Add Datadog Agent Profiles (#1083)

* Add profiles base (#966)

* Add profiles base

* Fix ci + apply renames in crd

* Add profile sample manifest (#974)

* First version to support Agent profiles (#976)

* [override/daemonset] Apply only if it's not empty

* [config/rbac/role] Add profiles

* Add basic version of profiles manager

* [controllers/datadogagent] Create DaemonSets according to profiles

* [override/container] Don't override resource if not specified

* [agentprofile] Add support for overrides in all node agent containers

* [agentprofile] Take into account namespace when setting DS name

* [profiles] Add label to DaemonSets (#1000)

* [profiles] Add integration tests (#992)

* [datadogagent_controller_v2_test] Make create/delete funcs more generic

* Add integration tests for agent profiles

* [profiles] Handle conflicts between profiles (#999)

* Profile manifest validation (#973)

* Add profile validation

* At least one container resource must be defined

* Remove redundant assert and update boilerplate text

* [profiles] Create default profile with a node anti affinity (#1002)

* [profiles] Add support for profiles with multiple affinity requirements

* [profiles] Cleanup integration tests

* [datadogagent/finalizer] Delete profile labels

Also fixes the finalizer handle so that it no longer ignores errors.

* [override/podtemplatespec] Merge affinities (#1004)

* [profiles] Add pod-antiaffinity to agent pods (#1003)

This avoids scheduling multiple agent pods of different profiles on the same
node during rollouts.

* Validate dap (#1028)

* [profiles] Add support for EDS (#1032)

* Add node informer and Node store (#1025)

* add node informer

* add nodestore tests and update existing profiles tests

* refactor profile store

* update tests

* update func name

* cleanup

* apply review suggestions

* apply review suggestions

* tests need fixing

* Simplify nodestore

* Review suggestions

---------

Co-authored-by: khewonc <[email protected]>

* [profiles] Fix Watches call for Profiles (#1043)

* [profiles] Fix container resources override with 0 (#1054)

* Bump k8s dependencies to 0.24.x (#1064)

* Bump k8s dependencies

These should have been updated when operator-sdk was updated to 1.23.0 according to the docs:
https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.23.0/

* Run "make manifests"

* Update licenses

* [profiles] Reduce mem usage in pods cleanup (#1065)

* [profiles] Replace custom node cache with k8s client one (#1070)

* [profiles] Replace custom node cache with k8s client one

* [profiles/test] Use random node names to avoid conflicts between tests

* [profiles/test] Use Eventually() when checking node labels

* [profiles/test] Comment node labels part for now

* Change node labels to use dap ns-name format (#1071)

* [profiles] Merge main and fix issues from test (#1078)

* [defaulting/images] Set default version of agent and cluster agent to `7.49.0` (#968)

* Allow enabling SBOM collection for host and container images (#836)

* Allow enabling SBOM collection for host and container images

* small fixes and add test

* actually add test

* address comments

---------

Co-authored-by: Celene <[email protected]>

* Bump go-grpc to 1.56.3 (#970)

* Remove SecurityContextConstraints parameter and references (#977)

* remove references to scc creation

* rm commented tests

* rm unused functions

* Add GCR EU and Asia registries with auto defaulting (#978)

* update examples for v2 datadogagent (#980)

* Update default Agent/DCA version to 7.49.1 (#984)

7.49.1 has just been released. it would be great to have it in Operator 1.3.0

* Enable by default container-image collection (#983)

We want to enabled container-image collection by default. it will
be the case from agent 7.50.0. But in Operator 1.3.0, the Agent is
defaulted to 7.49.0 since 7.50.0 is not yet released.

This commit set the envvar DD_CONTAINER_IMAGE_ENABLED=true by default
in the NodeAgent's "agent" container.

* [Docs] OpenShift docs update (#991)

* OpenShift docs update
* Resize and crop image

* Update integrations_autodiscovery.md (#985)

* Update integrations_autodiscovery.md

Noticed a mismatched https://a.cl.ly/qGuYnRqn

* Update integrations_autodiscovery.md

Updated the configuration to match the graph title "Use the spec.override.nodeAgent.extraConfd.configDataMap" -> "Use the spec.override.clusterAgent.extraConfd.configDataMap"
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
  name: datadog
spec:
 global:
   credentials:
     apiKey: "<DATADOG_API_KEY>"
     appKey: "<DATADOG_APP_KEY>"
 override:
  nodeAgent:
    extraConfd:
      configDataMap:
        http_check.yaml: |-
          init_config:
          instances:
            - url: "http://%%host%%"
              name: "My service"

