Remove automatic copying of previous Agent/ClusterAgent unknown annot…

…ations/labels. New fields in DatadogAgent CRD allows to specify annotations/labels we should carry over (#290)

LICENSE-3rdparty.csv

@@ -40,6 +40,14 @@ core,"github.com/go-openapi/jsonpointer",Apache-2.0
 core,"github.com/go-openapi/jsonreference",Apache-2.0
 core,"github.com/go-openapi/spec",Apache-2.0
 core,"github.com/go-openapi/swag",Apache-2.0
+core,"github.com/gobwas/glob",MIT
+core,"github.com/gobwas/glob/compiler",MIT
+core,"github.com/gobwas/glob/match",MIT
+core,"github.com/gobwas/glob/syntax",MIT
+core,"github.com/gobwas/glob/syntax/ast",MIT
+core,"github.com/gobwas/glob/syntax/lexer",MIT
+core,"github.com/gobwas/glob/util/runes",MIT
+core,"github.com/gobwas/glob/util/strings",MIT
 core,"github.com/gogo/protobuf/proto",NewBSD
 core,"github.com/gogo/protobuf/sortkeys",NewBSD
 core,"github.com/golang/groupcache/lru",Apache-2.0

api/v1alpha1/datadogagent_types.go

@@ -157,6 +157,14 @@ type DatadogAgentSpecAgentSpec struct {
 	// AdditionalLabels provide labels that will be added to the Agent Pods.
 	AdditionalLabels map[string]string `json:"additionalLabels,omitempty"`
 
+	// KeepLabels allows the specification of labels not managed by the Operator that will be kept on Agent DaemonSet.
+	// All labels containing 'datadoghq.com' are always included. This field uses glob syntax.
+	KeepLabels string `json:"keepLabels,omitempty"`
+
+	// KeepAnnotations allows the specification of annotations not managed by the Operator that will be kept on Agent DaemonSet.
+	// All annotations containing 'datadoghq.com' are always included. This field uses glob syntax.
+	KeepAnnotations string `json:"keepAnnotations,omitempty"`
+
 	// If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical"
 	// are two special keywords which indicate the highest priorities with the former being the highest priority.
 	// Any other name must be defined by creating a PriorityClass object with that name. If not specified,
@@ -853,6 +861,14 @@ type DatadogAgentSpecClusterAgentSpec struct {
 	// AdditionalLabels provide labels that will be added to the Cluster Agent Pods.
 	AdditionalLabels map[string]string `json:"additionalLabels,omitempty"`
 
+	// KeepLabels allows the specification of labels not managed by the Operator that will be kept on ClusterAgent Deployment.
+	// All labels containing 'datadoghq.com' are always included. This field uses glob syntax.
+	KeepLabels string `json:"keepLabels,omitempty"`
+
+	// KeepAnnotations allows the specification of annotations not managed by the Operator that will be kept on ClusterAgent Deployment.
+	// All annotations containing 'datadoghq.com' are always included. This field uses glob syntax.
+	KeepAnnotations string `json:"keepAnnotations,omitempty"`
+
 	// If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical"
 	// are two special keywords which indicate the highest priorities with the former being the highest priority.
 	// Any other name must be defined by creating a PriorityClass object with that name. If not specified,

