fix use of custom configmaps and configdata in overrides and features

apis/datadoghq/common/const.go

@@ -62,6 +62,10 @@ const (
 	DefaultOrchestratorExplorerConf string = "orchestrator-explorer-config"
 	// DefaultSystemProbeSocketPath default System Probe socket path
 	DefaultSystemProbeSocketPath string = "/var/run/sysprobe/sysprobe.sock"
+	// DefaultCSPMConf default CSPM ConfigMap name
+	DefaultCSPMConf string = "cspm-config"
+	// DefaultCWSConf default CWS ConfigMap name
+	DefaultCWSConf string = "cws-config"
 
 	// Liveness probe default config
 	DefaultLivenessProbeInitialDelaySeconds int32 = 15
@@ -163,54 +167,57 @@ const (
 	AgentCustomConfigVolumePath = "/etc/datadog-agent/datadog.yaml"
 	SystemProbeConfigVolumePath = "/etc/datadog-agent/system-probe.yaml"
 
-	LogDatadogVolumeName                         = "logdatadog"
-	LogDatadogVolumePath                         = "/var/log/datadog"
-	TmpVolumeName                                = "tmp"
-	TmpVolumePath                                = "/tmp"
-	CertificatesVolumeName                       = "certificates"
-	CertificatesVolumePath                       = "/etc/datadog-agent/certificates"
-	AuthVolumeName                               = "datadog-agent-auth"
-	AuthVolumePath                               = "/etc/datadog-agent/auth"
-	InstallInfoVolumeName                        = "installinfo"
-	InstallInfoVolumeSubPath                     = "install_info"
-	InstallInfoVolumePath                        = "/etc/datadog-agent/install_info"
-	InstallInfoVolumeReadOnly                    = true
-	PointerVolumeName                            = "pointerdir"
-	PointerVolumePath                            = "/opt/datadog-agent/run"
-	LogTempStoragePath                           = "/var/lib/datadog-agent/logs"
-	PodLogVolumeName                             = "logpodpath"
-	PodLogVolumePath                             = "/var/log/pods"
-	ContainerLogVolumeName                       = "logcontainerpath"
-	ContainerLogVolumePath                       = "/var/lib/docker/containers"
-	SymlinkContainerVolumeName                   = "symlinkcontainerpath"
-	SymlinkContainerVolumePath                   = "/var/log/containers"
-	DogstatsdHostPortName                        = "dogstatsdport"
-	DogstatsdHostPortHostPort                    = 8125
-	DogstatsdSocketVolumeName                    = "dsdsocket"
-	DogstatsdSocketVolumePath                    = "/var/run/datadog/statsd"
-	SecurityAgentRuntimeCustomPoliciesVolumeName = "customruntimepolicies"
-	SecurityAgentRuntimeCustomPoliciesVolumePath = "/etc/datadog-agent-runtime-policies"
-	SecurityAgentRuntimePoliciesDirVolumeName    = "runtimepoliciesdir"
-	SecurityAgentRuntimePoliciesDirVolumePath    = "/etc/datadog-agent/runtime-security.d"
-	HostCriSocketPathPrefix                      = "/host"
-	CriSocketVolumeName                          = "runtimesocketdir"
-	RuntimeDirVolumePath                         = "/var/run"
-	KubeletAgentCAPath                           = "/var/run/host-kubelet-ca.crt"
-	KubeletCAVolumeName                          = "kubelet-ca"
-	APMHostPortName                              = "traceport"
-	APMHostPortHostPort                          = 8126
-	APMSocketVolumeName                          = "apmsocket"
-	APMSocketVolumePath                          = "/var/run/datadog/apm"
-	AdmissionControllerPortName                  = "admissioncontrollerport"
-	OTLPGRPCPortName                             = "otlpgrpcport"
-	OTLPHTTPPortName                             = "otlphttpport"
+	LogDatadogVolumeName                             = "logdatadog"
+	LogDatadogVolumePath                             = "/var/log/datadog"
+	TmpVolumeName                                    = "tmp"
+	TmpVolumePath                                    = "/tmp"
+	CertificatesVolumeName                           = "certificates"
+	CertificatesVolumePath                           = "/etc/datadog-agent/certificates"
+	AuthVolumeName                                   = "datadog-agent-auth"
+	AuthVolumePath                                   = "/etc/datadog-agent/auth"
+	InstallInfoVolumeName                            = "installinfo"
+	InstallInfoVolumeSubPath                         = "install_info"
+	InstallInfoVolumePath                            = "/etc/datadog-agent/install_info"
+	InstallInfoVolumeReadOnly                        = true
+	PointerVolumeName                                = "pointerdir"
+	PointerVolumePath                                = "/opt/datadog-agent/run"
+	LogTempStoragePath                               = "/var/lib/datadog-agent/logs"
+	PodLogVolumeName                                 = "logpodpath"
+	PodLogVolumePath                                 = "/var/log/pods"
+	ContainerLogVolumeName                           = "logcontainerpath"
+	ContainerLogVolumePath                           = "/var/lib/docker/containers"
+	SymlinkContainerVolumeName                       = "symlinkcontainerpath"
+	SymlinkContainerVolumePath                       = "/var/log/containers"
+	DogstatsdHostPortName                            = "dogstatsdport"
+	DogstatsdHostPortHostPort                        = 8125
+	DogstatsdSocketVolumeName                        = "dsdsocket"
+	DogstatsdSocketVolumePath                        = "/var/run/datadog/statsd"
+	SecurityAgentComplianceCustomConfigDirVolumeName = "customcompliancebenchmarks"
+	SecurityAgentComplianceConfigDirVolumeName       = "compliancedir"
+	SecurityAgentComplianceConfigDirVolumePath       = "/etc/datadog-agent/compliance.d"
+	SecurityAgentRuntimeCustomPoliciesVolumeName     = "customruntimepolicies"
+	SecurityAgentRuntimeCustomPoliciesVolumePath     = "/etc/datadog-agent-runtime-policies"
+	SecurityAgentRuntimePoliciesDirVolumeName        = "runtimepoliciesdir"
+	SecurityAgentRuntimePoliciesDirVolumePath        = "/etc/datadog-agent/runtime-security.d"
+	HostCriSocketPathPrefix                          = "/host"
+	CriSocketVolumeName                              = "runtimesocketdir"
+	RuntimeDirVolumePath                             = "/var/run"
+	KubeletAgentCAPath                               = "/var/run/host-kubelet-ca.crt"
+	KubeletCAVolumeName                              = "kubelet-ca"
+	APMHostPortName                                  = "traceport"
+	APMHostPortHostPort                              = 8126
+	APMSocketVolumeName                              = "apmsocket"
+	APMSocketVolumePath                              = "/var/run/datadog/apm"
+	AdmissionControllerPortName                      = "admissioncontrollerport"
+	OTLPGRPCPortName                                 = "otlpgrpcport"
+	OTLPHTTPPortName                                 = "otlphttpport"
 
