Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix management of seccomp ConfigMap when not used #311

Merged
merged 1 commit into from
May 27, 2021
Merged

Fix management of seccomp ConfigMap when not used #311

merged 1 commit into from
May 27, 2021

Conversation

vboulineau
Copy link
Contributor

What does this PR do?

Currently the operator always mount the seccomp volumes, even if we use a seccomp profile from host (e.g. no install performed in init container), while the ConfigMap is not created, creating PODs referencing non-existing ConfigMaps.
Also, the ConfigMap was never deleted if setting was changed from using seccomp profile from ConfigMap to using profile from host.

Took the opportunity to change the way we do diffs in tests.

Motivation

What inspired you to submit this pull request?

Additional Notes

Anything else we should know when reviewing?

Describe your test plan

Deploy the Agent with system-probe enabled. Then change the DatadogAgent set the SecCompProfileName attribute to unconfined. The new DaemonSet should start properly and the ConfigMap named <dda.Name>-system-probe-seccomp should be deleted.

@vboulineau vboulineau added the bug Something isn't working label May 21, 2021
@vboulineau vboulineau added this to the v0.6 milestone May 21, 2021
@vboulineau vboulineau requested review from a team as code owners May 21, 2021 10:53
jtappa
jtappa suggested changes May 21, 2021
View reviewed changes
config/crd/bases/v1/datadoghq.com_datadogagents.yaml Outdated Show resolved Hide resolved
config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml Outdated Show resolved Hide resolved
docs/configuration.md Outdated Show resolved Hide resolved
@vboulineau vboulineau force-pushed the vboulineau/fix-seccomp-config branch from 9380f9c to fbe4fd1 Compare May 27, 2021 15:21
@codecov-commenter
Copy link

codecov-commenter commented May 27, 2021
edited

Codecov Report

Merging #311 (fbe4fd1) into main (023cb3b) will increase coverage by 0.03%.
The diff coverage is 96.15%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #311      +/-   ##
==========================================
+ Coverage   58.18%   58.22%   +0.03%     
==========================================
  Files          59       59              
  Lines        6294     6300       +6     
==========================================
+ Hits         3662     3668       +6     
  Misses       2362     2362              
  Partials      270      270
Flag Coverage Δ
unittests 58.22% <96.15%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
api/v1alpha1/datadogagent_types.go 100.00% <ø> (ø)
controllers/datadogagent/systemprobe.go 96.42% <84.61%> (-3.58%) ⬇️
controllers/datadogagent/utils.go 82.06% <100.00%> (+0.13%) ⬆️
controllers/setup.go 68.57% <100.00%> (+0.92%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 023cb3b...fbe4fd1. Read the comment docs.

@vboulineau vboulineau merged commit 8b4b796 into main May 27, 2021
@vboulineau vboulineau deleted the vboulineau/fix-seccomp-config branch May 27, 2021 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtappa jtappa jtappa requested changes

@clamoriniere clamoriniere clamoriniere approved these changes

@github-actions github-actions[bot] github-actions approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
v0.6
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vboulineau @codecov-commenter @clamoriniere @jtappa