Support KSMCore in DCA (#330)

api/v1alpha1/datadogagent_default.go

@@ -118,7 +118,7 @@ func DefaultDatadogAgent(dda *DatadogAgent) *DatadogAgentStatus {
 	dso.DefaultOverride.ClusterChecksRunner = *DefaultDatadogAgentSpecClusterChecksRunner(&dda.Spec.ClusterChecksRunner)
 
 	// Features
-	dso.DefaultOverride.Features = *DefaultFeatures(&dda.Spec.Features)
+	dso.DefaultOverride.Features = *DefaultFeatures(dda)
 
 	// Creds
 	if dda.Spec.Credentials == nil {
@@ -770,15 +770,24 @@ func DefaultDatadogAgentSpecAgentProcess(agent *DatadogAgentSpecAgentSpec) *Proc
 	return processOverride
 }
 
+func clusterChecksRunnerEnabled(dda *DatadogAgent) bool {
+	if dda.Spec.ClusterChecksRunner.Enabled != nil {
+		return *dda.Spec.ClusterChecksRunner.Enabled
+	}
+
+	return false
+}
+
 // DefaultFeatures used to initialized the Features' default values if necessary
-func DefaultFeatures(ft *DatadogFeatures) *DatadogFeatures {
+func DefaultFeatures(dda *DatadogAgent) *DatadogFeatures {
+	ft := &dda.Spec.Features
 	featureOverride := &DatadogFeatures{}
 
 	if orch := DefaultDatadogFeatureOrchestratorExplorer(ft); !IsEqualStruct(*orch, OrchestratorExplorerConfig{}) {
 		featureOverride.OrchestratorExplorer = orch
 	}
 
-	if ksm := DefaultDatadogFeatureKubeStateMetricsCore(ft); !IsEqualStruct(*ksm, KubeStateMetricsCore{}) {
+	if ksm := DefaultDatadogFeatureKubeStateMetricsCore(ft, clusterChecksRunnerEnabled(dda)); !IsEqualStruct(*ksm, KubeStateMetricsCore{}) {
 		featureOverride.KubeStateMetricsCore = ksm
 	}
 
@@ -825,17 +834,24 @@ func DefaultDatadogFeatureOrchestratorExplorer(ft *DatadogFeatures) *Orchestrato
 
 // DefaultDatadogFeatureKubeStateMetricsCore used to default the Kubernetes State Metrics core check
 // Disabled by default with no overridden configuration.
-func DefaultDatadogFeatureKubeStateMetricsCore(ft *DatadogFeatures) *KubeStateMetricsCore {
+func DefaultDatadogFeatureKubeStateMetricsCore(ft *DatadogFeatures, withClusterChecksRunner bool) *KubeStateMetricsCore {
 	if ft.KubeStateMetricsCore == nil {
-		ft.KubeStateMetricsCore = &KubeStateMetricsCore{Enabled: NewBoolPointer(defaultKubeStateMetricsCoreEnabled)}
+		ft.KubeStateMetricsCore = &KubeStateMetricsCore{
+			Enabled:      NewBoolPointer(defaultKubeStateMetricsCoreEnabled),
+			ClusterCheck: NewBoolPointer(withClusterChecksRunner),
+		}
 		return ft.KubeStateMetricsCore
 	}
 
 	if ft.KubeStateMetricsCore.Enabled == nil {
 		ft.KubeStateMetricsCore.Enabled = NewBoolPointer(defaultKubeStateMetricsCoreEnabled)
 	}
 
-	ksmCoreOverride := &KubeStateMetricsCore{Enabled: ft.KubeStateMetricsCore.Enabled}
+	if ft.KubeStateMetricsCore.ClusterCheck == nil {
+		ft.KubeStateMetricsCore.ClusterCheck = NewBoolPointer(withClusterChecksRunner)
+	}
+
+	ksmCoreOverride := &KubeStateMetricsCore{Enabled: ft.KubeStateMetricsCore.Enabled, ClusterCheck: ft.KubeStateMetricsCore.ClusterCheck}
 	return ksmCoreOverride
 }
 

