-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CWS: fix runtime policies loading, when no config map is defined #522
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This pull request does not contain a valid label. Please add one of the following labels: bug, enhancement, refactoring, documentation, tooling
c1a9e92
to
3114084
Compare
Seems like we still create the empty volume at the pod spec level when no custom policies are used. Should we get rid of this too or the volume mount in the system probe is enough? datadog-operator/controllers/datadogagent/utils.go Lines 1320 to 1333 in 3114084
|
What this PR does is enough to fix the issue, if you feel that the volume definition would be even better I can include it in the second |
17ace58
to
5af58de
Compare
Codecov Report
@@ Coverage Diff @@
## main #522 +/- ##
=======================================
Coverage 58.51% 58.51%
=======================================
Files 3 3
Lines 135 135
=======================================
Hits 79 79
Misses 43 43
Partials 13 13
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report at Codecov.
|
Just want to make sure we are covering all grounds. |
* Only mount CWS policies volume if policies dir is defined * Do not create system-probe/security-agent volumes is not needed
… (#529) * Only mount CWS policies volume if policies dir is defined * Do not create system-probe/security-agent volumes is not needed Co-authored-by: Paul Cacheux <paul.cacheux@datadoghq.com>
What does this PR do?
When loading the agent through the operator with a default config like:
The CWS policies directory is empty. The reason explaining this issue is that the policies dir is always mounted, even when no override is defined by the user. This means that in the default case we are overriding the default rules with a mount to a non-existant/empty folder
Motivation
What inspired you to submit this pull request?
Additional Notes
Anything else we should know when reviewing?
Describe your test plan
Write there any instructions and details you may have to test your PR.