[v0.7] Backport clusterRoles and clusterRoleBindings fixes (#361)

controllers/datadogagent/agent.go

@@ -379,7 +379,7 @@ func buildAgentNetworkPolicy(dda *datadoghqv1alpha1.DatadogAgent, name string) *
 			PodSelector: metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					kubernetes.AppKubernetesInstanceLabelKey: datadoghqv1alpha1.DefaultAgentResourceSuffix,
-					kubernetes.AppKubernetesPartOfLabelKey:   dda.Name,
+					kubernetes.AppKubernetesPartOfLabelKey:   dda.Namespace + "-" + dda.Name,
 				},
 			},
 			Ingress: ingressRules,

controllers/datadogagent/clusteragent.go

@@ -923,9 +923,6 @@ func (r *Reconciler) manageClusterAgentRBACs(logger logr.Logger, dda *datadoghqv
 
 func (r *Reconciler) createClusterAgentClusterRole(logger logr.Logger, dda *datadoghqv1alpha1.DatadogAgent, name, agentVersion string) (reconcile.Result, error) {
 	clusterRole := buildClusterAgentClusterRole(dda, name, agentVersion)
-	if err := SetOwnerReference(dda, clusterRole, r.scheme); err != nil {
-		return reconcile.Result{}, err
-	}
 	logger.V(1).Info("createClusterAgentClusterRole", "clusterRole.name", clusterRole.Name)
 	event := buildEventInfo(clusterRole.Name, clusterRole.Namespace, clusterRoleKind, datadog.CreationEvent)
 	r.recordEvent(dda, event)
@@ -945,9 +942,6 @@ func (r *Reconciler) createClusterAgentRole(logger logr.Logger, dda *datadoghqv1
 
 func (r *Reconciler) createAgentClusterRole(logger logr.Logger, dda *datadoghqv1alpha1.DatadogAgent, name, agentVersion string) (reconcile.Result, error) {
 	clusterRole := buildAgentClusterRole(dda, name, agentVersion)
-	if err := SetOwnerReference(dda, clusterRole, r.scheme); err != nil {
-		return reconcile.Result{}, err
-	}
 	logger.V(1).Info("createAgentClusterRole", "clusterRole.name", clusterRole.Name)
 	event := buildEventInfo(clusterRole.Name, clusterRole.Namespace, clusterRoleKind, datadog.CreationEvent)
 	r.recordEvent(dda, event)
@@ -957,9 +951,6 @@ func (r *Reconciler) createAgentClusterRole(logger logr.Logger, dda *datadoghqv1
 
 func (r *Reconciler) createClusterCheckRunnerClusterRole(logger logr.Logger, dda *datadoghqv1alpha1.DatadogAgent, name, agentVersion string) (reconcile.Result, error) {
 	clusterRole := buildClusterCheckRunnerClusterRole(dda, name, agentVersion)
-	if err := SetOwnerReference(dda, clusterRole, r.scheme); err != nil {
-		return reconcile.Result{}, err
-	}
 	logger.V(1).Info("createAgentClusterRole", "clusterRole.name", clusterRole.Name)
 	event := buildEventInfo(clusterRole.Name, clusterRole.Namespace, clusterRoleKind, datadog.CreationEvent)
 	r.recordEvent(dda, event)
@@ -1535,7 +1526,7 @@ func buildClusterAgentNetworkPolicy(dda *datadoghqv1alpha1.DatadogAgent, name st
 					PodSelector: &metav1.LabelSelector{
 						MatchLabels: map[string]string{
 							kubernetes.AppKubernetesInstanceLabelKey: datadoghqv1alpha1.DefaultAgentResourceSuffix,
-							kubernetes.AppKubernetesPartOfLabelKey:   dda.Name,
+							kubernetes.AppKubernetesPartOfLabelKey:   dda.Namespace + "-" + dda.Name,
 						},
 					},
 				},
@@ -1558,7 +1549,7 @@ func buildClusterAgentNetworkPolicy(dda *datadoghqv1alpha1.DatadogAgent, name st
 					PodSelector: &metav1.LabelSelector{
 						MatchLabels: map[string]string{
 							kubernetes.AppKubernetesInstanceLabelKey: datadoghqv1alpha1.DefaultClusterChecksRunnerResourceSuffix,
-							kubernetes.AppKubernetesPartOfLabelKey:   dda.Name,
+							kubernetes.AppKubernetesPartOfLabelKey:   dda.Namespace + "-" + dda.Name,
 						},
 					},
 				},
@@ -1589,7 +1580,7 @@ func buildClusterAgentNetworkPolicy(dda *datadoghqv1alpha1.DatadogAgent, name st
 			PodSelector: metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					kubernetes.AppKubernetesInstanceLabelKey: datadoghqv1alpha1.DefaultClusterAgentResourceSuffix,
-					kubernetes.AppKubernetesPartOfLabelKey:   dda.Name,
+					kubernetes.AppKubernetesPartOfLabelKey:   dda.Namespace + "-" + dda.Name,
 				},
 			},
 			Ingress: ingressRules,