 	AppArmorAnnotationKey = "container.apparmor.security.beta.kubernetes.io"
 
 	AgentCustomConfigVolumeName    = "custom-datadog-yaml"
 	AgentCustomConfigVolumeSubPath = "datadog.yaml"
 
-	ClusterAgentCustomConfigVolumeName    = "custom-datadog-yaml"
+	ClusterAgentCustomConfigVolumeName    = "custom-cluster-agent-yaml"
 	ClusterAgentCustomConfigVolumePath    = "/etc/datadog-agent/datadog-cluster.yaml"
 	ClusterAgentCustomConfigVolumeSubPath = "datadog-cluster.yaml"
 )

apis/datadoghq/common/v1/types.go

@@ -68,6 +68,9 @@ type KubeletConfig struct {
 type AgentContainerName string
 
 const (
+	// InitVolumeContainerName is the name of the Init Volume init container
+	InitVolumeContainerName AgentContainerName = "init-volume"
+
 	// CoreAgentContainerName is the name of the Core Agent container
 	CoreAgentContainerName AgentContainerName = "agent"
 	// TraceAgentContainerName is the name of the Trace Agent container

apis/datadoghq/v1alpha1/const.go

@@ -51,13 +51,6 @@ const (
 	SystemProbeUsrSrcVolumePath          = "/usr/src"
 	OrchestratorExplorerConfigVolumeName = "orchestrator-explorer-config"
 
-	SecurityAgentRuntimeCustomPoliciesVolumeName     = "customruntimepolicies"
-	SecurityAgentRuntimePoliciesDirVolumeName        = "runtimepoliciesdir"
-	SecurityAgentRuntimePoliciesDirVolumePath        = "/etc/datadog-agent/runtime-security.d"
-	SecurityAgentComplianceCustomConfigDirVolumeName = "customcompliancebenchmarks"
-	SecurityAgentComplianceConfigDirVolumeName       = "compliancedir"
-	SecurityAgentComplianceConfigDirVolumePath       = "/etc/datadog-agent/compliance.d"
-
 	SysteProbeAppArmorAnnotationKey   = "container.apparmor.security.beta.kubernetes.io/system-probe"
 	SysteProbeSeccompAnnotationKey    = "container.seccomp.security.alpha.kubernetes.io/system-probe"
 	SystemProbeOSReleaseDirVolumeName = "host-osrelease"

apis/datadoghq/v1alpha1/datadogagent_conversion.go

@@ -203,6 +203,20 @@ func ConvertConfigDirSpec(src *ConfigDirSpec) *v2alpha1.MultiCustomConfig {
 	}
 }
 
