DataDog · celenechang · Aug 2, 2022 · May 7, 2022 · Jul 15, 2022 · Jul 16, 2022
@@ -79,6 +79,8 @@ const (
 	DDPodLabelsAsTags                               = "DD_KUBERNETES_POD_LABELS_AS_TAGS"
 	DDPPMReceiverSocket                             = "DD_APM_RECEIVER_SOCKET"
 	DDProcessAgentEnabled                           = "DD_PROCESS_AGENT_ENABLED"
+	DDProcessAgentScrubArgs                         = "DD_SCRUB_ARGS"
+	DDProcessAgentStripArgs                         = "DD_STRIP_PROCESS_ARGS"
 	DDPrometheusScrapeChecks                        = "DD_PROMETHEUS_SCRAPE_CHECKS"
 	DDPrometheusScrapeEnabled                       = "DD_PROMETHEUS_SCRAPE_ENABLED"
 	DDPrometheusScrapeServiceEndpoints              = "DD_PROMETHEUS_SCRAPE_SERVICE_ENDPOINTS"

@@ -225,6 +225,48 @@ func Test_defaultFeatures(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "liveProcess is enabled",
+			ddaSpec: &DatadogAgentSpec{
+				Features: &DatadogFeatures{
+					LiveProcessCollection: &LiveProcessCollectionFeatureConfig{
+						Enabled: apiutils.NewBoolPointer(valueTrue),
+					},
+				},
+			},
+			want: &DatadogAgentSpec{
+				Features: &DatadogFeatures{
+					LiveProcessCollection: &LiveProcessCollectionFeatureConfig{
+						Enabled: apiutils.NewBoolPointer(valueTrue),
+					},
+					LiveContainerCollection: &LiveContainerCollectionFeatureConfig{
+						Enabled: apiutils.NewBoolPointer(defaultLiveContainerCollectionEnabled),
+					},
+					Dogstatsd: &DogstatsdFeatureConfig{
+						OriginDetectionEnabled: apiutils.NewBoolPointer(defaultDogstatsdOriginDetectionEnabled),
+						HostPortConfig:         &HostPortConfig{Enabled: apiutils.NewBoolPointer(defaultDogstatsdHostPortEnabled)},
+						UnixDomainSocketConfig: &UnixDomainSocketConfig{
+							Enabled: apiutils.NewBoolPointer(defaultDogstatsdSocketEnabled),
+							Path:    apiutils.NewStringPointer(defaultDogstatsdSocketPath),
+						},
+					},
+					EventCollection: &EventCollectionFeatureConfig{
+						CollectKubernetesEvents: apiutils.NewBoolPointer(defaultCollectKubernetesEvents),
+					},
+					OrchestratorExplorer: &OrchestratorExplorerFeatureConfig{
+						Enabled:         apiutils.NewBoolPointer(defaultOrchestratorExplorerEnabled),
+						ScrubContainers: apiutils.NewBoolPointer(defaultOrchestratorExplorerScrubContainers),
+					},
+					KubeStateMetricsCore: &KubeStateMetricsCoreFeatureConfig{
+						Enabled: apiutils.NewBoolPointer(defaultKubeStateMetricsCoreEnabled),
+					},
+					ClusterChecks: &ClusterChecksFeatureConfig{
+						Enabled:                 apiutils.NewBoolPointer(defaultClusterChecksEnabled),
+						UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
+					},
+				},
+			},
+		},
 		{
 			name: "logCollection is enabled",
 			ddaSpec: &DatadogAgentSpec{

@@ -170,6 +170,16 @@ type LiveProcessCollectionFeatureConfig struct {
 	// Default: false
 	// +optional
 	Enabled *bool `json:"enabled,omitempty"`
+
+	// ScrubProcessArguments enables scrubbing of sensitive data (passwords, tokens, etc. ).
+	// Default: true
+	// +optional
+	ScrubProcessArguments *bool `json:"scrubProcessArguments,omitempty"`
+
+	// StripProcessArguments enables stripping of all process arguments.
+	// Default: false
+	// +optional
+	StripProcessArguments *bool `json:"stripProcessArguments,omitempty"`
 }
 
 // LiveContainerCollectionFeatureConfig contains Container Collection configuration.