controllers/datadogagent/clusteragent_test.go

@@ -225,7 +225,7 @@ func Test_newClusterAgentDeploymentFromInstance(t *testing.T) {
 						"app.kubernetes.io/instance":    "cluster-agent",
 						"app.kubernetes.io/managed-by":  "datadog-operator",
 						"app.kubernetes.io/name":        "datadog-agent-deployment",
-						"app.kubernetes.io/part-of":     "foo",
+						"app.kubernetes.io/part-of":     "bar-foo",
 						"app.kubernetes.io/version":     "",
 					},
 					Annotations: map[string]string{},
@@ -239,7 +239,7 @@ func Test_newClusterAgentDeploymentFromInstance(t *testing.T) {
 								"app.kubernetes.io/instance":    "cluster-agent",
 								"app.kubernetes.io/managed-by":  "datadog-operator",
 								"app.kubernetes.io/name":        "datadog-agent-deployment",
-								"app.kubernetes.io/part-of":     "foo",
+								"app.kubernetes.io/part-of":     "bar-foo",
 								"app.kubernetes.io/version":     "",
 							},
 							Annotations: map[string]string{},
@@ -271,7 +271,7 @@ func Test_newClusterAgentDeploymentFromInstance(t *testing.T) {
 						"app.kubernetes.io/instance":    "cluster-agent",
 						"app.kubernetes.io/managed-by":  "datadog-operator",
 						"app.kubernetes.io/name":        "datadog-agent-deployment",
-						"app.kubernetes.io/part-of":     "foo",
+						"app.kubernetes.io/part-of":     "bar-foo",
 						"app.kubernetes.io/version":     "",
 					},
 					Annotations: map[string]string{},
@@ -285,7 +285,7 @@ func Test_newClusterAgentDeploymentFromInstance(t *testing.T) {
 								"app.kubernetes.io/instance":    "cluster-agent",
 								"app.kubernetes.io/managed-by":  "datadog-operator",
 								"app.kubernetes.io/name":        "datadog-agent-deployment",
-								"app.kubernetes.io/part-of":     "foo",
+								"app.kubernetes.io/part-of":     "bar-foo",
 								"app.kubernetes.io/version":     "",
 							},
 							Annotations: map[string]string{},
@@ -317,7 +317,7 @@ func Test_newClusterAgentDeploymentFromInstance(t *testing.T) {
 						"app.kubernetes.io/instance":    "cluster-agent",
 						"app.kubernetes.io/managed-by":  "datadog-operator",
 						"app.kubernetes.io/name":        "datadog-agent-deployment",
-						"app.kubernetes.io/part-of":     "foo",
+						"app.kubernetes.io/part-of":     "bar-foo",
 						"app.kubernetes.io/version":     "",
 					},
 					Annotations: map[string]string{},
@@ -331,7 +331,7 @@ func Test_newClusterAgentDeploymentFromInstance(t *testing.T) {
 								"app.kubernetes.io/instance":    "cluster-agent",
 								"app.kubernetes.io/managed-by":  "datadog-operator",
 								"app.kubernetes.io/name":        "datadog-agent-deployment",
-								"app.kubernetes.io/part-of":     "foo",
+								"app.kubernetes.io/part-of":     "bar-foo",
 								"app.kubernetes.io/version":     "",
 							},
 							Annotations: map[string]string{},
@@ -377,7 +377,7 @@ func Test_newClusterAgentDeploymentFromInstance(t *testing.T) {
 						"app.kubernetes.io/instance":    "cluster-agent",
 						"app.kubernetes.io/managed-by":  "datadog-operator",