+// ConvertConfigDirSpecToCustomConfig converts v1alpha1.ConfigDirSpec to v2alpha1.CustomConfig
+func ConvertConfigDirSpecToCustomConfig(src *ConfigDirSpec) *commonv1.CustomConfig {
+	if src == nil {
+		return nil
+	}
+
+	return &commonv1.CustomConfig{
+		ConfigMap: &commonv1.ConfigMapConfig{
+			Name:  src.ConfigMapName,
+			Items: src.Items,
+		},
+	}
+}
+
 // Accessors
 func getV2GlobalConfig(dst *v2alpha1.DatadogAgent) *v2alpha1.GlobalConfig {
 	if dst.Spec.Global == nil {

apis/datadoghq/v1alpha1/datadogagent_conversion_agent.go

@@ -416,9 +416,11 @@ func convertSecurityAgentSpec(src *SecuritySpec, dst *v2alpha1.DatadogAgent) {
 	features.CSPM.Enabled = src.Compliance.Enabled
 	features.CSPM.CheckInterval = src.Compliance.CheckInterval
 	if features.CSPM.CustomBenchmarks != nil {
-		features.CSPM.CustomBenchmarks = &commonv1.ConfigMapConfig{
-			Name:  src.Compliance.ConfigDir.ConfigMapName,
-			Items: src.Compliance.ConfigDir.Items,
+		features.CSPM.CustomBenchmarks = &v2alpha1.CustomConfig{
+			ConfigMap: &commonv1.ConfigMapConfig{
+				Name:  src.Compliance.ConfigDir.ConfigMapName,
+				Items: src.Compliance.ConfigDir.Items,
+			},
 		}
 	}
 
@@ -427,9 +429,11 @@ func convertSecurityAgentSpec(src *SecuritySpec, dst *v2alpha1.DatadogAgent) {
 		features.CWS.SyscallMonitorEnabled = src.Runtime.SyscallMonitor.Enabled
 	}
 	if features.CWS.CustomPolicies != nil {
-		features.CWS.CustomPolicies = &commonv1.ConfigMapConfig{
-			Name:  src.Runtime.PoliciesDir.ConfigMapName,
-			Items: src.Runtime.PoliciesDir.Items,
+		features.CWS.CustomPolicies = &v2alpha1.CustomConfig{
+			ConfigMap: &commonv1.ConfigMapConfig{
+				Name:  src.Runtime.PoliciesDir.ConfigMapName,
+				Items: src.Runtime.PoliciesDir.Items,
+			},
 		}
 	}
 

apis/datadoghq/v2alpha1/datadogagent_types.go

@@ -221,11 +221,11 @@ type CSPMFeatureConfig struct {
 	// +optional
 	CheckInterval *metav1.Duration `json:"checkInterval,omitempty"`
 
-	// ConfigMap contains CSPM benchmarks.
+	// CustomBenchmarks contains CSPM benchmarks.
 	// The content of the ConfigMap will be merged with the benchmarks bundled with the agent.
 	// Any benchmarks with the same name as those existing in the agent will take precedence.
 	// +optional
-	CustomBenchmarks *commonv1.ConfigMapConfig `json:"customBenchmarks,omitempty"`
+	CustomBenchmarks *CustomConfig `json:"customBenchmarks,omitempty"`
 }
 
 // CWSFeatureConfig contains CWS (Cloud Workload Security) configuration.
@@ -241,11 +241,11 @@ type CWSFeatureConfig struct {
 	// +optional
 	SyscallMonitorEnabled *bool `json:"syscallMonitorEnabled,omitempty"`
 
-	// ConfigMap contains security policies.
+	// CustomPolicies contains security policies.
 	// The content of the ConfigMap will be merged with the policies bundled with the agent.
 	// Any policies with the same name as those existing in the agent will take precedence.
 	// +optional
-	CustomPolicies *commonv1.ConfigMapConfig `json:"customPolicies,omitempty"`
+	CustomPolicies *CustomConfig `json:"customPolicies,omitempty"`
 }
 
 // NPMFeatureConfig contains NPM (Network Performance Monitoring) feature configuration.