Add /var/log/containers to the list of mounted paths. (#310)

api/v1alpha1/const.go

@@ -170,6 +170,8 @@ const (
 	LogPodVolumeReadOnly               = true
 	LogContainerVolumeName             = "logcontainerpath"
 	LogContainerVolumeReadOnly         = true
+	SymlinkContainerVolumeName         = "symlinkcontainerpath"
+	SymlinkContainerVolumeReadOnly     = true
 	SystemProbeDebugfsVolumeName       = "debugfs"
 	SystemProbeDebugfsVolumePath       = "/sys/kernel/debug"
 	SystemProbeConfigVolumeName        = "system-probe-config"

api/v1alpha1/datadogagent_default.go

@@ -53,6 +53,7 @@ const (
 	defaultLogsContainerCollectUsingFiles   bool   = true
 	defaultContainerLogsPath                string = "/var/lib/docker/containers"
 	defaultPodLogsPath                      string = "/var/log/pods"
+	defaultContainerSymlinksPath            string = "/var/log/containers"
 	defaultLogsTempStoragePath              string = "/var/lib/datadog-agent/logs"
 	defaultLogsOpenFilesLimit               int32  = 100
 	defaultProcessEnabled                   bool   = false
@@ -726,6 +727,11 @@ func DefaultDatadogFeatureLogCollection(ft *DatadogFeatures) *LogCollectionConfi
 		logOverride.PodLogsPath = ft.LogCollection.PodLogsPath
 	}
 
+	if ft.LogCollection.ContainerSymlinksPath == nil {
+		ft.LogCollection.ContainerSymlinksPath = NewStringPointer(defaultContainerSymlinksPath)
+		logOverride.ContainerSymlinksPath = ft.LogCollection.ContainerSymlinksPath
+	}
+
 	if ft.LogCollection.TempStoragePath == nil {
 		ft.LogCollection.TempStoragePath = NewStringPointer(defaultLogsTempStoragePath)
 		logOverride.TempStoragePath = ft.LogCollection.TempStoragePath

api/v1alpha1/datadogagent_default_test.go

@@ -160,6 +160,7 @@ func TestDefaultFeatures(t *testing.T) {
 					ContainerCollectUsingFiles:    NewBoolPointer(true),
 					ContainerLogsPath:             NewStringPointer("/var/lib/docker/containers"),
 					PodLogsPath:                   NewStringPointer("/var/log/pods"),
+					ContainerSymlinksPath:         NewStringPointer("/var/log/containers"),
 					TempStoragePath:               NewStringPointer("/var/lib/datadog-agent/logs"),
 					OpenFilesLimit:                NewInt32Pointer(100),
 				},
@@ -179,6 +180,7 @@ func TestDefaultFeatures(t *testing.T) {
 					ContainerCollectUsingFiles:    NewBoolPointer(true),
 					ContainerLogsPath:             NewStringPointer("/var/lib/docker/containers"),
 					PodLogsPath:                   NewStringPointer("/var/log/pods"),
+					ContainerSymlinksPath:         NewStringPointer("/var/log/containers"),
 					TempStoragePath:               NewStringPointer("/var/lib/datadog-agent/logs"),
 					OpenFilesLimit:                NewInt32Pointer(100),
 				},

api/v1alpha1/datadogagent_types.go

@@ -405,6 +405,13 @@ type LogCollectionConfig struct {
 	// +optional
 	PodLogsPath *string `json:"podLogsPath,omitempty"`
 
+	// Allows the log collection to use symbolic links in this directory to
+	// validate container ID -> pod.
+	// Defaults to `/var/log/containers`
+	//
+	// +optional
+	ContainerSymlinksPath *string `json:"ContainerSymlinksPath,omitempty"`
+
 	// This path (always mounted from the host) is used by Datadog Agent to store information about processed log files.
 	// If the Datadog Agent is restarted, it starts tailing the log files immediately.
 	// Default to `/var/lib/datadog-agent/logs`

bundle/manifests/datadoghq.com_datadogagents.yaml

@@ -1825,6 +1825,9 @@ spec:
                     podLogsPath:
                       description: Allows log collection from pod log path. Defaults to `/var/log/pods`.
                       type: string
+                    containerSymlinksPath:
+                      description: Allows usage of `/var/log/containers` to confirm container ID -> pod matching. Defaults to `/var/log/containers`.
+                      type: string
                     tempStoragePath:
                       description: This path (always mounted from the host) is used by Datadog Agent to store information about processed log files. If the Datadog Agent is restarted, it starts tailing the log files immediately. Default to `/var/lib/datadog-agent/logs`
                       type: string