 						"app.kubernetes.io/name":        "datadog-agent-deployment",
-						"app.kubernetes.io/part-of":     "foo",
+						"app.kubernetes.io/part-of":     "bar-foo",
 						"app.kubernetes.io/version":     "",
 					},
 					Annotations: map[string]string{},
@@ -391,7 +391,7 @@ func Test_newClusterAgentDeploymentFromInstance(t *testing.T) {
 								"app.kubernetes.io/instance":    "cluster-agent",
 								"app.kubernetes.io/managed-by":  "datadog-operator",
 								"app.kubernetes.io/name":        "datadog-agent-deployment",
-								"app.kubernetes.io/part-of":     "foo",
+								"app.kubernetes.io/part-of":     "bar-foo",
 								"app.kubernetes.io/version":     "",
 							},
 							Annotations: map[string]string{},
@@ -499,7 +499,7 @@ func Test_newClusterAgentDeploymentMountKSMCore(t *testing.T) {
 					"app.kubernetes.io/instance":    "cluster-agent",
 					"app.kubernetes.io/managed-by":  "datadog-operator",
 					"app.kubernetes.io/name":        "datadog-agent-deployment",
-					"app.kubernetes.io/part-of":     "foo",
+					"app.kubernetes.io/part-of":     "bar-foo",
 					"app.kubernetes.io/version":     "",
 				},
 				Annotations: map[string]string{},
@@ -513,7 +513,7 @@ func Test_newClusterAgentDeploymentMountKSMCore(t *testing.T) {
 							"app.kubernetes.io/instance":    "cluster-agent",
 							"app.kubernetes.io/managed-by":  "datadog-operator",
 							"app.kubernetes.io/name":        "datadog-agent-deployment",
-							"app.kubernetes.io/part-of":     "foo",
+							"app.kubernetes.io/part-of":     "bar-foo",
 							"app.kubernetes.io/version":     "",
 						},
 						Annotations: map[string]string{},
@@ -565,7 +565,7 @@ func Test_newClusterAgentPrometheusScrapeEnabled(t *testing.T) {
 					"app.kubernetes.io/instance":    "cluster-agent",
 					"app.kubernetes.io/managed-by":  "datadog-operator",
 					"app.kubernetes.io/name":        "datadog-agent-deployment",
-					"app.kubernetes.io/part-of":     "foo",
+					"app.kubernetes.io/part-of":     "bar-foo",
 					"app.kubernetes.io/version":     "",
 				},
 				Annotations: map[string]string{},
@@ -579,7 +579,7 @@ func Test_newClusterAgentPrometheusScrapeEnabled(t *testing.T) {
 							"app.kubernetes.io/instance":    "cluster-agent",
 							"app.kubernetes.io/managed-by":  "datadog-operator",
 							"app.kubernetes.io/name":        "datadog-agent-deployment",
-							"app.kubernetes.io/part-of":     "foo",
+							"app.kubernetes.io/part-of":     "bar-foo",
 							"app.kubernetes.io/version":     "",
 						},
 						Annotations: map[string]string{},
@@ -644,7 +644,7 @@ func Test_newClusterAgentDeploymentFromInstance_UserVolumes(t *testing.T) {
 					"app.kubernetes.io/instance":    "cluster-agent",
 					"app.kubernetes.io/managed-by":  "datadog-operator",
 					"app.kubernetes.io/name":        "datadog-agent-deployment",
-					"app.kubernetes.io/part-of":     "foo",
+					"app.kubernetes.io/part-of":     "bar-foo",
 					"app.kubernetes.io/version":     "",
 				},
 				Annotations: map[string]string{},
@@ -658,7 +658,7 @@ func Test_newClusterAgentDeploymentFromInstance_UserVolumes(t *testing.T) {
