Improve support for environment autodiscovery by removing explicit se…

…tting of DOCKER_HOST by default with Agent 7.27+ (#303)
DataDog · Jun 1, 2021 · 62d4dc7 · 62d4dc7
1 parent 98b09f5
commit 62d4dc7
Show file tree

Hide file tree

Showing 11 changed files with 181 additions and 128 deletions.
diff --git a/LICENSE-3rdparty.csv b/LICENSE-3rdparty.csv
@@ -13,6 +13,7 @@ core,"github.com/DataDog/datadog-api-client-go/api/v1/datadog",Apache-2.0
 core,"github.com/DataDog/extendeddaemonset/api/v1alpha1",Apache-2.0
 core,"github.com/DataDog/extendeddaemonset/pkg/config",Apache-2.0
 core,"github.com/DataDog/extendeddaemonset/pkg/controller/metrics",Apache-2.0
+core,"github.com/Masterminds/semver/v3",MIT
 core,"github.com/PuerkitoBio/purell",NewBSD
 core,"github.com/PuerkitoBio/urlesc",NewBSD
 core,"github.com/andybalholm/brotli",MIT

diff --git a/api/v1alpha1/datadogagent_default.go b/api/v1alpha1/datadogagent_default.go
@@ -8,8 +8,10 @@ package v1alpha1
 import (
 	"fmt"
 	"path"
+	"strings"
 	"time"
 
+	"github.com/DataDog/datadog-operator/pkg/utils"
 	edsdatadoghqv1alpha1 "github.com/DataDog/extendeddaemonset/api/v1alpha1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -500,7 +502,7 @@ func DefaultDatadogAgentSpecAgent(agent *DatadogAgentSpecAgentSpec) *DatadogAgen
 	}
 
 	DefaultDatadogAgentSpecAgentImage(&agent.Image)
-	DefaultDatadogAgentSpecAgentConfig(&agent.Config)
+	DefaultDatadogAgentSpecAgentConfig(agent)
 	DefaultDatadogAgentSpecRbacConfig(&agent.Rbac)
 	agent.DeploymentStrategy = DefaultDatadogAgentSpecDatadogAgentStrategy(agent.DeploymentStrategy)
 	DefaultDatadogAgentSpecAgentApm(&agent.Apm)
@@ -534,52 +536,51 @@ func DefaultDatadogAgentSpecAgentImage(image *ImageConfig) *ImageConfig {
 
 // DefaultDatadogAgentSpecAgentConfig used to default a NodeAgentConfig
 // return the defaulted NodeAgentConfig
-func DefaultDatadogAgentSpecAgentConfig(config *NodeAgentConfig) *NodeAgentConfig {
-	if config == nil {
-		config = &NodeAgentConfig{}
+func DefaultDatadogAgentSpecAgentConfig(agent *DatadogAgentSpecAgentSpec) *NodeAgentConfig {
+	if agent.Config.LogLevel == nil {
+		agent.Config.LogLevel = NewStringPointer(DefaultLogLevel)
 	}
 
-	if config.LogLevel == nil {
-		config.LogLevel = NewStringPointer(DefaultLogLevel)
+	if agent.Config.CollectEvents == nil {
+		agent.Config.CollectEvents = NewBoolPointer(defaultCollectEvents)
 	}
 
-	if config.CollectEvents == nil {
-		config.CollectEvents = NewBoolPointer(defaultCollectEvents)
+	if agent.Config.LeaderElection == nil {
+		agent.Config.LeaderElection = NewBoolPointer(defaultLeaderElection)
 	}
 
-	if config.LeaderElection == nil {
-		config.LeaderElection = NewBoolPointer(defaultLeaderElection)
+	if agent.Config.Resources == nil {
+		agent.Config.Resources = &corev1.ResourceRequirements{}
 	}
 
-	if config.Resources == nil {
-		config.Resources = &corev1.ResourceRequirements{}
+	if agent.Config.CriSocket == nil {
+		agent.Config.CriSocket = &CRISocketConfig{}
 	}
 