* update patch-bundle script to include spec.replaces field in bundle (#990)

* Support `CanaryAutoPauseMaxSlowStartDuration` option (#997)

* Add support for max slow start duration config param

* Update max slow start arg name to include auto pause

* fixup! Update max slow start arg name to include auto pause

* update datadog-api-client-go (#986)

* update datadog-api-client-go

* update license

* add dependabot.yaml file (#989)

* Update boilerplate text (#1005)

* Enabling APM by default (#1006)

* feat: add NotificationPresetName to monitor options (#1001)

* feat: add NotificationPresetName to monitor options

In datadog, we have the possibility to toggle the "Content display in notification" for every monitor. This PR enables this.

More info in https://docs.datadoghq.com/monitors/notify/#toggle-additional-content

* pr review

Co-authored-by: Celene <[email protected]>

* Update datadogmonitor_types.go

Co-authored-by: Celene <[email protected]>

* Update datadogmonitor_types.go

Co-authored-by: Celene <[email protected]>

* Update datadogmonitor_types.go

Co-authored-by: Celene <[email protected]>

* update generated files

---------

Co-authored-by: Celene <[email protected]>

* [APMON-406] Set Datadog namespace env variable on Cluster Agent (#1012)

* [APMON-406] Set env variable for the Datadog resources namespace

* DCA namespace resources env var added for V2

---------

Co-authored-by: julia-elsammak <[email protected]>
Co-authored-by: Julia-elsammak <[email protected]>

* Add `createdAd`, `support` fields to bundle CSV file (#1018)

* Add createAd, support fields to bundle CSV file

* Update hack/patch-bundle.sh

Co-authored-by: Celene <[email protected]>

* Update hack/patch-bundle.sh

Co-authored-by: Celene <[email protected]>

---------

Co-authored-by: Celene <[email protected]>

* update feature default values and tests (#1015)

* Provide default probe handler httpGet values if not configured in override (#998)

* Provide default readinessProbe.httpGet if not configured

* apply review suggestions

* Update bundles to match 1.3.0 release (#1019)

* Fix patch_bundle.sh `spec.replaces` formatting (#1026)

* [defaulting/images] Update agents to 7.50.1 (#1029)

* ContainerProcessStrategy, allow running non-privileged agents in one container (#921)

* Add mono-container config to CRD

* mono-container support implementation

* livecontainer feature unit test and factory fix

* cluster checks feature test; change in CC feature

* ksm feature test; change in the feature

* APM feature test

* OTLP feature test; feature change

* add ManageMonoContainerNodeAgent to ebpfcheck feature

* add ManageMonoContainerNodeAgent to process discovery feature

* Basic global_test.go test, minor refactor

* feature factory test

* Refactor tests to reduce direct use of mono-container CRD

* Change CRD and container name

* Rename ManageMonoContainerNodeAgent -> ManageMultiProcessNodeAgent

* Updates after merge; doc update

* refactor around ApplyGlobalSettings

* drop 'mono' from naming, comments

* Update tests with trace agent enabled by default now

* Update apis/datadoghq/v2alpha1/datadogagent_types.go

Co-authored-by: Celene <[email protected]>

* Update apis/datadoghq/v2alpha1/datadogagent_types.go

Co-authored-by: Celene <[email protected]>

* Update apis/datadoghq/v2alpha1/datadogagent_types.go

Co-authored-by: Celene <[email protected]>

* Update apis/datadoghq/v2alpha1/datadogagent_types.go

Co-authored-by: Celene <[email protected]>

* Update controllers/datadogagent/feature/admissioncontroller/feature.go

Co-authored-by: Celene <[email protected]>

* Update controllers/datadogagent/feature/factory.go

Co-authored-by: Celene <[email protected]>

* updates on PR feedback

* updates on PR feedback

* Update apis/datadoghq/v2alpha1/test/builder.go

Co-authored-by: Celene <[email protected]>

* rename UsesMultiProcessContainer

* Update apis/datadoghq/v2alpha1/datadogagent_types.go

Co-authored-by: Charly Fontaine <[email protected]>

* PR feedback updates

---------

Co-authored-by: Celene <[email protected]>
Co-authored-by: Charly Fontaine <[email protected]>

* [defaulting/images] Update agents to 7.50.2 (#1033)

* [Onboarding telemetry] Set install id, install time and install type env variables (#1034)

* [Onboarding telemetry] Set install id, install time and install type env variables

* Add APM prefix to env variables

* [CECO-570] Add operator introspection (#817)

* Add operator introspection

* [defaulting/images] Update agents to 7.50.3 (#1038)