 							"app.kubernetes.io/instance":    "cluster-agent",
 							"app.kubernetes.io/managed-by":  "datadog-operator",
 							"app.kubernetes.io/name":        "datadog-agent-deployment",
-							"app.kubernetes.io/part-of":     "foo",
+							"app.kubernetes.io/part-of":     "bar-foo",
 							"app.kubernetes.io/version":     "",
 						},
 						Annotations: map[string]string{},
@@ -720,7 +720,7 @@ func Test_newClusterAgentDeploymentFromInstance_EnvVars(t *testing.T) {
 					"app.kubernetes.io/instance":    "cluster-agent",
 					"app.kubernetes.io/managed-by":  "datadog-operator",
 					"app.kubernetes.io/name":        "datadog-agent-deployment",
-					"app.kubernetes.io/part-of":     "foo",
+					"app.kubernetes.io/part-of":     "bar-foo",
 					"app.kubernetes.io/version":     "",
 				},
 				Annotations: map[string]string{},
@@ -734,7 +734,7 @@ func Test_newClusterAgentDeploymentFromInstance_EnvVars(t *testing.T) {
 							"app.kubernetes.io/instance":    "cluster-agent",
 							"app.kubernetes.io/managed-by":  "datadog-operator",
 							"app.kubernetes.io/name":        "datadog-agent-deployment",
-							"app.kubernetes.io/part-of":     "foo",
+							"app.kubernetes.io/part-of":     "bar-foo",
 							"app.kubernetes.io/version":     "",
 						},
 						Annotations: map[string]string{},
@@ -786,7 +786,7 @@ func Test_newClusterAgentDeploymentFromInstance_CustomDeploymentName(t *testing.
 					"app.kubernetes.io/instance":    "cluster-agent",
 					"app.kubernetes.io/managed-by":  "datadog-operator",
 					"app.kubernetes.io/name":        "datadog-agent-deployment",
-					"app.kubernetes.io/part-of":     "foo",
+					"app.kubernetes.io/part-of":     "bar-foo",
 					"app.kubernetes.io/version":     "",
 					"app":                           "datadog-monitoring",
 				},
@@ -801,7 +801,7 @@ func Test_newClusterAgentDeploymentFromInstance_CustomDeploymentName(t *testing.
 							"app.kubernetes.io/instance":    "cluster-agent",
 							"app.kubernetes.io/managed-by":  "datadog-operator",
 							"app.kubernetes.io/name":        "datadog-agent-deployment",
-							"app.kubernetes.io/part-of":     "foo",
+							"app.kubernetes.io/part-of":     "bar-foo",
 							"app.kubernetes.io/version":     "",
 							"app":                           "datadog-monitoring",
 						},
@@ -964,7 +964,7 @@ func Test_newClusterAgentDeploymentFromInstance_MetricsServer(t *testing.T) {
 						"app.kubernetes.io/instance":    "cluster-agent",
 						"app.kubernetes.io/managed-by":  "datadog-operator",
 						"app.kubernetes.io/name":        "datadog-agent-deployment",
-						"app.kubernetes.io/part-of":     "foo",
+						"app.kubernetes.io/part-of":     "bar-foo",
 						"app.kubernetes.io/version":     "",
 						"app":                           "datadog-monitoring",
 					},
@@ -979,7 +979,7 @@ func Test_newClusterAgentDeploymentFromInstance_MetricsServer(t *testing.T) {
 								"app.kubernetes.io/instance":    "cluster-agent",
 								"app.kubernetes.io/managed-by":  "datadog-operator",
