update monocontainer config (#1059)

* update monocontainer config

* Update docs/configuration.v2alpha1.md

Co-authored-by: May Lee <[email protected]>

* fix generated file

* fix missed var names

---------

Co-authored-by: May Lee <[email protected]>

apis/datadoghq/common/v1/types.go

@@ -75,9 +75,9 @@ const (
 	// SeccompSetupContainerName is the name of the Seccomp Setup init container
 	SeccompSetupContainerName AgentContainerName = "seccomp-setup"
 
-	// UnprivilegedMultiProcessAgentContainerName is the name of a multi process container
-	// which may run any combination of core, trace and process agent processes.
-	UnprivilegedMultiProcessAgentContainerName AgentContainerName = "unprivileged-multi-process-agent"
+	// UnprivilegedSingleAgentContainerName is the name of a container which may run
+	// any combination of Core, Trace and Process Agent processes in a single container.
+	UnprivilegedSingleAgentContainerName AgentContainerName = "unprivileged-single-agent"
 	// CoreAgentContainerName is the name of the Core Agent container
 	CoreAgentContainerName AgentContainerName = "agent"
 	// TraceAgentContainerName is the name of the Trace Agent container
@@ -96,13 +96,3 @@ const (
 	// ClusterChecksRunnersContainerName is the name of the Agent container in Cluster Checks Runners
 	ClusterChecksRunnersContainerName AgentContainerName = "agent"
 )
-
-type ContainerProcessStrategyType string
-
-const (
-	// Run one process per container
-	SingleProcessContainers ContainerProcessStrategyType = "singleProcessContainers"
-	// Run unprivileged processes in a single container. If privileged process, for example `security-agent` or `system-probe`
-	// is required, fall back to singleProcessContainer
-	UnprivilegedMultiProcessContainer ContainerProcessStrategyType = "unprivilegedMultiProcessContainer"
-)

apis/datadoghq/v2alpha1/datadogagent_default.go

@@ -7,7 +7,6 @@ package v2alpha1
 
 import (
 	apicommon "github.com/DataDog/datadog-operator/apis/datadoghq/common"
-	commonv1 "github.com/DataDog/datadog-operator/apis/datadoghq/common/v1"
 	apiutils "github.com/DataDog/datadog-operator/apis/utils"
 )
 
@@ -93,7 +92,7 @@ const (
 	// defaultKubeletAgentCAPath            = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
 	// defaultKubeletAgentCAPathHostPathSet = "/var/run/host-kubelet-ca.crt"
 
-	defaultContainerProcessStrategyType = commonv1.SingleProcessContainers
+	defaultContainerStrategy = OptimizedContainerStrategy
 )
 
 // DefaultDatadogAgent defaults the DatadogAgentSpec GlobalConfig and Features.
@@ -130,10 +129,9 @@ func defaultGlobalConfig(ddaSpec *DatadogAgentSpec) {
 		ddaSpec.Global.LogLevel = apiutils.NewStringPointer(defaultLogLevel)
 	}
 
-	if ddaSpec.Global.ContainerProcessStrategy == nil {
-		ddaSpec.Global.ContainerProcessStrategy = &ContainerProcessStrategy{
-			Type: defaultContainerProcessStrategyType,
-		}
+	if ddaSpec.Global.ContainerStrategy == nil {
+		dcs := defaultContainerStrategy
+		ddaSpec.Global.ContainerStrategy = &dcs
 	}
 }
 

apis/datadoghq/v2alpha1/datadogagent_types.go

@@ -781,9 +781,10 @@ type GlobalConfig struct {
 	// +optional
 	CriSocketPath *string `json:"criSocketPath,omitempty"`
 
-	// ContainerProcessStrategy determines whether agents run in single or multi-process containers.
+	// ContainerStrategy determines whether agents run in a single or multiple containers.
+	// Default: 'optimized'
 	// +optional
-	ContainerProcessStrategy *ContainerProcessStrategy `json:"containerProcessStrategy,omitempty"`
+	ContainerStrategy *ContainerStrategyType `json:"containerStrategy,omitempty"`
 }
 
 // DatadogCredentials is a generic structure that holds credentials to access Datadog.
@@ -1064,6 +1065,17 @@ type DatadogAgentGenericContainer struct {
 	AppArmorProfileName *string `json:"appArmorProfileName,omitempty"`
 }
 