-	if config.CriSocket == nil {
-		config.CriSocket = &CRISocketConfig{
-			DockerSocketPath: NewStringPointer(defaultDockerSocketPath),
+	// Don't default Docker/CRI paths with Agent >= 7.27.0
+	// Let Env AD do the work for us
+	agentTag := strings.TrimSuffix(utils.GetTagFromImageName(agent.Image.Name), "-jmx")
+	if !(agentTag == "latest" || utils.IsAboveMinVersion(agentTag, "7.27.0") || utils.IsAboveMinVersion(agentTag, "6.27.0")) {
+		if agent.Config.CriSocket.DockerSocketPath == nil && agent.Config.CriSocket.CriSocketPath == nil {
+			agent.Config.CriSocket.DockerSocketPath = NewStringPointer(defaultDockerSocketPath)
 		}
 	}
 
-	if config.CriSocket.DockerSocketPath == nil {
-		config.CriSocket.DockerSocketPath = NewStringPointer(defaultDockerSocketPath)
-	}
+	DefaultConfigDogstatsd(&agent.Config)
 
-	DefaultConfigDogstatsd(config)
-
-	if config.PodLabelsAsTags == nil {
-		config.PodLabelsAsTags = map[string]string{}
+	if agent.Config.PodLabelsAsTags == nil {
+		agent.Config.PodLabelsAsTags = map[string]string{}
 	}
 
-	if config.PodAnnotationsAsTags == nil {
-		config.PodAnnotationsAsTags = map[string]string{}
+	if agent.Config.PodAnnotationsAsTags == nil {
+		agent.Config.PodAnnotationsAsTags = map[string]string{}
 	}
 
-	if config.Tags == nil {
-		config.Tags = []string{}
+	if agent.Config.Tags == nil {
+		agent.Config.Tags = []string{}
 	}
 
-	return config
+	return &agent.Config
 }
 
 // DefaultConfigDogstatsd used to default Dogstatsd config in NodeAgentConfig

diff --git a/controllers/datadogagent/agent_test.go b/controllers/datadogagent/agent_test.go
@@ -802,10 +802,6 @@ func defaultEnvVars(extraEnv map[string]string) []corev1.EnvVar {
 			Name:      "DD_API_KEY",
 			ValueFrom: apiKeyValue(),
 		},
-		{
-			Name:  "DOCKER_HOST",
-			Value: "unix:///host/var/run/docker.sock",
-		},
 	}
 
 	if ddSite := createEnvFromExtra(extraEnv, "DD_SITE"); ddSite != nil {
@@ -856,10 +852,6 @@ func defaultAPMContainerEnvVars() []corev1.EnvVar {
 			Name:      "DD_API_KEY",
 			ValueFrom: apiKeyValue(),
 		},
-		{
-			Name:  "DOCKER_HOST",
-			Value: "unix:///host/var/run/docker.sock",
-		},
 	}
 }
 
@@ -881,10 +873,6 @@ func defaultSystemProbeEnvVars() []corev1.EnvVar {
 				},
 			},
 		},
-		{
-			Name:  "DOCKER_HOST",
-			Value: "unix:///host/var/run/docker.sock",
-		},
 	}
 }
 
@@ -947,10 +935,6 @@ func securityAgentEnvVars(compliance, runtime bool, extraEnv map[string]string)
 			Name:      "DD_API_KEY",
 			ValueFrom: apiKeyValue(),
 		},
-		{
-			Name:  "DOCKER_HOST",
-			Value: "unix:///host/var/run/docker.sock",
-		},
 	}...)
 