 								"app.kubernetes.io/name":        "datadog-agent-deployment",
-								"app.kubernetes.io/part-of":     "foo",
+								"app.kubernetes.io/part-of":     "bar-foo",
 								"app.kubernetes.io/version":     "",
 								"app":                           "datadog-monitoring",
 							},
@@ -1016,7 +1016,7 @@ func Test_newClusterAgentDeploymentFromInstance_MetricsServer(t *testing.T) {
 						"app.kubernetes.io/instance":    "cluster-agent",
 						"app.kubernetes.io/managed-by":  "datadog-operator",
 						"app.kubernetes.io/name":        "datadog-agent-deployment",
-						"app.kubernetes.io/part-of":     "foo",
+						"app.kubernetes.io/part-of":     "bar-foo",
 						"app.kubernetes.io/version":     "",
 						"app":                           "datadog-monitoring",
 					},
@@ -1031,7 +1031,7 @@ func Test_newClusterAgentDeploymentFromInstance_MetricsServer(t *testing.T) {
 								"app.kubernetes.io/instance":    "cluster-agent",
 								"app.kubernetes.io/managed-by":  "datadog-operator",
 								"app.kubernetes.io/name":        "datadog-agent-deployment",
-								"app.kubernetes.io/part-of":     "foo",
+								"app.kubernetes.io/part-of":     "bar-foo",
 								"app.kubernetes.io/version":     "",
 								"app":                           "datadog-monitoring",
 							},
@@ -1059,7 +1059,7 @@ func Test_newClusterAgentDeploymentFromInstance_AdmissionController(t *testing.T
 		"app.kubernetes.io/instance":    "cluster-agent",
 		"app.kubernetes.io/managed-by":  "datadog-operator",
 		"app.kubernetes.io/name":        "datadog-agent-deployment",
-		"app.kubernetes.io/part-of":     "foo",
+		"app.kubernetes.io/part-of":     "bar-foo",
 		"app.kubernetes.io/version":     "",
 		"app":                           "datadog-monitoring",
 	}
@@ -1190,7 +1190,7 @@ func Test_newClusterAgentDeploymentFromInstance_UserProvidedSecret(t *testing.T)
 						"app.kubernetes.io/instance":    "cluster-agent",
 						"app.kubernetes.io/managed-by":  "datadog-operator",
 						"app.kubernetes.io/name":        "datadog-agent-deployment",
-						"app.kubernetes.io/part-of":     "foo",
+						"app.kubernetes.io/part-of":     "bar-foo",
 						"app.kubernetes.io/version":     "",
 					},
 					Annotations: map[string]string{},
@@ -1204,7 +1204,7 @@ func Test_newClusterAgentDeploymentFromInstance_UserProvidedSecret(t *testing.T)
 								"app.kubernetes.io/instance":    "cluster-agent",
 								"app.kubernetes.io/managed-by":  "datadog-operator",
 								"app.kubernetes.io/name":        "datadog-agent-deployment",
-								"app.kubernetes.io/part-of":     "foo",
+								"app.kubernetes.io/part-of":     "bar-foo",
 								"app.kubernetes.io/version":     "",
 							},
 							Annotations: map[string]string{},
@@ -1243,7 +1243,7 @@ func Test_newClusterAgentDeploymentFromInstance_UserProvidedSecret(t *testing.T)
 						"app.kubernetes.io/instance":    "cluster-agent",
 						"app.kubernetes.io/managed-by":  "datadog-operator",
 						"app.kubernetes.io/name":        "datadog-agent-deployment",
-						"app.kubernetes.io/part-of":     "foo",
