Skip to content

Commit

Permalink
[controllers/datadogagent] Mount certificates volume in DCA (#463)
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidor
davidor committed Apr 8, 2022
1 parent 383cc0a commit 714f762
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 0 deletions.
2 changes: 2 additions & 0 deletions apis/datadoghq/v1alpha1/const.go
View file
Expand Up @@ -135,6 +135,8 @@ const (
LogDatadogVolumePath = "/var/log/datadog"
TmpVolumeName = "tmp"
TmpVolumePath = "/tmp"
CertificatesVolumeName = "certificates"
CertificatesVolumePath = "/etc/datadog-agent/certificates"
APMSocketVolumeName = "apmsocket"
APMSocketVolumePath = "/var/run/datadog/apm"
InstallInfoVolumeName = "installinfo"
Expand Down
2 changes: 2 additions & 0 deletions controllers/datadogagent/clusteragent.go
View file
Expand Up @@ -354,6 +354,7 @@ func newClusterAgentPodTemplate(logger logr.Logger, dda *datadoghqv1alpha1.Datad
VolumeSource: confdVolumeSource,
},
getVolumeForLogs(),
getVolumeForCertificates(),

// /tmp is needed because some versions of the DCA (at least until
// 1.19.0) write to it.
Expand All @@ -377,6 +378,7 @@ func newClusterAgentPodTemplate(logger logr.Logger, dda *datadoghqv1alpha1.Datad
ReadOnly: true,
},
getVolumeMountForLogs(),
getVolumeMountForCertificates(),
getVolumeMountForTmp(),
}

Expand Down
7 changes: 7 additions & 0 deletions controllers/datadogagent/clusteragent_test.go
View file
Expand Up @@ -54,6 +54,7 @@ func clusterAgentDefaultPodSpec() v1.PodSpec {
{Name: "orchestrator-explorer-config", ReadOnly: true, MountPath: "/etc/datadog-agent/conf.d/orchestrator.d"},
{Name: "logdatadog", ReadOnly: false, MountPath: "/var/log/datadog"},
{Name: "tmp", ReadOnly: false, MountPath: "/tmp"},
{Name: "certificates", ReadOnly: false, MountPath: "/etc/datadog-agent/certificates"},
},
LivenessProbe: defaultLivenessProbe(),
ReadinessProbe: defaultReadinessProbe(),
Expand Down Expand Up @@ -100,6 +101,12 @@ func clusterAgentDefaultPodSpec() v1.PodSpec {
EmptyDir: &corev1.EmptyDirVolumeSource{},
},
},
{
Name: "certificates",
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{},
},
},
},
// To be uncommented when the cluster-agent Dockerfile will be updated to use a non-root user by default
// SecurityContext: &v1.PodSecurityContext{
Expand Down
17 changes: 17 additions & 0 deletions controllers/datadogagent/utils.go
View file
Expand Up @@ -1417,6 +1417,23 @@ func getVolumeMountForTmp() corev1.VolumeMount {
}
}

func getVolumeForCertificates() corev1.Volume {
return corev1.Volume{
Name: datadoghqv1alpha1.CertificatesVolumeName,
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{},
},
}
}

func getVolumeMountForCertificates() corev1.VolumeMount {
return corev1.VolumeMount{
Name: datadoghqv1alpha1.CertificatesVolumeName,
MountPath: datadoghqv1alpha1.CertificatesVolumePath,
ReadOnly: false,
}
}

func getSecCompRootPath(spec *datadoghqv1alpha1.SystemProbeSpec) string {
return spec.SecCompRootPath
}
Expand Down

0 comments on commit 714f762

Please sign in to comment.