 	if ddSite := createEnvFromExtra(extraEnv, "DD_SITE"); ddSite != nil {
@@ -1416,10 +1400,6 @@ func defaultOrchestratorEnvVars(dda *datadoghqv1alpha1.DatadogAgent) []corev1.En
 			Name:      "DD_API_KEY",
 			ValueFrom: apiKeyValue(),
 		},
-		{
-			Name:  "DOCKER_HOST",
-			Value: "unix:///host/var/run/docker.sock",
-		},
 	}
 	orchestratorEnvs, _ := orchestrator.EnvVars(&explorerConfig)
 	newVars = append(newVars, orchestratorEnvs...)
@@ -1729,10 +1709,6 @@ func customKubeletConfigPodSpec(kubeletConfig *datadoghqv1alpha1.KubeletConfig)
 			Name:      "DD_API_KEY",
 			ValueFrom: apiKeyValue(),
 		},
-		{
-			Name:  "DOCKER_HOST",
-			Value: "unix:///host/var/run/docker.sock",
-		},
 	}
 
 	return corev1.PodSpec{

diff --git a/controllers/datadogagent/controller_test.go b/controllers/datadogagent/controller_test.go
@@ -623,9 +623,11 @@ func TestReconcileDatadogAgent_Reconcile(t *testing.T) {
 							ClusterAgentEnabled: false,
 							UseEDS:              false,
 							Labels:              map[string]string{"label-foo-key": "label-bar-value"},
-							NodeAgentConfig: datadoghqv1alpha1.DefaultDatadogAgentSpecAgentConfig(&datadoghqv1alpha1.NodeAgentConfig{
-								SecurityContext: &corev1.PodSecurityContext{
-									RunAsUser: datadoghqv1alpha1.NewInt64Pointer(100),
+							NodeAgentConfig: datadoghqv1alpha1.DefaultDatadogAgentSpecAgentConfig(&datadoghqv1alpha1.DatadogAgentSpecAgentSpec{
+								Config: datadoghqv1alpha1.NodeAgentConfig{
+									SecurityContext: &corev1.PodSecurityContext{
+										RunAsUser: datadoghqv1alpha1.NewInt64Pointer(100),
+									},
 								},
 							}),
 						})

diff --git a/controllers/datadogagent/utils.go b/controllers/datadogagent/utils.go
@@ -40,6 +40,7 @@ const (
 	externalMetricsReaderName string = "%s-metrics-reader"
 	localDogstatsdSocketPath  string = "/var/run/datadog/statsd"
 	localAPMSocketPath        string = "/var/run/datadog/apm"
+	defaultRuntimeDir         string = "/var/run"
 )
 
 func init() {
@@ -591,7 +592,8 @@ func getEnvVarsCommon(dda *datadoghqv1alpha1.DatadogAgent, needAPIKey bool) ([]c
 				Name:  datadoghqv1alpha1.DDCriSocketPath,
 				Value: filepath.Join(datadoghqv1alpha1.HostCriSocketPathPrefix, *dda.Spec.Agent.Config.CriSocket.CriSocketPath),
 			})
-		} else if dda.Spec.Agent.Config.CriSocket.DockerSocketPath != nil {
+		}
+		if dda.Spec.Agent.Config.CriSocket.DockerSocketPath != nil {
 			envVars = append(envVars, corev1.EnvVar{
 				Name:  datadoghqv1alpha1.DockerHost,
 				Value: "unix://" + filepath.Join(datadoghqv1alpha1.HostCriSocketPathPrefix, *dda.Spec.Agent.Config.CriSocket.DockerSocketPath),
@@ -907,25 +909,27 @@ func getVolumesForAgent(dda *datadoghqv1alpha1.DatadogAgent) []corev1.Volume {
 		volumes = append(volumes, dsdsocketVolume)
 	}
 