+						"app.kubernetes.io/part-of":     "bar-foo",
 						"app.kubernetes.io/version":     "",
 					},
 					Annotations: map[string]string{},
@@ -1257,7 +1257,7 @@ func Test_newClusterAgentDeploymentFromInstance_UserProvidedSecret(t *testing.T)
 								"app.kubernetes.io/instance":    "cluster-agent",
 								"app.kubernetes.io/managed-by":  "datadog-operator",
 								"app.kubernetes.io/name":        "datadog-agent-deployment",
-								"app.kubernetes.io/part-of":     "foo",
+								"app.kubernetes.io/part-of":     "bar-foo",
 								"app.kubernetes.io/version":     "",
 							},
 							Annotations: map[string]string{},
@@ -1306,7 +1306,7 @@ func Test_newClusterAgentDeploymentFromInstance_Compliance(t *testing.T) {
 					"app.kubernetes.io/instance":    "cluster-agent",
 					"app.kubernetes.io/managed-by":  "datadog-operator",
 					"app.kubernetes.io/name":        "datadog-agent-deployment",
-					"app.kubernetes.io/part-of":     "foo",
+					"app.kubernetes.io/part-of":     "bar-foo",
 					"app.kubernetes.io/version":     "",
 				},
 				Annotations: map[string]string{},
@@ -1320,7 +1320,7 @@ func Test_newClusterAgentDeploymentFromInstance_Compliance(t *testing.T) {
 							"app.kubernetes.io/instance":    "cluster-agent",
 							"app.kubernetes.io/managed-by":  "datadog-operator",
 							"app.kubernetes.io/name":        "datadog-agent-deployment",
-							"app.kubernetes.io/part-of":     "foo",
+							"app.kubernetes.io/part-of":     "bar-foo",
 							"app.kubernetes.io/version":     "",
 						},
 						Annotations: map[string]string{},
@@ -1372,7 +1372,7 @@ func Test_newClusterAgentDeploymentFromInstance_CustomReplicas(t *testing.T) {
 					"app.kubernetes.io/instance":    "cluster-agent",
 					"app.kubernetes.io/managed-by":  "datadog-operator",
 					"app.kubernetes.io/name":        "datadog-agent-deployment",
-					"app.kubernetes.io/part-of":     "foo",
+					"app.kubernetes.io/part-of":     "bar-foo",
 					"app.kubernetes.io/version":     "",
 					"app":                           "datadog-monitoring",
 				},
@@ -1387,7 +1387,7 @@ func Test_newClusterAgentDeploymentFromInstance_CustomReplicas(t *testing.T) {
 							"app.kubernetes.io/instance":    "cluster-agent",
 							"app.kubernetes.io/managed-by":  "datadog-operator",
 							"app.kubernetes.io/name":        "datadog-agent-deployment",
-							"app.kubernetes.io/part-of":     "foo",
+							"app.kubernetes.io/part-of":     "bar-foo",
 							"app.kubernetes.io/version":     "",
 							"app":                           "datadog-monitoring",
 						},

controllers/datadogagent/clusterchecksrunner.go

@@ -602,7 +602,7 @@ func buildClusterChecksRunnerNetworkPolicy(dda *datadoghqv1alpha1.DatadogAgent,
 			PodSelector: metav1.LabelSelector{
 				MatchLabels: map[string]string{
 					kubernetes.AppKubernetesInstanceLabelKey: datadoghqv1alpha1.DefaultClusterChecksRunnerResourceSuffix,
-					kubernetes.AppKubernetesPartOfLabelKey:   dda.Name,
+					kubernetes.AppKubernetesPartOfLabelKey:   dda.Namespace + "-" + dda.Name,
 				},
 			},
 			Egress: egressRules,