config/crd/bases/v1/datadoghq.com_datadogagents.yaml

@@ -2856,6 +2856,18 @@ spec:
                     required:
                     - name
                     type: object
+                  keepAnnotations:
+                    description: KeepAnnotations allows the specification of annotations
+                      not managed by the Operator that will be kept on Agent DaemonSet.
+                      All annotations containing 'datadoghq.com' are always included.
+                      This field uses glob syntax.
+                    type: string
+                  keepLabels:
+                    description: KeepLabels allows the specification of labels not
+                      managed by the Operator that will be kept on Agent DaemonSet.
+                      All labels containing 'datadoghq.com' are always included. This
+                      field uses glob syntax.
+                    type: string
                   log:
                     description: Log Agent configuration
                     properties:
@@ -6284,6 +6296,18 @@ spec:
                     required:
                     - name
                     type: object
+                  keepAnnotations:
+                    description: KeepAnnotations allows the specification of annotations
+                      not managed by the Operator that will be kept on ClusterAgent
+                      Deployment. All annotations containing 'datadoghq.com' are always
+                      included. This field uses glob syntax.
+                    type: string
+                  keepLabels:
+                    description: KeepLabels allows the specification of labels not
+                      managed by the Operator that will be kept on ClusterAgent Deployment.
+                      All labels containing 'datadoghq.com' are always included. This
+                      field uses glob syntax.
+                    type: string
                   networkPolicy:
                     description: Provide Cluster Agent Network Policy configuration.
                     properties:

config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml

@@ -2760,6 +2760,18 @@ spec:
                   required:
                   - name
                   type: object
+                keepAnnotations:
+                  description: KeepAnnotations allows the specification of annotations
+                    not managed by the Operator that will be kept on Agent DaemonSet.
+                    All annotations containing 'datadoghq.com' are always included.
+                    This field uses glob syntax.
+                  type: string
+                keepLabels:
+                  description: KeepLabels allows the specification of labels not managed
+                    by the Operator that will be kept on Agent DaemonSet. All labels
+                    containing 'datadoghq.com' are always included. This field uses
+                    glob syntax.
+                  type: string
                 log:
                   description: Log Agent configuration
                   properties:
@@ -6077,6 +6089,18 @@ spec:
                   required:
                   - name
                   type: object
+                keepAnnotations:
+                  description: KeepAnnotations allows the specification of annotations
+                    not managed by the Operator that will be kept on ClusterAgent
+                    Deployment. All annotations containing 'datadoghq.com' are always
+                    included. This field uses glob syntax.
+                  type: string
+                keepLabels:
+                  description: KeepLabels allows the specification of labels not managed
+                    by the Operator that will be kept on ClusterAgent Deployment.
+                    All labels containing 'datadoghq.com' are always included. This
+                    field uses glob syntax.
+                  type: string
                 networkPolicy:
                   description: Provide Cluster Agent Network Policy configuration.
                   properties:

controllers/datadogagent/agent.go

@@ -211,12 +211,8 @@ func (r *Reconciler) updateExtendedDaemonSet(logger logr.Logger, dda *datadoghqv
 	// Copy possibly changed fields
 	updatedEds := eds.DeepCopy()
 	updatedEds.Spec = *newEDS.Spec.DeepCopy()
-	for k, v := range newEDS.Annotations {
-		updatedEds.Annotations[k] = v
-	}
-	for k, v := range newEDS.Labels {
-		updatedEds.Labels[k] = v
-	}
+	updatedEds.Annotations = mergeAnnotationsLabels(logger, eds.GetAnnotations(), newEDS.GetAnnotations(), dda.Spec.Agent.KeepAnnotations)
+	updatedEds.Labels = mergeAnnotationsLabels(logger, eds.GetLabels(), newEDS.GetLabels(), dda.Spec.Agent.KeepLabels)
 
 	err = r.client.Update(context.TODO(), updatedEds)
 	if err != nil {
@@ -256,12 +252,9 @@ func (r *Reconciler) updateDaemonSet(logger logr.Logger, dda *datadoghqv1alpha1.
 	// Copy possibly changed fields
 	updatedDS := ds.DeepCopy()
 	updatedDS.Spec = *newDS.Spec.DeepCopy()
-	for k, v := range newDS.Annotations {
-		updatedDS.Annotations[k] = v
-	}
-	for k, v := range newDS.Labels {
-		updatedDS.Labels[k] = v
-	}
+	updatedDS.Annotations = mergeAnnotationsLabels(logger, ds.GetAnnotations(), newDS.GetAnnotations(), dda.Spec.Agent.KeepAnnotations)
+	updatedDS.Labels = mergeAnnotationsLabels(logger, ds.GetLabels(), newDS.GetLabels(), dda.Spec.Agent.KeepLabels)
+
 	err = r.client.Update(context.TODO(), updatedDS)
 	if err != nil {
 		return reconcile.Result{}, err