+	runtimeVolume := corev1.Volume{
+		Name: datadoghqv1alpha1.CriSocketVolumeName,
+		VolumeSource: corev1.VolumeSource{
+			HostPath: &corev1.HostPathVolumeSource{
+				Path: "",
+			},
+		},
+	}
+
 	if dda.Spec.Agent.Config.CriSocket != nil {
-		path := ""
 		if dda.Spec.Agent.Config.CriSocket.DockerSocketPath != nil {
-			path = *dda.Spec.Agent.Config.CriSocket.DockerSocketPath
+			runtimeVolume.VolumeSource.HostPath.Path = *dda.Spec.Agent.Config.CriSocket.DockerSocketPath
 		} else if dda.Spec.Agent.Config.CriSocket.CriSocketPath != nil {
-			path = *dda.Spec.Agent.Config.CriSocket.CriSocketPath
-		}
-		if path != "" {
-			criVolume := corev1.Volume{
-				Name: datadoghqv1alpha1.CriSocketVolumeName,
-				VolumeSource: corev1.VolumeSource{
-					HostPath: &corev1.HostPathVolumeSource{
-						Path: filepath.Dir(path),
-					},
-				},
-			}
-			volumes = append(volumes, criVolume)
+			runtimeVolume.VolumeSource.HostPath.Path = *dda.Spec.Agent.Config.CriSocket.CriSocketPath
 		}
 	}
+	if runtimeVolume.VolumeSource.HostPath.Path == "" {
+		runtimeVolume.VolumeSource.HostPath.Path = defaultRuntimeDir
+	}
+	volumes = append(volumes, runtimeVolume)
+
 	if shouldAddProcessContainer(dda) || isComplianceEnabled(&dda.Spec) {
 		passwdVolume := corev1.Volume{
 			Name: datadoghqv1alpha1.PasswdVolumeName,
@@ -1266,21 +1270,7 @@ func getVolumeMountsForAgent(dda *datadoghqv1alpha1.DatadogAgent) []corev1.Volum
 	volumeMounts = append(volumeMounts, getVolumeMountForConfig(dda.Spec.Agent.CustomConfig)...)
 
 	// Cri socket volume
-	if dda.Spec.Agent.Config.CriSocket != nil {
-		path := ""
-		if dda.Spec.Agent.Config.CriSocket.DockerSocketPath != nil {
-			path = *dda.Spec.Agent.Config.CriSocket.DockerSocketPath
-		} else if dda.Spec.Agent.Config.CriSocket.CriSocketPath != nil {
-			path = *dda.Spec.Agent.Config.CriSocket.CriSocketPath
-		}
-		if path != "" {
-			volumeMounts = append(volumeMounts, corev1.VolumeMount{
-				Name:      datadoghqv1alpha1.CriSocketVolumeName,
-				MountPath: filepath.Join(datadoghqv1alpha1.HostCriSocketPathPrefix, filepath.Dir(path)),
-				ReadOnly:  true,
-			})
-		}
-	}
+	volumeMounts = append(volumeMounts, getVolumeMountForRuntimeSockets(dda.Spec.Agent.Config.CriSocket))
 
 	// Dogstatsd volume
 	if datadoghqv1alpha1.BoolValue(dda.Spec.Agent.Config.Dogstatsd.UnixDomainSocket.Enabled) {
@@ -1372,6 +1362,29 @@ func getVolumeMountForChecksd() corev1.VolumeMount {
 	}
 }
 
+func getVolumeMountForRuntimeSockets(criSocket *datadoghqv1alpha1.CRISocketConfig) corev1.VolumeMount {
+	var socketPath string
+	if criSocket != nil {
+		if criSocket.DockerSocketPath != nil {
+			socketPath = *criSocket.DockerSocketPath
+		} else if criSocket.CriSocketPath != nil {
+			socketPath = *criSocket.CriSocketPath
+		}
+	}
+
+	if socketPath == "" {
+		socketPath = defaultRuntimeDir
+	} else {
+		socketPath = filepath.Dir(socketPath)
+	}
+
+	return corev1.VolumeMount{
+		Name:      datadoghqv1alpha1.CriSocketVolumeName,
+		MountPath: filepath.Join(datadoghqv1alpha1.HostCriSocketPathPrefix, socketPath),
+		ReadOnly:  true,
+	}
+}
+
 // getVolumeMountsForAgent defines mounted volumes for the Process Agent
 func getVolumeMountsForProcessAgent(dda *datadoghqv1alpha1.DatadogAgent) []corev1.VolumeMount {
 	// Default mounted volumes
@@ -1406,21 +1419,7 @@ func getVolumeMountsForProcessAgent(dda *datadoghqv1alpha1.DatadogAgent) []corev
 	volumeMounts = append(volumeMounts, getVolumeMountForConfig(dda.Spec.Agent.CustomConfig)...)
 