config/crd/bases/v1/datadoghq.com_datadogagents.yaml

@@ -3942,6 +3942,11 @@ spec:
                   log:
                     description: Log Agent configuration
                     properties:
+                      ContainerSymlinksPath:
+                        description: Allows the log collection to use symbolic links
+                          in this directory to validate container ID -> pod. Defaults
+                          to `/var/log/containers`
+                        type: string
                       containerCollectUsingFiles:
                         description: 'Collect logs from files in `/var/log/pods instead`
                           of using the container runtime API. Collecting logs from
@@ -10603,6 +10608,11 @@ spec:
                   logCollection:
                     description: LogCollection configuration.
                     properties:
+                      ContainerSymlinksPath:
+                        description: Allows the log collection to use symbolic links
+                          in this directory to validate container ID -> pod. Defaults
+                          to `/var/log/containers`
+                        type: string
                       containerCollectUsingFiles:
                         description: 'Collect logs from files in `/var/log/pods instead`
                           of using the container runtime API. Collecting logs from
@@ -14928,6 +14938,11 @@ spec:
                       log:
                         description: Log Agent configuration
                         properties:
+                          ContainerSymlinksPath:
+                            description: Allows the log collection to use symbolic
+                              links in this directory to validate container ID ->
+                              pod. Defaults to `/var/log/containers`
+                            type: string
                           containerCollectUsingFiles:
                             description: 'Collect logs from files in `/var/log/pods
                               instead` of using the container runtime API. Collecting
@@ -21848,6 +21863,11 @@ spec:
                       logCollection:
                         description: LogCollection configuration.
                         properties:
+                          ContainerSymlinksPath:
+                            description: Allows the log collection to use symbolic
+                              links in this directory to validate container ID ->
+                              pod. Defaults to `/var/log/containers`
+                            type: string
                           containerCollectUsingFiles:
                             description: 'Collect logs from files in `/var/log/pods
                               instead` of using the container runtime API. Collecting

config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml

@@ -3816,6 +3816,11 @@ spec:
                 log:
                   description: Log Agent configuration
                   properties:
+                    ContainerSymlinksPath:
+                      description: Allows the log collection to use symbolic links
+                        in this directory to validate container ID -> pod. Defaults
+                        to `/var/log/containers`
+                      type: string
                     containerCollectUsingFiles:
                       description: 'Collect logs from files in `/var/log/pods instead`
                         of using the container runtime API. Collecting logs from files
@@ -10255,6 +10260,11 @@ spec:
                 logCollection:
                   description: LogCollection configuration.
                   properties:
+                    ContainerSymlinksPath:
+                      description: Allows the log collection to use symbolic links
+                        in this directory to validate container ID -> pod. Defaults
+                        to `/var/log/containers`
+                      type: string
                     containerCollectUsingFiles:
                       description: 'Collect logs from files in `/var/log/pods instead`
                         of using the container runtime API. Collecting logs from files
@@ -14443,6 +14453,11 @@ spec:
                     log:
                       description: Log Agent configuration
                       properties:
+                        ContainerSymlinksPath:
+                          description: Allows the log collection to use symbolic links
+                            in this directory to validate container ID -> pod. Defaults
+                            to `/var/log/containers`
+                          type: string
                         containerCollectUsingFiles:
                           description: 'Collect logs from files in `/var/log/pods
                             instead` of using the container runtime API. Collecting
@@ -21127,6 +21142,11 @@ spec:
                     logCollection:
                       description: LogCollection configuration.
                       properties:
+                        ContainerSymlinksPath:
+                          description: Allows the log collection to use symbolic links
+                            in this directory to validate container ID -> pod. Defaults
+                            to `/var/log/containers`
+                          type: string
                         containerCollectUsingFiles:
                           description: 'Collect logs from files in `/var/log/pods
                             instead` of using the container runtime API. Collecting