* [gitlab] Add nightly operator and operator_check jobs (#1039)

* add gitlab job to release nightly image

* update non-privileged to unprivileged (#1040)

* Change gcp to gke (#1046)

* Mount host files for proper os detection in SBOMs (#1044)

* [gitlab] auto push nightly image (#1048)

* [introspection] Fix override name combining (#1049)

* Fix override name combining

* Add a test for the change

---------

Co-authored-by: Levan Machablishvili <[email protected]>

* [override/podtemplatespec] Merge affinities (#1004) (#1052)

Co-authored-by: David Ortiz <[email protected]>

* [gitlab] update runners for build jobs (#1056)

* test image build jobs

* rename docker-push-ci

* test fix (#1057)

* update monocontainer config (#1059)

* update monocontainer config

* Update docs/configuration.v2alpha1.md

Co-authored-by: May Lee <[email protected]>

* fix generated file

* fix missed var names

---------

Co-authored-by: May Lee <[email protected]>

* Correct a malformed example command in installation.md (#1066)

Fix installation document

* Fix errors for tests and allow both introspection and profiles to run

---------

Co-authored-by: Jennifer Chen <[email protected]>
Co-authored-by: Sylvain Baubeau <[email protected]>
Co-authored-by: Celene <[email protected]>
Co-authored-by: Charly Fontaine <[email protected]>
Co-authored-by: Vincent Boulineau <[email protected]>
Co-authored-by: Cedric Lamoriniere <[email protected]>
Co-authored-by: tbavelier <[email protected]>
Co-authored-by: Julia-elsammak <[email protected]>
Co-authored-by: bakayolo <[email protected]>
Co-authored-by: Liliya Belaus <[email protected]>
Co-authored-by: julia-elsammak <[email protected]>
Co-authored-by: levan-m <[email protected]>
Co-authored-by: Fanny Jiang <[email protected]>
Co-authored-by: David Ortiz <[email protected]>
Co-authored-by: Levan Machablishvili <[email protected]>
Co-authored-by: May Lee <[email protected]>
Co-authored-by: David Goffredo <[email protected]>

---------

Co-authored-by: khewonc <[email protected]>
Co-authored-by: Fanny Jiang <[email protected]>
Co-authored-by: Jennifer Chen <[email protected]>
Co-authored-by: Sylvain Baubeau <[email protected]>
Co-authored-by: Celene <[email protected]>
Co-authored-by: Charly Fontaine <[email protected]>
Co-authored-by: Vincent Boulineau <[email protected]>
Co-authored-by: Cedric Lamoriniere <[email protected]>
Co-authored-by: tbavelier <[email protected]>
Co-authored-by: Julia-elsammak <[email protected]>
Co-authored-by: bakayolo <[email protected]>
Co-authored-by: Liliya Belaus <[email protected]>
Co-authored-by: julia-elsammak <[email protected]>
Co-authored-by: levan-m <[email protected]>
Co-authored-by: Levan Machablishvili <[email protected]>
Co-authored-by: May Lee <[email protected]>
Co-authored-by: David Goffredo <[email protected]>

LICENSE-3rdparty.csv

@@ -27,18 +27,19 @@ core,github.com/gobwas/glob,MIT
 core,github.com/gogo/protobuf,BSD-3-Clause
 core,github.com/golang/groupcache/lru,Apache-2.0
 core,github.com/golang/protobuf,BSD-3-Clause
+core,github.com/google/gnostic,Apache-2.0
 core,github.com/google/go-cmp/cmp,BSD-3-Clause
 core,github.com/google/gofuzz,Apache-2.0
 core,github.com/google/pprof/profile,Apache-2.0
 core,github.com/google/uuid,BSD-3-Clause
-core,github.com/googleapis/gnostic,Apache-2.0
 core,github.com/imdario/mergo,BSD-3-Clause
 core,github.com/josharian/intern,MIT
 core,github.com/json-iterator/go,MIT
 core,github.com/mailru/easyjson,MIT
 core,github.com/matttproud/golang_protobuf_extensions/pbutil,Apache-2.0
 core,github.com/modern-go/concurrent,Apache-2.0
 core,github.com/modern-go/reflect2,Apache-2.0
+core,github.com/munnerz/goautoneg,BSD-3-Clause
 core,github.com/pkg/errors,BSD-2-Clause
 core,github.com/pmezard/go-difflib/difflib,BSD-3-Clause
 core,github.com/prometheus/client_golang/prometheus,Apache-2.0

