DataDog · celenechang · Aug 2, 2022 · May 7, 2022 · Jul 15, 2022 · Jul 16, 2022
@@ -74,6 +74,7 @@ const (
 	DDPodLabelsAsTags                            = "DD_KUBERNETES_POD_LABELS_AS_TAGS"
 	DDPPMReceiverSocket                          = "DD_APM_RECEIVER_SOCKET"
 	DDProcessAgentEnabled                        = "DD_PROCESS_AGENT_ENABLED"
+	DDProcessAgentScrubArgs                      = "DD_STRIP_PROCESS_ARGS"
 	DDPrometheusScrapeChecks                     = "DD_PROMETHEUS_SCRAPE_CHECKS"
 	DDPrometheusScrapeEnabled                    = "DD_PROMETHEUS_SCRAPE_ENABLED"
 	DDPrometheusScrapeServiceEndpoints           = "DD_PROMETHEUS_SCRAPE_SERVICE_ENDPOINTS"

diff --git a/apis/datadoghq/v2alpha1/datadogagent_default.go b/apis/datadoghq/v2alpha1/datadogagent_default.go
@@ -24,7 +24,8 @@ const (
 	defaultLogTempStoragePath            string = "/var/lib/datadog-agent/logs"
 
 	// defaultLiveProcessCollectionEnabled   bool = false
-	defaultLiveContainerCollectionEnabled bool = true
+	defaultLiveProcessCollectionScrubArguments bool = true
+	defaultLiveContainerCollectionEnabled      bool = true
 
 	// defaultOOMKillEnabled        bool = false
 	// defaultTCPQueueLengthEnabled bool = false
@@ -119,6 +120,11 @@ func defaultFeaturesConfig(ddaSpec *DatadogAgentSpec) {
 		apiutils.DefaultStringIfUnset(&ddaSpec.Features.LogCollection.TempStoragePath, defaultLogTempStoragePath)
 	}
 
+	// LiveProcessCollection Feature
+	if ddaSpec.Features.LiveProcessCollection != nil && *ddaSpec.Features.LiveProcessCollection.Enabled {
+		apiutils.DefaultBooleanIfUnset(&ddaSpec.Features.LiveProcessCollection.ScrubProcessArguments, defaultLiveProcessCollectionScrubArguments)
+	}
+
 	// LiveContainerCollection Feature
 	if ddaSpec.Features.LiveContainerCollection == nil {
 		ddaSpec.Features.LiveContainerCollection = &LiveContainerCollectionFeatureConfig{

@@ -227,6 +227,51 @@ func Test_defaultFeatures(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "liveProcess is enabled",
+			ddaSpec: &DatadogAgentSpec{
+				Features: &DatadogFeatures{
+					LiveProcessCollection: &LiveProcessCollectionFeatureConfig{
+						Enabled: apiutils.NewBoolPointer(valueTrue),
+					},
+				},
+			},
+			want: &DatadogAgentSpec{
+				Features: &DatadogFeatures{
+					LiveProcessCollection: &LiveProcessCollectionFeatureConfig{
+						Enabled:               apiutils.NewBoolPointer(valueTrue),
+						ScrubProcessArguments: apiutils.NewBoolPointer(valueTrue),
+					},
+					LiveContainerCollection: &LiveContainerCollectionFeatureConfig{
+						Enabled: apiutils.NewBoolPointer(defaultLiveContainerCollectionEnabled),
+					},
+					Dogstatsd: &DogstatsdFeatureConfig{
+						OriginDetectionEnabled: apiutils.NewBoolPointer(defaultDogstatsdOriginDetectionEnabled),
+						HostPortConfig:         &HostPortConfig{Enabled: apiutils.NewBoolPointer(defaultDogstatsdHostPortEnabled)},
+						UnixDomainSocketConfig: &UnixDomainSocketConfig{
+							Enabled: apiutils.NewBoolPointer(defaultDogstatsdSocketEnabled),
+							Path:    apiutils.NewStringPointer(defaultDogstatsdSocketPath),
+						},
+					},
+					EventCollection: &EventCollectionFeatureConfig{
+						CollectKubernetesEvents: apiutils.NewBoolPointer(defaultCollectKubernetesEvents),
+					},
+					OrchestratorExplorer: &OrchestratorExplorerFeatureConfig{
+						Enabled: apiutils.NewBoolPointer(defaultOrchestratorExplorerEnabled),
+						Conf: &CustomConfig{
+							ConfigData: apiutils.NewStringPointer(DefaultOrchestratorExplorerConf),
+						},
+					},
+					KubeStateMetricsCore: &KubeStateMetricsCoreFeatureConfig{
+						Enabled: apiutils.NewBoolPointer(defaultKubeStateMetricsCoreEnabled),
+					},
+					ClusterChecks: &ClusterChecksFeatureConfig{
+						Enabled:                 apiutils.NewBoolPointer(defaultClusterChecksEnabled),
+						UseClusterChecksRunners: apiutils.NewBoolPointer(defaultUseClusterChecksRunners),
+					},
+				},
+			},
+		},
 		{
 			name: "logCollection is enabled",
 			ddaSpec: &DatadogAgentSpec{