controllers/datadogagent/clusteragent.go

@@ -144,12 +144,8 @@ func (r *Reconciler) updateClusterAgentDeployment(logger logr.Logger, dda *datad
 	// Copy possibly changed fields
 	updateDca := dca.DeepCopy()
 	updateDca.Spec = *newDCA.Spec.DeepCopy()
-	for k, v := range newDCA.Annotations {
-		updateDca.Annotations[k] = v
-	}
-	for k, v := range newDCA.Labels {
-		updateDca.Labels[k] = v
-	}
+	updateDca.Annotations = mergeAnnotationsLabels(logger, dca.GetAnnotations(), newDCA.GetAnnotations(), dda.Spec.ClusterAgent.KeepAnnotations)
+	updateDca.Labels = mergeAnnotationsLabels(logger, dca.GetLabels(), newDCA.GetLabels(), dda.Spec.ClusterAgent.KeepLabels)
 
 	now := metav1.NewTime(time.Now())
 	err = r.client.Update(context.TODO(), updateDca)

controllers/datadogagent/utils.go

@@ -22,6 +22,7 @@ import (
 
 	edsdatadoghqv1alpha1 "github.com/DataDog/extendeddaemonset/api/v1alpha1"
 	"github.com/go-logr/logr"
+	"github.com/gobwas/glob"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -1794,6 +1795,33 @@ func getDefaultAnnotations(*datadoghqv1alpha1.DatadogAgent) map[string]string {
 	return map[string]string{}
 }
 
+func mergeAnnotationsLabels(logger logr.Logger, previousVal map[string]string, newVal map[string]string, filter string) map[string]string {
+	var globFilter glob.Glob
+	var err error
+	if filter != "" {
+		globFilter, err = glob.Compile(filter)
+		if err != nil {
+			logger.Error(err, "Unable to parse glob filter for metadata/annotations - discarding everything", "filter", filter)
+		}
+	}
+
+	mergedMap := make(map[string]string, len(newVal))
+	for k, v := range newVal {
+		mergedMap[k] = v
+	}
+
+	// Copy from previous if not in new match and matches globfilter
+	for k, v := range previousVal {
+		if _, found := newVal[k]; !found {
+			if (globFilter != nil && globFilter.Match(k)) || strings.Contains(k, "datadoghq.com") {
+				mergedMap[k] = v
+			}
+		}
+	}
+
+	return mergedMap
+}
+
 var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
 
 func generateRandomString(n int) string {

controllers/datadogagent/utils_test.go

@@ -7,6 +7,7 @@ import (
 	datadoghqv1alpha1 "github.com/DataDog/datadog-operator/api/v1alpha1"
 	"github.com/DataDog/datadog-operator/api/v1alpha1/test"
 	"github.com/DataDog/datadog-operator/controllers/testutils"
+	"github.com/google/go-cmp/cmp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
@@ -373,3 +374,64 @@ func Test_dsdMapperProfilesEnvVar(t *testing.T) {
 		})
 	}
 }
+
+func Test_mergeAnnotationsLabels(t *testing.T) {
+	type args struct {
+		previousVal map[string]string
+		newVal      map[string]string
+		filter      string
+	}
+	tests := []struct {
+		name string
+		args args
+		want map[string]string
+	}{
+		{
+			name: "basic test",
+			args: args{
+				previousVal: map[string]string{
+					"foo":               "bar",
+					"foo-datadoghq.com": "dog-bar",
+					"foo-removed":       "foo",
+					"foo.match":         "foomatch",
+				},
+				newVal: map[string]string{
+					"foo": "baz",
+				},
+				filter: "*.match",
+			},
+			want: map[string]string{
+				"foo":               "baz",
+				"foo-datadoghq.com": "dog-bar",
+				"foo.match":         "foomatch",
+			},
+		},
+		{
+			name: "no filter test",
+			args: args{
+				previousVal: map[string]string{
+					"foo":               "bar",
+					"foo-datadoghq.com": "dog-bar",
+					"foo-removed":       "foo",
+					"foo.match":         "foomatch",
+				},
+				newVal: map[string]string{
+					"foo": "baz",
+				},
+			},
+			want: map[string]string{
+				"foo":               "baz",
+				"foo-datadoghq.com": "dog-bar",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			logger := logf.Log.WithName(t.Name())
+			got := mergeAnnotationsLabels(logger, tt.args.previousVal, tt.args.newVal, tt.args.filter)
+			diff := cmp.Diff(tt.want, got)
+			assert.Empty(t, diff)
+		})
+	}
+}

docs/configuration.md

@@ -125,6 +125,8 @@ spec:
 | agent.image.name | Define the image to use: Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 6 Use "datadog/dogstatsd:latest" for Standalone Datadog Agent DogStatsD6 Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent |
 | agent.image.pullPolicy | The Kubernetes pull policy: Use Always, Never or IfNotPresent. |
 | agent.image.pullSecrets | It is possible to specify docker registry credentials. See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod |
+| agent.keepAnnotations | KeepAnnotations allows the specification of annotations not managed by the Operator that will be kept on Agent DaemonSet. All annotations containing 'datadoghq.com' are always included. This field uses glob syntax. |
+| agent.keepLabels | KeepLabels allows the specification of labels not managed by the Operator that will be kept on Agent DaemonSet. All labels containing 'datadoghq.com' are always included. This field uses glob syntax. |
 | agent.log.containerCollectUsingFiles | Collect logs from files in `/var/log/pods instead` of using the container runtime API. Collecting logs from files is usually the most efficient way of collecting logs. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup Default is true |
 | agent.log.containerLogsPath | Allows log collection from the container log path. Set to a different path if you are not using the Docker runtime. See also: https://docs.datadoghq.com/agent/kubernetes/daemonset_setup/?tab=k8sfile#create-manifest Defaults to `/var/lib/docker/containers` |
 | agent.log.enabled | Enable this option to activate Datadog Agent log collection. See also: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup |
@@ -225,6 +227,8 @@ spec:
 | clusterAgent.image.name | Define the image to use: Use "gcr.io/datadoghq/agent:latest" for Datadog Agent 6 Use "datadog/dogstatsd:latest" for Standalone Datadog Agent DogStatsD6 Use "gcr.io/datadoghq/cluster-agent:latest" for Datadog Cluster Agent |
 | clusterAgent.image.pullPolicy | The Kubernetes pull policy: Use Always, Never or IfNotPresent. |
 | clusterAgent.image.pullSecrets | It is possible to specify docker registry credentials. See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod |
+| clusterAgent.keepAnnotations | KeepAnnotations allows the specification of annotations not managed by the Operator that will be kept on ClusterAgent Deployment. All annotations containing 'datadoghq.com' are always included. This field uses glob syntax. |
+| clusterAgent.keepLabels | KeepLabels allows the specification of labels not managed by the Operator that will be kept on ClusterAgent Deployment. All labels containing 'datadoghq.com' are always included. This field uses glob syntax. |
 | clusterAgent.networkPolicy.create | If true, create a NetworkPolicy for the current agent. |
 | clusterAgent.nodeSelector | NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ |
 | clusterAgent.priorityClassName | If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. |

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/go-logr/logr v0.3.0
 	github.com/go-openapi/spec v0.20.3
+	github.com/gobwas/glob v0.2.3
 	github.com/google/go-cmp v0.5.2
 	github.com/hako/durafmt v0.0.0-20200710122514-c0fb7b4da026
 	github.com/mholt/archiver/v3 v3.5.0

go.sum

@@ -237,6 +237,8 @@ github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+
 github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
 github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=