+type ContainerStrategyType string
+
+const (
+	// OptimizedContainerStrategy indicates multiple Agent containers with one process per
+	// container (default)
+	OptimizedContainerStrategy ContainerStrategyType = "optimized"
+	// SingleContainerStrategy indicates a single Agent container with multiple (unprivileged)
+	// processes in one container
+	SingleContainerStrategy ContainerStrategyType = "single"
+)
+
 // DatadogAgentStatus defines the observed state of DatadogAgent.
 // +k8s:openapi-gen=true
 type DatadogAgentStatus struct {
@@ -1087,19 +1099,6 @@ type DatadogAgentStatus struct {
 	ClusterChecksRunner *commonv1.DeploymentStatus `json:"clusterChecksRunner,omitempty"`
 }
 
-// ContainerProcessStrategy determines how various agent processes are grouped across multiple containers.
-// +k8s:openapi-gen=true
-type ContainerProcessStrategy struct {
-	// Type sets a predetermined grouping of processes across containers. There are two supported groupings:
-	// `singleProcessContainers` runs one process per container.
-	// `unprivilegedMultiProcessContainer`, runs unprivileged processes in a single container
-	// unless the configuration requires a privileged agent. For example if `security-agent` or `system-probe`
-	// is required, `singleProcessContainers` will be used.
-	// Default: `singleProcessContainers`
-	// +optional
-	Type commonv1.ContainerProcessStrategyType `json:"type,omitempty"`
-}
-
 // DatadogAgent Deployment with the Datadog Operator.
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status

apis/datadoghq/v2alpha1/test/builder.go

@@ -470,17 +470,15 @@ func (builder *DatadogAgentBuilder) WithGlobalCriSocketPath(criSocketPath string
 	return builder
 }
 
-// Global ContainerProcessModel
+// Global ContainerStrategy
 
-func (builder *DatadogAgentBuilder) WithMultiProcessContainer(enabled bool) *DatadogAgentBuilder {
+func (builder *DatadogAgentBuilder) WithSingleContainerStrategy(enabled bool) *DatadogAgentBuilder {
 	if enabled {
-		builder.datadogAgent.Spec.Global.ContainerProcessStrategy = &v2alpha1.ContainerProcessStrategy{
-			Type: common.UnprivilegedMultiProcessContainer,
-		}
+		scs := v2alpha1.SingleContainerStrategy
+		builder.datadogAgent.Spec.Global.ContainerStrategy = &scs
 	} else {
-		builder.datadogAgent.Spec.Global.ContainerProcessStrategy = &v2alpha1.ContainerProcessStrategy{
-			Type: common.SingleProcessContainers,
-		}
+		ocs := v2alpha1.OptimizedContainerStrategy
+		builder.datadogAgent.Spec.Global.ContainerStrategy = &ocs
 	}
 	return builder
 }

config/crd/bases/v1/datadoghq.com_datadogagents.yaml

@@ -8428,13 +8428,9 @@ spec:
                     clusterName:
                       description: ClusterName sets a unique cluster name for the deployment to easily scope monitoring data in the Datadog app.
                       type: string
-                    containerProcessStrategy:
-                      description: ContainerProcessStrategy determines whether agents run in single or multi-process containers.
-                      properties:
-                        type:
-                          description: 'Type sets a predetermined grouping of processes across containers. There are two supported groupings: `singleProcessContainers` runs one process per container. `unprivilegedMultiProcessContainer`, runs unprivileged processes in a single container unless the configuration requires a privileged agent. For example if `security-agent` or `system-probe` is required, `singleProcessContainers` will be used. Default: `singleProcessContainers`'
-                          type: string
-                      type: object
+                    containerStrategy:
+                      description: 'ContainerStrategy determines whether agents run in a single or multiple containers. Default: ''optimized'''
+                      type: string
                     credentials:
                       description: Credentials defines the Datadog credentials used to submit data to/query data from Datadog.
                       properties:

config/crd/bases/v1beta1/datadoghq.com_datadogagents.yaml

@@ -15978,13 +15978,9 @@ spec:
                     clusterName:
                       description: ClusterName sets a unique cluster name for the deployment to easily scope monitoring data in the Datadog app.
                       type: string
-                    containerProcessStrategy:
-                      description: ContainerProcessStrategy determines whether agents run in single or multi-process containers.
-                      properties:
-                        type:
-                          description: 'Type sets a predetermined grouping of processes across containers. There are two supported groupings: `singleProcessContainers` runs one process per container. `unprivilegedMultiProcessContainer`, runs unprivileged processes in a single container unless the configuration requires a privileged agent. For example if `security-agent` or `system-probe` is required, `singleProcessContainers` will be used. Default: `singleProcessContainers`'
-                          type: string
-                      type: object
+                    containerStrategy:
+                      description: 'ContainerStrategy determines whether agents run in a single or multiple containers. Default: ''optimized'''
+                      type: string
                     credentials:
                       description: Credentials defines the Datadog credentials used to submit data to/query data from Datadog.
                       properties:

controllers/datadogagent/component/agent/default.go

@@ -45,10 +45,10 @@ func NewDefaultAgentPodTemplateSpec(dda metav1.Object, agentComponent feature.Re
 	requiredContainers := agentComponent.Containers
 
 	var agentContainers []corev1.Container
-	if agentComponent.MultiProcessContainerEnabled() {
-		agentContainers = agentMultiProcessContainer(dda)
+	if agentComponent.SingleContainerStrategyEnabled() {
+		agentContainers = agentSingleContainer(dda)
 	} else {
-		agentContainers = agentSingleProcessContainers(dda, requiredContainers)
+		agentContainers = agentOptimizedContainers(dda, requiredContainers)
 	}
 
 	return &corev1.PodTemplateSpec{
@@ -107,9 +107,9 @@ func initContainers(dda metav1.Object, requiredContainers []common.AgentContaine
 	return initContainers
 }
 
-func agentMultiProcessContainer(dda metav1.Object) []corev1.Container {
-	agentMultiProcessContainer := corev1.Container{
-		Name:           string(common.UnprivilegedMultiProcessAgentContainerName),
+func agentSingleContainer(dda metav1.Object) []corev1.Container {
+	agentSingleContainer := corev1.Container{
+		Name:           string(common.UnprivilegedSingleAgentContainerName),
 		Image:          agentImage(),
 		Env:            envVarsForCoreAgent(dda),
 		VolumeMounts:   volumeMountsForCoreAgent(),
@@ -118,13 +118,13 @@ func agentMultiProcessContainer(dda metav1.Object) []corev1.Container {
 	}
 
 	containers := []corev1.Container{
-		agentMultiProcessContainer,
+		agentSingleContainer,
 	}
 
 	return containers
 }
 
-func agentSingleProcessContainers(dda metav1.Object, requiredContainers []common.AgentContainerName) []corev1.Container {
+func agentOptimizedContainers(dda metav1.Object, requiredContainers []common.AgentContainerName) []corev1.Container {
 	containers := []corev1.Container{coreAgentContainer(dda)}
 
 	for _, containerName := range requiredContainers {

controllers/datadogagent/controller_reconcile_agent.go

@@ -45,15 +45,15 @@ func (r *Reconciler) reconcileV2Agent(logger logr.Logger, requiredComponents fea
 	disabledByOverride := false
 
 	agentEnabled := requiredComponents.Agent.IsEnabled()
-	multiProcessContainerEnabled := requiredComponents.Agent.MultiProcessContainerEnabled()
+	singleContainerStrategyEnabled := requiredComponents.Agent.SingleContainerStrategyEnabled()
 
 	if r.options.ExtendedDaemonsetOptions.Enabled {
 		// Start by creating the Default Agent extendeddaemonset
 		eds = componentagent.NewDefaultAgentExtendedDaemonset(dda, &r.options.ExtendedDaemonsetOptions, requiredComponents.Agent)
 		podManagers = feature.NewPodTemplateManagers(&eds.Spec.Template)
 
 		// Set Global setting on the default extendeddaemonset
-		eds.Spec.Template = *override.ApplyGlobalSettingsNodeAgent(logger, podManagers, dda, resourcesManager, multiProcessContainerEnabled)
+		eds.Spec.Template = *override.ApplyGlobalSettingsNodeAgent(logger, podManagers, dda, resourcesManager, singleContainerStrategyEnabled)
 
 		// Apply features changes on the Deployment.Spec.Template
 		for _, feat := range features {
@@ -113,12 +113,12 @@ func (r *Reconciler) reconcileV2Agent(logger logr.Logger, requiredComponents fea
 	daemonset = componentagent.NewDefaultAgentDaemonset(dda, requiredComponents.Agent)
 	podManagers = feature.NewPodTemplateManagers(&daemonset.Spec.Template)
 	// Set Global setting on the default daemonset
-	daemonset.Spec.Template = *override.ApplyGlobalSettingsNodeAgent(logger, podManagers, dda, resourcesManager, multiProcessContainerEnabled)
+	daemonset.Spec.Template = *override.ApplyGlobalSettingsNodeAgent(logger, podManagers, dda, resourcesManager, singleContainerStrategyEnabled)
 
 	// Apply features changes on the Deployment.Spec.Template
 	for _, feat := range features {
-		if multiProcessContainerEnabled {
-			if errFeat := feat.ManageMultiProcessNodeAgent(podManagers, provider); errFeat != nil {
+		if singleContainerStrategyEnabled {
+			if errFeat := feat.ManageSingleContainerNodeAgent(podManagers, provider); errFeat != nil {
 				return result, errFeat
 			}
 		} else {