@@ -170,6 +170,11 @@ type LiveProcessCollectionFeatureConfig struct {
 	// Default: false
 	// +optional
 	Enabled *bool `json:"enabled,omitempty"`
+
+	// ScrubProcessArguments enables scrubbing of sensitive data (passwords, tokens, etc. ).
+	// Default: true
+	// +optional
+	ScrubProcessArguments *bool `json:"scrubProcessArguments,omitempty"`
 }
 
 // LiveContainerCollectionFeatureConfig contains Container Collection configuration.

@@ -13142,6 +13142,10 @@ spec:
                         description: 'Enabled enables Process monitoring. Default:
                           false'
                         type: boolean
+                      scrubProcessArguments:
+                        description: 'ScrubProcessArguments enables scrubbing of sensitive
+                          data (passwords, tokens, etc. ). Default: true'
+                        type: boolean
                     type: object
                   logCollection:
                     description: LogCollection configuration.

@@ -26030,6 +26030,10 @@ spec:
                         description: 'Enabled enables Process monitoring. Default:
                           false'
                         type: boolean
+                      scrubProcessArguments:
+                        description: 'ScrubProcessArguments enables scrubbing of sensitive
+                          data (passwords, tokens, etc. ). Default: true'
+                        type: boolean
                     type: object
                   logCollection:
                     description: LogCollection configuration.

@@ -38,6 +38,7 @@ import (
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/enabledefault"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/eventcollection"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/kubernetesstatecore"
+	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/liveprocess"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/logcollection"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/npm"
 	_ "github.com/DataDog/datadog-operator/controllers/datadogagent/feature/oom_kill"

@@ -19,6 +19,8 @@ const (
 	KubernetesStateCoreIDType
 	// OrchestratorExplorerIDType Orchestrator Explorer feature.
 	OrchestratorExplorerIDType
+	// LiveProcessIDType Live Process feature.
+	LiveProcessIDType
 	// LogCollectionIDType Log Collection feature.
 	LogCollectionIDType
 	// NPMIDType NPM feature.