@@ -13142,6 +13142,14 @@ spec:
                         description: 'Enabled enables Process monitoring. Default:
                           false'
                         type: boolean
+                      scrubProcessArguments:
+                        description: 'ScrubProcessArguments enables scrubbing of sensitive
+                          data (passwords, tokens, etc. ). Default: true'
+                        type: boolean
+                      stripProcessArguments:
+                        description: 'StripProcessArguments enables stripping of all
+                          process arguments. Default: false'
+                        type: boolean
                     type: object
                   logCollection:
                     description: LogCollection configuration.

@@ -26030,6 +26030,14 @@ spec:
                         description: 'Enabled enables Process monitoring. Default:
                           false'
                         type: boolean
+                      scrubProcessArguments:
+                        description: 'ScrubProcessArguments enables scrubbing of sensitive
+                          data (passwords, tokens, etc. ). Default: true'
+                        type: boolean
+                      stripProcessArguments:
+                        description: 'StripProcessArguments enables stripping of all
+                          process arguments. Default: false'
+                        type: boolean
                     type: object
                   logCollection:
                     description: LogCollection configuration.

@@ -39,6 +39,7 @@ import (
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/enabledefault"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/eventcollection"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/kubernetesstatecore"
+	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/liveprocess"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/logcollection"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/npm"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/oomkill"

@@ -17,6 +17,8 @@ const (
 	EventCollectionIDType = "event_collection"
 	// KubernetesStateCoreIDType Kubernetes state core check feature.
 	KubernetesStateCoreIDType = "ksm"
+	// LiveProcessIDType Live Process feature.
+	LiveProcessIDType = "live_process"
 	// OrchestratorExplorerIDType Orchestrator Explorer feature.
 	OrchestratorExplorerIDType = "orchestrator_explorer"
 	// LogCollectionIDType Log Collection feature.