 	// Cri socket volume
-	if dda.Spec.Agent.Config.CriSocket != nil {
-		path := ""
-		if dda.Spec.Agent.Config.CriSocket.DockerSocketPath != nil {
-			path = *dda.Spec.Agent.Config.CriSocket.DockerSocketPath
-		} else if dda.Spec.Agent.Config.CriSocket.CriSocketPath != nil {
-			path = *dda.Spec.Agent.Config.CriSocket.CriSocketPath
-		}
-		if path != "" {
-			volumeMounts = append(volumeMounts, corev1.VolumeMount{
-				Name:      datadoghqv1alpha1.CriSocketVolumeName,
-				MountPath: filepath.Join(datadoghqv1alpha1.HostCriSocketPathPrefix, filepath.Dir(path)),
-				ReadOnly:  true,
-			})
-		}
-	}
+	volumeMounts = append(volumeMounts, getVolumeMountForRuntimeSockets(dda.Spec.Agent.Config.CriSocket))
 
 	if datadoghqv1alpha1.BoolValue(dda.Spec.Agent.SystemProbe.Enabled) {
 		volumeMounts = append(volumeMounts, []corev1.VolumeMount{
@@ -1596,28 +1595,15 @@ func getVolumeMountsForSecurityAgent(dda *datadoghqv1alpha1.DatadogAgent) []core
 	volumeMounts = append(volumeMounts, spec.Agent.Security.VolumeMounts...)
 
 	// Cri socket volume
-	if spec.Agent.Config.CriSocket != nil {
-		path := ""
-		if spec.Agent.Config.CriSocket.DockerSocketPath != nil {
-			path = *spec.Agent.Config.CriSocket.DockerSocketPath
-		} else if spec.Agent.Config.CriSocket.CriSocketPath != nil {
-			path = *spec.Agent.Config.CriSocket.CriSocketPath
-		}
-		if path != "" {
-			volumeMounts = append(volumeMounts, corev1.VolumeMount{
-				Name:      datadoghqv1alpha1.CriSocketVolumeName,
-				MountPath: filepath.Join(datadoghqv1alpha1.HostCriSocketPathPrefix, filepath.Dir(path)),
-				ReadOnly:  true,
-			})
-			if complianceEnabled {
-				// Additional mount for runtime socket under hostroot
-				volumeMounts = append(volumeMounts, corev1.VolumeMount{
-					Name:      datadoghqv1alpha1.CriSocketVolumeName,
-					MountPath: filepath.Join(datadoghqv1alpha1.HostRootVolumePath, filepath.Dir(path)),
-					ReadOnly:  true,
-				})
-			}
-		}
+	runtimeVolume := getVolumeMountForRuntimeSockets(dda.Spec.Agent.Config.CriSocket)
+	volumeMounts = append(volumeMounts, runtimeVolume)
+	if complianceEnabled {
+		// Additional mount for runtime socket under hostroot
+		volumeMounts = append(volumeMounts, corev1.VolumeMount{
+			Name:      datadoghqv1alpha1.CriSocketVolumeName,
+			MountPath: strings.Replace(runtimeVolume.MountPath, datadoghqv1alpha1.HostCriSocketPathPrefix, datadoghqv1alpha1.HostRootVolumePath, 1),
+			ReadOnly:  true,
+		})
 	}
 
 	if runtimeEnabled {