PROJECT

@@ -43,4 +43,13 @@ resources:
   webhooks:
     conversion: true
     webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: com
+  group: datadoghq
+  kind: DatadogAgentProfile
+  path: github.com/DataDog/datadog-operator/apis/datadoghq/v1alpha1
+  version: v1alpha1
 version: "3"

apis/datadoghq/v1alpha1/datadogagentprofile_types.go

@@ -0,0 +1,74 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package v1alpha1
+
+import (
+	commonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type ComponentName string
+
+const (
+	// NodeAgentComponentName is the name of the Datadog Node Agent
+	NodeAgentComponentName ComponentName = "nodeAgent"
+)
+
+// DatadogAgentProfileSpec defines the desired state of DatadogAgentProfile
+type DatadogAgentProfileSpec struct {
+	ProfileAffinity *ProfileAffinity `json:"profileAffinity,omitempty"`
+	Config          *Config          `json:"config,omitempty"`
+}
+
+type ProfileAffinity struct {
+	ProfileNodeAffinity []corev1.NodeSelectorRequirement `json:"profileNodeAffinity,omitempty"`
+}
+
+type Config struct {
+	Override map[ComponentName]*Override `json:"override,omitempty"`
+}
+
+type Override struct {
+	Containers map[commonv1.AgentContainerName]*Container `json:"containers,omitempty"`
+}
+
+type Container struct {
+	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
+}
+
+// DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile
+type DatadogAgentProfileStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:resource:path=datadogagentprofiles,shortName=dap
+
+// DatadogAgentProfile is the Schema for the datadogagentprofiles API
+type DatadogAgentProfile struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   DatadogAgentProfileSpec   `json:"spec,omitempty"`
+	Status DatadogAgentProfileStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// DatadogAgentProfileList contains a list of DatadogAgentProfile
+type DatadogAgentProfileList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []DatadogAgentProfile `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&DatadogAgentProfile{}, &DatadogAgentProfileList{})
+}

apis/datadoghq/v1alpha1/datadogagentprofile_validation.go

@@ -0,0 +1,49 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package v1alpha1
+
+import (
+	"fmt"
+)
+
+// ValidateDatadogAgentProfileSpec is used to check if a DatadogAgentProfileSpec is valid
+func ValidateDatadogAgentProfileSpec(spec *DatadogAgentProfileSpec) error {
+	// check that profileAffinity contains a set of requirements
+	if spec.ProfileAffinity == nil {
+		return fmt.Errorf("profileAffinity must be defined")
+	}
+	if spec.ProfileAffinity.ProfileNodeAffinity == nil {
+		return fmt.Errorf("profileNodeAffinity must be defined")
+	}
+	if len(spec.ProfileAffinity.ProfileNodeAffinity) < 1 {
+		return fmt.Errorf("profileNodeAffinity must have at least 1 requirement")
+	}
+
+	// validate config
+	if spec.Config == nil {
+		return fmt.Errorf("config must be defined")
+	}
+	if spec.Config.Override == nil {
+		return fmt.Errorf("config override must be defined")
+	}
+	if spec.Config.Override[NodeAgentComponentName] == nil {
+		return fmt.Errorf("node agent override must be defined")
+	}
+	if spec.Config.Override[NodeAgentComponentName].Containers == nil {
+		return fmt.Errorf("node agent container must be defined")
+	}
+	containsAtLeastOneContainerResourceOverride := false
+	for _, container := range spec.Config.Override[NodeAgentComponentName].Containers {
+		if container.Resources != nil {
+			containsAtLeastOneContainerResourceOverride = true
+		}
+	}
+	if !containsAtLeastOneContainerResourceOverride {
+		return fmt.Errorf("at least one container resource must be defined")
+	}
+
+	return nil
+}