controllers/datadogagent/agent_test.go

@@ -2857,6 +2857,14 @@ func Test_newExtendedDaemonSetFromInstance_LogsEnabled(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name: "symlinkcontainerpath",
+			VolumeSource: corev1.VolumeSource{
+				HostPath: &corev1.HostPathVolumeSource{
+					Path: "/var/log/containers",
+				},
+			},
+		},
 	}
 	logsVolumeMounts := []corev1.VolumeMount{
 		{
@@ -2873,6 +2881,11 @@ func Test_newExtendedDaemonSetFromInstance_LogsEnabled(t *testing.T) {
 			MountPath: "/var/lib/docker/containers",
 			ReadOnly:  true,
 		},
+		{
+			Name:      "symlinkcontainerpath",
+			MountPath: "/var/log/containers",
+			ReadOnly:  true,
+		},
 	}
 
 	logsEnabledPodSpec.Volumes = append(logsEnabledPodSpec.Volumes, logsVolumes...)

controllers/datadogagent/utils.go

@@ -1203,6 +1203,16 @@ func getVolumesForAgent(dda *datadoghqv1alpha1.DatadogAgent) []corev1.Volume {
 				},
 			})
 		}
+		if logConfig.ContainerSymlinksPath != nil {
+			volumes = append(volumes, corev1.Volume{
+				Name: datadoghqv1alpha1.SymlinkContainerVolumeName,
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: *logConfig.ContainerSymlinksPath,
+					},
+				},
+			})
+		}
 	}
 
 	if isSecurityAgentEnabled(&dda.Spec) {
@@ -1438,6 +1448,13 @@ func getVolumeMountsForAgent(dda *datadoghqv1alpha1.DatadogAgent) []corev1.Volum
 				ReadOnly:  datadoghqv1alpha1.LogContainerVolumeReadOnly,
 			})
 		}
+		if dda.Spec.Features.LogCollection.ContainerSymlinksPath != nil {
+			volumeMounts = append(volumeMounts, corev1.VolumeMount{
+				Name:      datadoghqv1alpha1.SymlinkContainerVolumeName,
+				MountPath: *dda.Spec.Features.LogCollection.ContainerSymlinksPath,
+				ReadOnly:  datadoghqv1alpha1.SymlinkContainerVolumeReadOnly,
+			})
+		}
 	}
 
 	// SystemProbe volumes

docs/configuration.md

@@ -182,6 +182,7 @@ spec:
 | agent.image.tag | Define the image version to use: To be used if the Name field does not correspond to a full image string. |
 | agent.keepAnnotations | KeepAnnotations allows the specification of annotations not managed by the Operator that will be kept on Agent DaemonSet. All annotations containing 'datadoghq.com' are always included. This field uses glob syntax. |
 | agent.keepLabels | KeepLabels allows the specification of labels not managed by the Operator that will be kept on Agent DaemonSet. All labels containing 'datadoghq.com' are always included. This field uses glob syntax. |
+| agent.log.ContainerSymlinksPath | Allows the log collection to use symbolic links in this directory to validate container ID -> pod. Defaults to `/var/log/containers` |
 | agent.log.containerCollectUsingFiles | Collect logs from files in `/var/log/pods instead` of using the container runtime API. Collecting logs from files is usually the most efficient way of collecting logs. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup Default is true |
 | agent.log.containerLogsPath | Allows log collection from the container log path. Set to a different path if you are not using the Docker runtime. See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest Defaults to `/var/lib/docker/containers` |
 | agent.log.enabled | Enable this option to activate Datadog Agent log collection. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup |
@@ -386,6 +387,7 @@ spec:
 | features.kubeStateMetricsCore.conf.configMap.fileKey | FileKey corresponds to the key used in the ConfigMap.Data to store the configuration file content. |
 | features.kubeStateMetricsCore.conf.configMap.name | The name of source ConfigMap. |
 | features.kubeStateMetricsCore.enabled | Enable this to start the Kubernetes State Metrics Core check. Refer to https://docs.datadoghq.com/integrations/kubernetes_state_core |
+| features.logCollection.ContainerSymlinksPath | Allows the log collection to use symbolic links in this directory to validate container ID -> pod. Defaults to `/var/log/containers` |
 | features.logCollection.containerCollectUsingFiles | Collect logs from files in `/var/log/pods instead` of using the container runtime API. Collecting logs from files is usually the most efficient way of collecting logs. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup Default is true |
 | features.logCollection.containerLogsPath | Allows log collection from the container log path. Set to a different path if you are not using the Docker runtime. See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest Defaults to `/var/lib/docker/containers` |
 | features.logCollection.enabled | Enable this option to activate Datadog Agent log collection. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup |