Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the option to create NetworkPolicy for the Agents #162

Merged
merged 1 commit into from
Oct 20, 2020
Merged

Add the option to create NetworkPolicy for the Agents #162

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
46 changes: 44 additions & 2 deletions api/v1alpha1/datadogagent_default.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
edsdatadoghqv1alpha1 "github.com/DataDog/extendeddaemonset/api/v1alpha1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/intstr"
)
Expand Down Expand Up @@ -53,7 +52,7 @@ const (
DefaultAdmissionServiceName = "datadog-admission-controller"
)

var defaultImagePullPolicy = v1.PullIfNotPresent
var defaultImagePullPolicy = corev1.PullIfNotPresent

// IsDefaultedDatadogAgent used to check if an DatadogAgent was already defaulted
// returns true if yes, else false
Expand Down Expand Up @@ -89,6 +88,10 @@ func IsDefaultedDatadogAgent(ad *DatadogAgent) bool {
if !IsDefaultedDatadogAgentSpecProcess(&ad.Spec.Agent.Process) {
return false
}

if !IsDefaultedNetworkPolicy(&ad.Spec.Agent.NetworkPolicy) {
return false
}
}

if ad.Spec.ClusterAgent != nil {
Expand All @@ -104,6 +107,10 @@ func IsDefaultedDatadogAgent(ad *DatadogAgent) bool {
return false
}

if !IsDefaultedNetworkPolicy(&ad.Spec.ClusterAgent.NetworkPolicy) {
return false
}

if ad.Spec.ClusterAgent.Replicas == nil {
return false
}
Expand All @@ -118,6 +125,10 @@ func IsDefaultedDatadogAgent(ad *DatadogAgent) bool {
return false
}

if !IsDefaultedNetworkPolicy(&ad.Spec.ClusterChecksRunner.NetworkPolicy) {
return false
}

if ad.Spec.ClusterChecksRunner.Replicas == nil {
return false
}
Expand Down Expand Up @@ -317,6 +328,20 @@ func IsDefaultedDatadogAgentSpecProcess(process *ProcessSpec) bool {
return true
}

// IsDefaultedNetworkPolicy used to check if a NetworkPolicySpec was already
// defaulted. Returns true if yes, or false otherwise
func IsDefaultedNetworkPolicy(policy *NetworkPolicySpec) bool {
if policy == nil {
return false
}

if policy.Create == nil {
return false
}

return true
}

// IsDefaultedDatadogAgentSpecClusterAgentConfig used to check if
// a ClusterAgentConfig was already defaulted
// returns true if yes, else false
Expand Down Expand Up @@ -366,6 +391,7 @@ func DefaultDatadogAgentSpecAgent(agent *DatadogAgentSpecAgentSpec) *DatadogAgen
DefaultDatadogAgentSpecAgentApm(&agent.Apm)
DefaultDatadogAgentSpecAgentLog(&agent.Log)
DefaultDatadogAgentSpecAgentProcess(&agent.Process)
DefaultNetworkPolicy(&agent.NetworkPolicy)
return agent
}

Expand Down Expand Up @@ -600,6 +626,7 @@ func DefaultDatadogAgentSpecClusterAgent(clusterAgent *DatadogAgentSpecClusterAg
DefaultDatadogAgentSpecClusterAgentImage(&clusterAgent.Image)
DefaultDatadogAgentSpecClusterAgentConfig(&clusterAgent.Config)
DefaultDatadogAgentSpecRbacConfig(&clusterAgent.Rbac)
DefaultNetworkPolicy(&clusterAgent.NetworkPolicy)
if clusterAgent.Replicas == nil {
clusterAgent.Replicas = NewInt32Pointer(defaultClusterAgentReplicas)
}
Expand Down Expand Up @@ -667,6 +694,7 @@ func DefaultDatadogAgentSpecClusterChecksRunner(clusterChecksRunner *DatadogAgen
DefaultDatadogAgentSpecClusterChecksRunnerImage(&clusterChecksRunner.Image)
DefaultDatadogAgentSpecClusterChecksRunnerConfig(&clusterChecksRunner.Config)
DefaultDatadogAgentSpecRbacConfig(&clusterChecksRunner.Rbac)
DefaultNetworkPolicy(&clusterChecksRunner.NetworkPolicy)
if clusterChecksRunner.Replicas == nil {
clusterChecksRunner.Replicas = NewInt32Pointer(defaultClusterChecksRunnerReplicas)
}
Expand Down Expand Up @@ -704,3 +732,17 @@ func DefaultDatadogAgentSpecClusterChecksRunnerImage(image *ImageConfig) *ImageC

return image
}

// DefaultNetworkPolicy is used to default NetworkPolicy. Returns the defaulted
// ImageConfig
func DefaultNetworkPolicy(policy *NetworkPolicySpec) *NetworkPolicySpec {
if policy == nil {
policy = &NetworkPolicySpec{}
}

if policy.Create == nil {
policy.Create = NewBoolPointer(false)
}

return policy
}
20 changes: 20 additions & 0 deletions api/v1alpha1/datadogagent_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,10 @@ type DatadogAgentSpecAgentSpec struct {
// See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details.
// +optional
CustomConfig *CustomConfigSpec `json:"customConfig,omitempty"`

