing purpose
@@ -227,6 +229,14 @@ func NewDefaultedDatadogAgent(ns, name string, options *NewDatadogAgentOptions)
 			if options.SystemProbeSeccompProfileName != "" {
 				ad.Spec.Agent.SystemProbe.SecCompProfileName = options.SystemProbeSeccompProfileName
 			}
+
+			if options.SystemProbeTCPQueueLengthEnabled {
+				ad.Spec.Agent.SystemProbe.EnableTCPQueueLength = datadoghqv1alpha1.NewBoolPointer(true)
+			}
+
+			if options.SystemProbeOOMKillEnabled {
+				ad.Spec.Agent.SystemProbe.EnableOOMKill = datadoghqv1alpha1.NewBoolPointer(true)
+			}
 		}
 
 		if options.Creds != nil {

diff --git a/pkg/apis/datadoghq/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/datadoghq/v1alpha1/zz_generated.deepcopy.go