@@ -0,0 +1,134 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package liveprocess
+
+import (
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/DataDog/datadog-operator/apis/datadoghq/v1alpha1"
+	"github.com/DataDog/datadog-operator/apis/datadoghq/v2alpha1"
+	apiutils "github.com/DataDog/datadog-operator/apis/utils"
+
+	apicommon "github.com/DataDog/datadog-operator/apis/datadoghq/common"
+	apicommonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1"
+	"github.com/DataDog/datadog-operator/controllers/datadogagent/feature"
+	"github.com/DataDog/datadog-operator/controllers/datadogagent/object/volume"
+)
+
+func init() {
+	err := feature.Register(feature.LiveProcessIDType, buildLiveProcessFeature)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func buildLiveProcessFeature(options *feature.Options) feature.Feature {
+	liveProcessFeat := &liveProcessFeature{}
+
+	return liveProcessFeat
+}
+
+type liveProcessFeature struct {
+	scrubArgs *bool
+	stripArgs *bool
+}
+
+// ID returns the ID of the Feature
+func (f *liveProcessFeature) ID() feature.IDType {
+	return feature.LiveProcessIDType
+}
+
+// Configure is used to configure the feature from a v2alpha1.DatadogAgent instance.
+func (f *liveProcessFeature) Configure(dda *v2alpha1.DatadogAgent) (reqComp feature.RequiredComponents) {
+	if dda.Spec.Features.LiveProcessCollection != nil && apiutils.BoolValue(dda.Spec.Features.LiveProcessCollection.Enabled) {
+		if dda.Spec.Features.LiveProcessCollection.ScrubProcessArguments != nil {
+			f.scrubArgs = apiutils.NewBoolPointer(*dda.Spec.Features.LiveProcessCollection.ScrubProcessArguments)
+		}
+		if dda.Spec.Features.LiveProcessCollection.StripProcessArguments != nil {
+			f.stripArgs = apiutils.NewBoolPointer(*dda.Spec.Features.LiveProcessCollection.StripProcessArguments)
+		}
+		reqComp = feature.RequiredComponents{
+			Agent: feature.RequiredComponent{
+				IsRequired: apiutils.NewBoolPointer(true),
+				Containers: []apicommonv1.AgentContainerName{
+					apicommonv1.CoreAgentContainerName,
+					apicommonv1.ProcessAgentContainerName,
+				},
+			},
+		}
+	}
+
+	return reqComp
+}
+
+// ConfigureV1 use to configure the feature from a v1alpha1.DatadogAgent instance.
+func (f *liveProcessFeature) ConfigureV1(dda *v1alpha1.DatadogAgent) (reqComp feature.RequiredComponents) {
+	if dda.Spec.Agent.Process != nil && *dda.Spec.Agent.Process.ProcessCollectionEnabled {
+		reqComp = feature.RequiredComponents{
+			Agent: feature.RequiredComponent{
+				IsRequired: apiutils.NewBoolPointer(true),
+				Containers: []apicommonv1.AgentContainerName{
+					apicommonv1.CoreAgentContainerName,
+					apicommonv1.ProcessAgentContainerName,
+				},
+			},
+		}
+	}
+
+	return reqComp
+}
+
+// ManageDependencies allows a feature to manage its dependencies.
+// Feature's dependencies should be added in the store.
+func (f *liveProcessFeature) ManageDependencies(managers feature.ResourceManagers, components feature.RequiredComponents) error {
+	return nil
+}
+
+// ManageClusterAgent allows a feature to configure the ClusterAgent's corev1.PodTemplateSpec
+// It should do nothing if the feature doesn't need to configure it.
+func (f *liveProcessFeature) ManageClusterAgent(managers feature.PodTemplateManagers) error {
+	return nil
+}
+
+// ManageNodeAgent allows a feature to configure the Node Agent's corev1.PodTemplateSpec
+// It should do nothing if the feature doesn't need to configure it.
+func (f *liveProcessFeature) ManageNodeAgent(managers feature.PodTemplateManagers) error {
+	// passwd volume mount
+	passwdVol, passwdVolMount := volume.GetVolumes(apicommon.PasswdVolumeName, apicommon.PasswdHostPath, apicommon.PasswdMountPath, true)
+	managers.VolumeMount().AddVolumeMountToContainer(&passwdVolMount, apicommonv1.ProcessAgentContainerName)
+	managers.Volume().AddVolume(&passwdVol)
+
+	enableEnvVar := &corev1.EnvVar{
+		Name:  apicommon.DDProcessAgentEnabled,
+		Value: "true",
+	}
+
+	managers.EnvVar().AddEnvVarToContainer(apicommonv1.ProcessAgentContainerName, enableEnvVar)
+
+	if f.scrubArgs != nil {
+		scrubArgsEnvVar := &corev1.EnvVar{
+			Name:  apicommon.DDProcessAgentScrubArgs,
+			Value: apiutils.BoolToString(f.scrubArgs),
+		}
+		managers.EnvVar().AddEnvVarToContainer(apicommonv1.ProcessAgentContainerName, scrubArgsEnvVar)
+	}
+
+	if f.stripArgs != nil {
+		stripArgsEnvVar := &corev1.EnvVar{
+			Name:  apicommon.DDProcessAgentStripArgs,
+			Value: apiutils.BoolToString(f.stripArgs),
+		}
+		managers.EnvVar().AddEnvVarToContainer(apicommonv1.ProcessAgentContainerName, stripArgsEnvVar)
+	}
+
+	return nil
+}
+
+// ManageClusterChecksRunner allows a feature to configure the ClusterChecksRunner's corev1.PodTemplateSpec
+// It should do nothing if the feature doesn't need to configure it.
+func (f *liveProcessFeature) ManageClusterChecksRunner(managers feature.PodTemplateManagers) error {
+	return nil
+}