api/v1alpha1/datadogagent_default_test.go

@@ -108,7 +108,7 @@ func TestDefaultFeatures(t *testing.T) {
 				OrchestratorExplorer: &OrchestratorExplorerConfig{
 					Enabled: NewBoolPointer(false),
 				},
-				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(false)},
+				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(false), ClusterCheck: NewBoolPointer(false)},
 				PrometheusScrape: &PrometheusScrapeConfig{
 					Enabled: NewBoolPointer(false),
 				},
@@ -121,7 +121,7 @@ func TestDefaultFeatures(t *testing.T) {
 				OrchestratorExplorer: &OrchestratorExplorerConfig{
 					Enabled: NewBoolPointer(false),
 				},
-				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(false)},
+				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(false), ClusterCheck: NewBoolPointer(false)},
 				PrometheusScrape: &PrometheusScrapeConfig{
 					Enabled: NewBoolPointer(false),
 				},
@@ -145,7 +145,7 @@ func TestDefaultFeatures(t *testing.T) {
 				OrchestratorExplorer: &OrchestratorExplorerConfig{
 					Enabled: NewBoolPointer(false),
 				},
-				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(false)},
+				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(false), ClusterCheck: NewBoolPointer(false)},
 				LogCollection: &LogCollectionConfig{
 					Enabled:                       NewBoolPointer(true),
 					LogsConfigContainerCollectAll: NewBoolPointer(false),
@@ -164,7 +164,7 @@ func TestDefaultFeatures(t *testing.T) {
 				OrchestratorExplorer: &OrchestratorExplorerConfig{
 					Enabled: NewBoolPointer(false),
 				},
-				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(false)},
+				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(false), ClusterCheck: NewBoolPointer(false)},
 				LogCollection: &LogCollectionConfig{
 					Enabled:                       NewBoolPointer(true),
 					LogsConfigContainerCollectAll: NewBoolPointer(false),
@@ -186,7 +186,7 @@ func TestDefaultFeatures(t *testing.T) {
 				OrchestratorExplorer: &OrchestratorExplorerConfig{
 					Scrubbing: &Scrubbing{Containers: NewBoolPointer(false)},
 				},
-				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(true)},
+				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(true), ClusterCheck: NewBoolPointer(true)},
 				LogCollection: &LogCollectionConfig{
 					LogsConfigContainerCollectAll: NewBoolPointer(false),
 					ContainerLogsPath:             NewStringPointer("/var/lib/docker/containers"),
@@ -201,7 +201,7 @@ func TestDefaultFeatures(t *testing.T) {
 				OrchestratorExplorer: &OrchestratorExplorerConfig{
 					Enabled: NewBoolPointer(true), // defaultOrchestratorExplorerEnabled
 				},
-				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(true)},
+				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(true), ClusterCheck: NewBoolPointer(true)},
 				LogCollection: &LogCollectionConfig{
 					Enabled: NewBoolPointer(false), // defaultLogEnabled
 				},
@@ -215,7 +215,7 @@ func TestDefaultFeatures(t *testing.T) {
 					Enabled:   NewBoolPointer(true), // defaultOrchestratorExplorerEnabled
 					Scrubbing: &Scrubbing{Containers: NewBoolPointer(false)},
 				},
-				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(true)},
+				KubeStateMetricsCore: &KubeStateMetricsCore{Enabled: NewBoolPointer(true), ClusterCheck: NewBoolPointer(true)},
 				LogCollection: &LogCollectionConfig{
 					Enabled:                       NewBoolPointer(false),
 					LogsConfigContainerCollectAll: NewBoolPointer(false),
@@ -232,9 +232,11 @@ func TestDefaultFeatures(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got := DefaultFeatures(&tt.ft)
+			dda := &DatadogAgent{}
+			dda.Spec.Features = tt.ft
+			got := DefaultFeatures(dda)
 			assert.True(t, IsEqualStruct(got, tt.overrideExpected), "TestDefaultFeatures override \ndiff = %s", cmp.Diff(got, tt.overrideExpected))
-			assert.True(t, IsEqualStruct(tt.ft, tt.internalDefaulted), "TestDefaultFeatures internal \ndiff = %s", cmp.Diff(tt.ft, tt.internalDefaulted))
+			assert.True(t, IsEqualStruct(dda.Spec.Features, tt.internalDefaulted), "TestDefaultFeatures internal \ndiff = %s", cmp.Diff(dda.Spec.Features, tt.internalDefaulted))
 		})
 	}
 }

api/v1alpha1/datadogagent_types.go

@@ -466,17 +466,21 @@ type ProcessSpec struct {
 }
 
 // KubeStateMetricsCore contains the required parameters to enable and override the configuration
-// of the Kubernetes State Metrics Core (aka v2.0.0) of the check.
+// of the Kubernetes State Metrics Core check.
 // +k8s:openapi-gen=true
 type KubeStateMetricsCore struct {
 	// Enable this to start the Kubernetes State Metrics Core check.
-	// Refer to https://github.com/DataDog/datadog-operator/blob/main/docs/kubernetes_state_metrics.md
+	// Refer to https://docs.datadoghq.com/integrations/kubernetes_state_core
 	// +optional
 	Enabled *bool `json:"enabled,omitempty"`
 
 	// To override the configuration for the default Kubernetes State Metrics Core check.
 	// Must point to a ConfigMap containing a valid cluster check configuration.
 	Conf *CustomConfigSpec `json:"conf,omitempty"`
+
+	// ClusterCheck configures the Kubernetes State Metrics Core check as a cluster check.
+	// +optional
+	ClusterCheck *bool `json:"clusterCheck,omitempty"`
 }
 
 // OrchestratorExplorerConfig contains the orchestrator explorer configuration.

