[override] Implement container override (#584)

* [override/dependencies] Apply only when CreateRbac is defined * [override] Add container override
DataDog · Aug 3, 2022 · d295739 · d295739
1 parent 40de85e
commit d295739
Show file tree

Hide file tree

Showing 5 changed files with 455 additions and 9 deletions.
diff --git a/apis/datadoghq/common/const.go b/apis/datadoghq/common/const.go
@@ -197,6 +197,8 @@ const (
 	CriSocketVolumeName                          = "runtimesocketdir"
 	KubeletAgentCAPath                           = "/var/run/host-kubelet-ca.crt"
 	KubeletCAVolumeName                          = "kubelet-ca"
+
+	AppArmorAnnotationKey = "container.apparmor.security.beta.kubernetes.io"
 )
 
 const (

diff --git a/controllers/datadogagent/override/container.go b/controllers/datadogagent/override/container.go
@@ -6,14 +6,117 @@
 package override
 
 import (
+	"fmt"
+	"strconv"
+
+	"github.com/DataDog/datadog-operator/apis/datadoghq/common"
+	commonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1"
 	corev1 "k8s.io/api/core/v1"
 
 	"github.com/DataDog/datadog-operator/apis/datadoghq/v2alpha1"
 	"github.com/DataDog/datadog-operator/controllers/datadogagent/feature"
 )
 
 // Container use to override a corev1.Container with a 2alpha1.DatadogAgentGenericContainer.
-func Container(manager feature.PodTemplateManagers, override *v2alpha1.DatadogAgentGenericContainer) (*corev1.Container, error) {
-	// TODO(operator-ga): implement OverrideContainer
-	return nil, nil
+func Container(containerName commonv1.AgentContainerName, manager feature.PodTemplateManagers, override *v2alpha1.DatadogAgentGenericContainer) {
+	if override == nil {
+		return
+	}
+
+	if override.LogLevel != nil && *override.LogLevel != "" {
+		overrideLogLevel(containerName, manager, *override.LogLevel)
+	}
+
+	addEnvs(containerName, manager, override.Env)
+
+	addVolMounts(containerName, manager, override.VolumeMounts)
+
+	if override.HealthPort != nil {
+		addHealthPort(containerName, manager, *override.HealthPort)
+	}
+
+	for i, container := range manager.PodTemplateSpec().Spec.Containers {
+		if container.Name == string(containerName) {
+			overrideContainer(&manager.PodTemplateSpec().Spec.Containers[i], override)
+		}
+	}
+
+	overrideAppArmorProfile(containerName, manager, override)
+}
+
+func overrideLogLevel(containerName commonv1.AgentContainerName, manager feature.PodTemplateManagers, logLevel string) {
+	manager.EnvVar().AddEnvVarToContainer(
+		containerName,
+		&corev1.EnvVar{
+			Name:  common.DDLogLevel,
+			Value: logLevel,
+		},
+	)
+}
+
+func addEnvs(containerName commonv1.AgentContainerName, manager feature.PodTemplateManagers, envs []corev1.EnvVar) {
+	for _, env := range envs {
+		e := env
+		manager.EnvVar().AddEnvVarToContainer(containerName, &e)
+	}
+}
+
+func addVolMounts(containerName commonv1.AgentContainerName, manager feature.PodTemplateManagers, mounts []corev1.VolumeMount) {
+	for _, mount := range mounts {
+		m := mount
+		manager.VolumeMount().AddVolumeMountToContainer(&m, containerName)
+	}
+}
+
+func addHealthPort(containerName commonv1.AgentContainerName, manager feature.PodTemplateManagers, healthPort int32) {
+	manager.EnvVar().AddEnvVarToContainer(
+		containerName,
+		&corev1.EnvVar{
+			Name:  common.DDHealthPort,
+			Value: strconv.Itoa(int(healthPort)),
+		},
+	)
+}
+
+func overrideContainer(container *corev1.Container, override *v2alpha1.DatadogAgentGenericContainer) {
+	if override.Name != nil {
+		container.Name = *override.Name
+	}
+
+	if override.Resources != nil {
+		container.Resources = *override.Resources
+	}
+
+	if override.Command != nil {
+		container.Command = override.Command
+	}
+
+	if override.Args != nil {
+		container.Args = override.Args
+	}
+
+	if override.ReadinessProbe != nil {
+		container.ReadinessProbe = override.ReadinessProbe
+	}
+
+	if override.LivenessProbe != nil {
+		container.LivenessProbe = override.LivenessProbe
+	}
+
+	if override.SecurityContext != nil {
+		container.SecurityContext = override.SecurityContext
+	}
+}
+
+func overrideAppArmorProfile(containerName commonv1.AgentContainerName, manager feature.PodTemplateManagers, override *v2alpha1.DatadogAgentGenericContainer) {
+	if override.AppArmorProfileName != nil {
+		var annotation string
+		if override.Name != nil {
+			annotation = fmt.Sprintf("%s/%s", common.AppArmorAnnotationKey, *override.Name)
+		} else {
+			annotation = fmt.Sprintf("%s/%s", common.AppArmorAnnotationKey, containerName)
+		}
+
+		manager.Annotation().AddAnnotation(annotation, *override.AppArmorProfileName)
+	}
 }