@@ -0,0 +1,118 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package liveprocess
+
+import (
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/DataDog/datadog-operator/apis/datadoghq/v1alpha1"
+	"github.com/DataDog/datadog-operator/apis/datadoghq/v2alpha1"
+	apiutils "github.com/DataDog/datadog-operator/apis/utils"
+
+	apicommon "github.com/DataDog/datadog-operator/apis/datadoghq/common"
+	apicommonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1"
+	"github.com/DataDog/datadog-operator/controllers/datadogagent/feature"
+	"github.com/DataDog/datadog-operator/controllers/datadogagent/object/volume"
+)
+
+func init() {
+	err := feature.Register(feature.LiveProcessIDType, buildLiveProcessFeature)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func buildLiveProcessFeature(options *feature.Options) feature.Feature {
+	liveProcessFeat := &liveProcessFeature{}
+
+	return liveProcessFeat
+}
+
+type liveProcessFeature struct {
+	enable    bool
+	scrubArgs bool
+}
+
+// Configure is used to configure the feature from a v2alpha1.DatadogAgent instance.
+func (f *liveProcessFeature) Configure(dda *v2alpha1.DatadogAgent) (reqComp feature.RequiredComponents) {
+	if dda.Spec.Features.LiveProcessCollection != nil && apiutils.BoolValue(dda.Spec.Features.LiveProcessCollection.Enabled) {
+		f.enable = true
+		f.scrubArgs = apiutils.BoolValue(dda.Spec.Features.LiveProcessCollection.ScrubProcessArguments)
+		reqComp = feature.RequiredComponents{
+			Agent: feature.RequiredComponent{
+				IsRequired: apiutils.NewBoolPointer(true),
+				Containers: []apicommonv1.AgentContainerName{
+					apicommonv1.ProcessAgentContainerName,
+				},
+			},
+		}
+	}
+
+	return reqComp
+}
+
+// ConfigureV1 use to configure the feature from a v1alpha1.DatadogAgent instance.
+func (f *liveProcessFeature) ConfigureV1(dda *v1alpha1.DatadogAgent) (reqComp feature.RequiredComponents) {
+	if dda.Spec.Agent.Process != nil && *dda.Spec.Agent.Process.ProcessCollectionEnabled {
+		f.enable = true
+		reqComp = feature.RequiredComponents{
+			Agent: feature.RequiredComponent{
+				IsRequired: apiutils.NewBoolPointer(true),
+				Containers: []apicommonv1.AgentContainerName{
+					apicommonv1.CoreAgentContainerName,
+					apicommonv1.ProcessAgentContainerName,
+				},
+			},
+		}
+	}
+
+	return reqComp
+}
+
+// ManageDependencies allows a feature to manage its dependencies.
+// Feature's dependencies should be added in the store.
+func (f *liveProcessFeature) ManageDependencies(managers feature.ResourceManagers, components feature.RequiredComponents) error {
+	return nil
+}
+
+// ManageClusterAgent allows a feature to configure the ClusterAgent's corev1.PodTemplateSpec
+// It should do nothing if the feature doesn't need to configure it.
+func (f *liveProcessFeature) ManageClusterAgent(managers feature.PodTemplateManagers) error {
+	return nil
+}
+
+// ManageNodeAgent allows a feature to configure the Node Agent's corev1.PodTemplateSpec
+// It should do nothing if the feature doesn't need to configure it.
+func (f *liveProcessFeature) ManageNodeAgent(managers feature.PodTemplateManagers) error {
+	// passwd volume mount
+	passwdVol, passwdVolMount := volume.GetVolumes(apicommon.PasswdVolumeName, apicommon.PasswdHostPath, apicommon.PasswdMountPath, true)
+	managers.VolumeMount().AddVolumeMountToContainer(&passwdVolMount, apicommonv1.ProcessAgentContainerName)
+	managers.Volume().AddVolume(&passwdVol)
+
+	enableEnvVar := &corev1.EnvVar{
+		Name:  apicommon.DDProcessAgentEnabled,
+		Value: "true",
+	}
+
+	managers.EnvVar().AddEnvVarToContainer(apicommonv1.CoreAgentContainerName, enableEnvVar)
+	managers.EnvVar().AddEnvVarToContainer(apicommonv1.ProcessAgentContainerName, enableEnvVar)
+
+	if f.scrubArgs {
+		scrubArgsEnvVar := &corev1.EnvVar{
+			Name:  apicommon.DDProcessAgentScrubArgs,
+			Value: apiutils.BoolToString(&f.scrubArgs),
+		}
+		managers.EnvVar().AddEnvVarToContainer(apicommonv1.ProcessAgentContainerName, scrubArgsEnvVar)
+	}
+
+	return nil
+}
+
+// ManageClusterChecksRunner allows a feature to configure the ClusterChecksRunner's corev1.PodTemplateSpec
+// It should do nothing if the feature doesn't need to configure it.
+func (f *liveProcessFeature) ManageClusterChecksRunner(managers feature.PodTemplateManagers) error {
+	return nil
+}