config/crd/bases/v1/datadoghq.com_datadogagents.yaml

@@ -10404,6 +10404,10 @@ spec:
                   kubeStateMetricsCore:
                     description: KubeStateMetricsCore configuration.
                     properties:
+                      clusterCheck:
+                        description: ClusterCheck configures the Kubernetes State
+                          Metrics Core check as a cluster check.
+                        type: boolean
                       conf:
                         description: To override the configuration for the default
                           Kubernetes State Metrics Core check. Must point to a ConfigMap
@@ -10429,7 +10433,7 @@ spec:
                         type: object
                       enabled:
                         description: Enable this to start the Kubernetes State Metrics
-                          Core check. Refer to https://github.com/DataDog/datadog-operator/blob/main/docs/kubernetes_state_metrics.md
+                          Core check. Refer to https://docs.datadoghq.com/integrations/kubernetes_state_core
                         type: boolean
                     type: object
                   logCollection:
@@ -21473,6 +21477,10 @@ spec:
                       kubeStateMetricsCore:
                         description: KubeStateMetricsCore configuration.
                         properties:
+                          clusterCheck:
+                            description: ClusterCheck configures the Kubernetes State
+                              Metrics Core check as a cluster check.
+                            type: boolean
                           conf:
                             description: To override the configuration for the default
                               Kubernetes State Metrics Core check. Must point to a
@@ -21498,7 +21506,7 @@ spec:
                             type: object
                           enabled:
                             description: Enable this to start the Kubernetes State
-                              Metrics Core check. Refer to https://github.com/DataDog/datadog-operator/blob/main/docs/kubernetes_state_metrics.md
+                              Metrics Core check. Refer to https://docs.datadoghq.com/integrations/kubernetes_state_core
                             type: boolean
                         type: object
                       logCollection:

config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml

@@ -10056,6 +10056,10 @@ spec:
                 kubeStateMetricsCore:
                   description: KubeStateMetricsCore configuration.
                   properties:
+                    clusterCheck:
+                      description: ClusterCheck configures the Kubernetes State Metrics
+                        Core check as a cluster check.
+                      type: boolean
                     conf:
                       description: To override the configuration for the default Kubernetes
                         State Metrics Core check. Must point to a ConfigMap containing
@@ -10081,7 +10085,7 @@ spec:
                       type: object
                     enabled:
                       description: Enable this to start the Kubernetes State Metrics
-                        Core check. Refer to https://github.com/DataDog/datadog-operator/blob/main/docs/kubernetes_state_metrics.md
+                        Core check. Refer to https://docs.datadoghq.com/integrations/kubernetes_state_core
                       type: boolean
                   type: object
                 logCollection:
@@ -20754,6 +20758,10 @@ spec:
                     kubeStateMetricsCore:
                       description: KubeStateMetricsCore configuration.
                       properties:
+                        clusterCheck:
+                          description: ClusterCheck configures the Kubernetes State
+                            Metrics Core check as a cluster check.
+                          type: boolean
                         conf:
                           description: To override the configuration for the default
                             Kubernetes State Metrics Core check. Must point to a ConfigMap
@@ -20779,7 +20787,7 @@ spec:
                           type: object
                         enabled:
                           description: Enable this to start the Kubernetes State Metrics
-                            Core check. Refer to https://github.com/DataDog/datadog-operator/blob/main/docs/kubernetes_state_metrics.md
+                            Core check. Refer to https://docs.datadoghq.com/integrations/kubernetes_state_core
                           type: boolean
                       type: object
                     logCollection:

config/rbac/role.yaml

@@ -135,6 +135,13 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - replicationcontrollers
+  verbs:
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -184,6 +191,13 @@ rules:
   - mutatingwebhookconfigurations
   verbs:
   - '*'
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - list
+  - watch
 - apiGroups:
   - apiregistration.k8s.io
   resources:
@@ -237,6 +251,16 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - apps
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  verbs:
+  - list
+  - watch
 - apiGroups:
   - authentication.k8s.io
   resources:
@@ -322,6 +346,13 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - list
+  - watch
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -426,6 +457,13 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - list
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources:
@@ -561,3 +599,11 @@ rules:
   - securitycontextconstraints
   verbs:
   - use
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - volumeattachments
+  verbs:
+  - list
+  - watch

controllers/datadogagent/clusteragent.go

@@ -785,6 +785,17 @@ func (r *Reconciler) manageClusterAgentRBACs(logger logr.Logger, dda *datadoghqv
 		return reconcile.Result{}, err
 	}
 
+	clusterAgentSuffix := "cluster-agent"
+	if isKSMCoreEnabled(dda) && !isKSMCoreClusterCheck(dda) {
+		if result, err := r.createOrUpdateKubeStateMetricsCoreRBAC(logger, dda, serviceAccountName, clusterAgentVersion, clusterAgentSuffix); err != nil {
+			return result, err
+		}
+	} else {
+		if result, err := r.cleanupKubeStateMetricsCoreRBAC(logger, dda, clusterAgentSuffix); err != nil {
+			return result, err
+		}
+	}
+
 	metricsProviderEnabled := isMetricsProviderEnabled(dda.Spec.ClusterAgent)
 	// Create or delete HPA ClusterRoleBinding
 	hpaClusterRoleBindingName := getHPAClusterRoleBindingName(dda)