// Provide Agent Network Policy configuration
// +optional
NetworkPolicy NetworkPolicySpec `json:"networkPolicy,omitempty"`
}

// RbacConfig contains RBAC configuration
Expand Down Expand Up @@ -683,6 +687,10 @@ type DatadogAgentSpecClusterAgentSpec struct {
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`

// Provide Cluster Agent Network Policy configuration
// +optional
NetworkPolicy NetworkPolicySpec `json:"networkPolicy,omitempty"`
}

// ClusterAgentConfig contains the configuration of the Cluster Agent
Expand Down Expand Up @@ -860,6 +868,10 @@ type DatadogAgentSpecClusterChecksRunnerSpec struct {
// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`

// Provide Cluster Checks Runner Network Policy configuration
// +optional
NetworkPolicy NetworkPolicySpec `json:"networkPolicy,omitempty"`
}

// ImageConfig Datadog agent container image config
Expand All @@ -881,6 +893,14 @@ type ImageConfig struct {
PullSecrets *[]corev1.LocalObjectReference `json:"pullSecrets,omitempty"`
}

// NetworkPolicySpec provides Network Policy configuration for the agents
// +k8s:openapi-gen=true
type NetworkPolicySpec struct {
// If true, create a NetworkPolicy for the current agent
// +optional
Create *bool `json:"create,omitempty"`
}

// DatadogAgentState type representing the deployment state of the different Agent components
type DatadogAgentState string

Expand Down
10 changes: 10 additions & 0 deletions api/v1alpha1/test/new.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ type NewDatadogAgentOptions struct {
RuntimeSyscallMonitorEnabled bool
RuntimePoliciesDir *datadoghqv1alpha1.ConfigDirSpec
SecurityContext *corev1.PodSecurityContext
CreateNetworkPolicy bool
}

// NewDefaultedDatadogAgent returns an initialized and defaulted DatadogAgent for testing purpose
Expand Down Expand Up @@ -125,6 +126,9 @@ func NewDefaultedDatadogAgent(ns, name string, options *NewDatadogAgentOptions)

ad.Spec.Agent.DaemonsetName = options.AgentDaemonsetName
ad.Spec.Site = options.Site
ad.Spec.Agent.NetworkPolicy = datadoghqv1alpha1.NetworkPolicySpec{
Create: &options.CreateNetworkPolicy,
}

if options.HostPort != 0 {
ad.Spec.Agent.Config.HostPort = &options.HostPort
Expand All @@ -147,6 +151,9 @@ func NewDefaultedDatadogAgent(ns, name string, options *NewDatadogAgentOptions)
Create: datadoghqv1alpha1.NewBoolPointer(true),
},
DeploymentName: options.ClusterAgentDeploymentName,
NetworkPolicy: datadoghqv1alpha1.NetworkPolicySpec{
Create: &options.CreateNetworkPolicy,
},
}

if options.MetricsServerEnabled {
Expand Down Expand Up @@ -194,6 +201,9 @@ func NewDefaultedDatadogAgent(ns, name string, options *NewDatadogAgentOptions)
Rbac: datadoghqv1alpha1.RbacConfig{
Create: datadoghqv1alpha1.NewBoolPointer(true),
},
NetworkPolicy: datadoghqv1alpha1.NetworkPolicySpec{
Create: &options.CreateNetworkPolicy,
},
}
if len(options.ClusterChecksRunnerEnvVars) != 0 {
ad.Spec.ClusterChecksRunner.Config.Env = options.ClusterChecksRunnerEnvVars
Expand Down
23 changes: 23 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

45 changes: 42 additions & 3 deletions api/v1alpha1/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

24 changes: 24 additions & 0 deletions config/crd/bases/v1/datadoghq.com_datadogagents.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2381,6 +2381,14 @@ spec:
tailing the log files from the right offset Default to `/var/lib/datadog-agent/logs`
type: string
type: object
networkPolicy:
description: Provide Agent Network Policy configuration
properties:
create:
description: If true, create a NetworkPolicy for the current
agent
type: boolean
type: object
priorityClassName:
description: If specified, indicates the pod's priority. "system-node-critical"
and "system-cluster-critical" are two special keywords which
Expand Down Expand Up @@ -5327,6 +5335,14 @@ spec:
required:
- name
type: object
networkPolicy:
description: Provide Cluster Agent Network Policy configuration
properties:
create:
description: If true, create a NetworkPolicy for the current
agent
type: boolean
type: object
nodeSelector:
additionalProperties:
type: string
Expand Down Expand Up @@ -7602,6 +7618,14 @@ spec:
required:
- name
type: object
networkPolicy:
description: Provide Cluster Checks Runner Network Policy configuration
properties:
create:
description: If true, create a NetworkPolicy for the current
agent
type: boolean
type: object
nodeSelector:
additionalProperties:
type: string
Expand Down