apis/datadoghq/v1alpha1/datadogagentprofile_validation_test.go

@@ -0,0 +1,220 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+package v1alpha1
+
+import (
+	"testing"
+
+	commonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1"
+
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+)
+
+func TestIsValidDatadogAgentProfile(t *testing.T) {
+	// Test cases are missing each of the required parameters
+	valid := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{
+			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
+				{
+					Key:      "foo",
+					Operator: corev1.NodeSelectorOpIn,
+					Values:   []string{"bar"},
+				},
+			},
+		},
+		Config: &Config{
+			Override: map[ComponentName]*Override{
+				NodeAgentComponentName: {
+					Containers: map[commonv1.AgentContainerName]*Container{
+						commonv1.CoreAgentContainerName: {
+							Resources: &corev1.ResourceRequirements{
+								Limits: corev1.ResourceList{
+									corev1.ResourceCPU: *resource.NewQuantity(2, resource.DecimalSI),
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	validResourceOverrideInOneContainerOnly := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{
+			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
+				{
+					Key:      "foo",
+					Operator: corev1.NodeSelectorOpIn,
+					Values:   []string{"bar"},
+				},
+			},
+		},
+		Config: &Config{
+			Override: map[ComponentName]*Override{
+				NodeAgentComponentName: {
+					Containers: map[commonv1.AgentContainerName]*Container{
+						commonv1.CoreAgentContainerName: {
+							Resources: &corev1.ResourceRequirements{
+								Limits: corev1.ResourceList{
+									corev1.ResourceCPU: *resource.NewQuantity(2, resource.DecimalSI),
+								},
+							},
+						},
+						commonv1.TraceAgentContainerName: {},
+					},
+				},
+			},
+		},
+	}
+	missingResources := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{
+			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
+				{
+					Key:      "foo",
+					Operator: corev1.NodeSelectorOpIn,
+					Values:   []string{"bar"},
+				},
+			},
+		},
+		Config: &Config{
+			Override: map[ComponentName]*Override{
+				NodeAgentComponentName: {
+					Containers: map[commonv1.AgentContainerName]*Container{
+						commonv1.CoreAgentContainerName: {},
+					},
+				},
+			},
+		},
+	}
+	missingContainer := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{
+			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
+				{
+					Key:      "foo",
+					Operator: corev1.NodeSelectorOpIn,
+					Values:   []string{"bar"},
+				},
+			},
+		},
+		Config: &Config{
+			Override: map[ComponentName]*Override{
+				NodeAgentComponentName: {},
+			},
+		},
+	}
+	missingComponent := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{
+			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
+				{
+					Key:      "foo",
+					Operator: corev1.NodeSelectorOpIn,
+					Values:   []string{"bar"},
+				},
+			},
+		},
+		Config: &Config{
+			Override: map[ComponentName]*Override{},
+		},
+	}
+	missingOverride := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{
+			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
+				{
+					Key:      "foo",
+					Operator: corev1.NodeSelectorOpIn,
+					Values:   []string{"bar"},
+				},
+			},
+		},
+		Config: &Config{},
+	}
+	missingConfig := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{
+			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{
+				{
+					Key:      "foo",
+					Operator: corev1.NodeSelectorOpIn,
+					Values:   []string{"bar"},
+				},
+			},
+		},
+	}
+	missingNSR := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{
+			ProfileNodeAffinity: []corev1.NodeSelectorRequirement{},
+		},
+	}
+	missingNodeAffinity := &DatadogAgentProfileSpec{
+		ProfileAffinity: &ProfileAffinity{},
+	}
+	missingProfileAffinity := &DatadogAgentProfileSpec{}
+
+	testCases := []struct {
+		name    string
+		spec    *DatadogAgentProfileSpec
+		wantErr string
+	}{
+		{
+			name: "valid dap",
+			spec: valid,
+		},
+		{
+			name: "valid dap, resources specified in one container only",
+			spec: validResourceOverrideInOneContainerOnly,
+		},
+		{
+			name:    "missing resources",
+			spec:    missingResources,
+			wantErr: "at least one container resource must be defined",
+		},
+		{
+			name:    "missing container",
+			spec:    missingContainer,
+			wantErr: "node agent container must be defined",
+		},
+		{
+			name:    "missing component",
+			spec:    missingComponent,
+			wantErr: "node agent override must be defined",
+		},
+		{
+			name:    "missing override",
+			spec:    missingOverride,
+			wantErr: "config override must be defined",
+		},
+		{
+			name:    "missing config",
+			spec:    missingConfig,
+			wantErr: "config must be defined",
+		},
+		{
+			name:    "missing node selector requirement",
+			spec:    missingNSR,
+			wantErr: "profileNodeAffinity must have at least 1 requirement",
+		},
+		{
+			name:    "missing profile node affinity",
+			spec:    missingNodeAffinity,
+			wantErr: "profileNodeAffinity must be defined",
+		},
+		{
+			name:    "missing profile affinity",
+			spec:    missingProfileAffinity,
+			wantErr: "profileAffinity must be defined",
+		},
+	}
+	for _, test := range testCases {
+		t.Run(test.name, func(t *testing.T) {
+			result := ValidateDatadogAgentProfileSpec(test.spec)
+			if test.wantErr != "" {
+				assert.EqualError(t, result, test.wantErr)
+			} else {
+				assert.NoError(t, result)
+			}
+		})
+	}
+}