diff --git a/Makefile b/Makefile index 2211ed5b0..042dd511f 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from a cluster deploy: manifests kustomize ## Deploy controller in the configured Kubernetes cluster in ~/.kube/config cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} - $(KUSTOMIZE) build config/default | kubectl apply -f - + $(KUSTOMIZE) build config/default | kubectl apply --force-conflicts --server-side -f - undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/default | kubectl delete -f - diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a553861ff..2d8abd854 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -237,6 +237,13 @@ rules: - get - list - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - get - apiGroups: - authorization.k8s.io resources: @@ -285,6 +292,13 @@ rules: - patch - update - watch +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - get - apiGroups: - autoscaling resources: @@ -392,6 +406,14 @@ rules: - get - list - watch +- apiGroups: + - external.metrics.k8s.io + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - networking.k8s.io resources: diff --git a/controllers/datadogagent/clusteragent.go b/controllers/datadogagent/clusteragent.go index ad04bc9fb..822efa69b 100644 --- a/controllers/datadogagent/clusteragent.go +++ b/controllers/datadogagent/clusteragent.go @@ -529,6 +529,10 @@ func getEnvVarsForClusterAgent(logger logr.Logger, dda *datadoghqv1alpha1.Datado Name: datadoghqv1alpha1.DDCollectKubeEvents, Value: datadoghqv1alpha1.BoolToString(spec.ClusterAgent.Config.CollectEvents), }, + { + Name: datadoghqv1alpha1.DDHealthPort, + Value: strconv.Itoa(int(datadoghqv1alpha1.DefaultAgentHealthPort)), + }, } if spec.ClusterName != "" { diff --git a/controllers/datadogagent/clusteragent_test.go b/controllers/datadogagent/clusteragent_test.go index e1beff9ee..281f32f8c 100644 --- a/controllers/datadogagent/clusteragent_test.go +++ b/controllers/datadogagent/clusteragent_test.go @@ -100,6 +100,10 @@ func clusterAgentDefaultEnvVars() []corev1.EnvVar { Name: "DD_COLLECT_KUBERNETES_EVENTS", Value: "false", }, + { + Name: "DD_HEALTH_PORT", + Value: "5555", + }, { Name: "DD_API_KEY", ValueFrom: apiKeyValue(), @@ -141,6 +145,10 @@ func clusterAgentWithAdmissionControllerDefaultEnvVars(serviceName string, unlab Name: "DD_COLLECT_KUBERNETES_EVENTS", Value: "false", }, + { + Name: "DD_HEALTH_PORT", + Value: "5555", + }, { Name: "DD_API_KEY", ValueFrom: apiKeyValue(), diff --git a/controllers/datadogagent_controller.go b/controllers/datadogagent_controller.go index a836b3460..715549219 100644 --- a/controllers/datadogagent_controller.go +++ b/controllers/datadogagent_controller.go @@ -61,16 +61,19 @@ type DatadogAgentReconciler struct { // Configure Admission Controller // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations,verbs=* +// +kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get // +kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get // +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get -// +kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get -// +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get +// +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create;get +// +kubebuilder:rbac:groups=authorization.k8s.io,resources=subjectaccessreviews,verbs=create;get // +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get +// +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get // Configure External Metrics server // +kubebuilder:rbac:groups=apiregistration.k8s.io,resources=apiservices,verbs=* // +kubebuilder:rbac:groups=datadoghq.com,resources=watermarkpodautoscalers,verbs=get;list;watch +// +kubebuilder:rbac:groups=external.metrics.k8s.io,resources=*,verbs=get;list;watch // Use ExtendedDaemonSet // +kubebuilder:rbac:groups=datadoghq.com,resources=extendeddaemonsets,verbs=get;list;watch;create;update;patch;delete