Skip to content

Add DatadogCSIDriver controller#2844

Closed
tbavelier wants to merge 9 commits intomainfrom
tbavelier/csi-driver-standalone
Closed

Add DatadogCSIDriver controller#2844
tbavelier wants to merge 9 commits intomainfrom
tbavelier/csi-driver-standalone

Conversation

@tbavelier
Copy link
Copy Markdown
Member

@tbavelier tbavelier commented Apr 1, 2026
edited
Loading

What does this PR do?

  • Adds DatadogCSIDriver CRD and controller

Motivation

  • Supporting CSI driver management with operator

Additional Notes

This is best reviewed commit by commit:

Minimum Agent Versions

Are there minimum versions of the Datadog Agent and/or Cluster Agent required?

  • Agent: vX.Y.Z
  • Cluster Agent: vX.Y.Z

Describe your test plan

TBD

Checklist

  • PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
  • PR has a milestone or the qa/skip-qa label
  • All commits are signed (see: signing commits)

tbavelier and others added 5 commits April 1, 2026 11:16
@tbavelier @claude
Add DatadogCSIDriver CRD types and generated manifests
e0d1d62 
Define the DatadogCSIDriver, DatadogCSIDriverSpec, DatadogCSIDriverOverride,
and DatadogCSIDriverStatus types in api/datadoghq/v1alpha1. The CRD enables
declarative management of the Datadog CSI Driver via the operator, replacing
the standalone Helm chart deployment.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tbavelier @claude
Add DatadogCSIDriver outer controller with RBAC markers
3295be9 
Controller-runtime wiring for the DatadogCSIDriver reconciler. Watches the
primary CR with GenerationChangedPredicate, owned DaemonSets for all changes
(including status), and CSIDriver objects via label-based enqueue for drift
detection on the cluster-scoped resource.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tbavelier @claude
Add DatadogCSIDriver reconciler, DaemonSet and CSIDriver builders
e4573fa 
Implements the reconciliation logic for the DatadogCSIDriver controller:
- Deferred SSA status patch with ObservedGeneration tracking
- CSIDriver object management with label-based ownership (part-of pattern)
- DaemonSet management with drift detection via generation tracking
- Override system with merge-by-name semantics (env vars, volumes, mounts)
- Image resolution via pkg/images (supports tag-only overrides)
- Finalizer-based cleanup of the cluster-scoped CSIDriver on deletion

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tbavelier @claude
Wire DatadogCSIDriver controller into operator startup
d0adb80 
Register the controller in setup.go with a feature flag and add the
-datadogCSIDriverEnabled flag (default: false) to cmd/main.go. Also
registers the storagev1 scheme required for CSIDriver object management.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tbavelier
Merge branch 'main' into tbavelier/revert-nightly
600695b
@tbavelier tbavelier added this to the v1.26.0 milestone Apr 1, 2026
@tbavelier tbavelier added the enhancement New feature or request label Apr 1, 2026
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 1, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 66.03053% with 178 lines in your changes missing coverage. Please review.
✅ Project coverage is 39.74%. Comparing base (ed2b4df) to head (4ebe5ef).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
internal/controller/datadogcsidriver/daemonset.go 70.42% 87 Missing and 10 partials ⚠️
internal/controller/datadogcsidriver/controller.go 62.50% 38 Missing and 16 partials ⚠️
internal/controller/datadogcsidriver_controller.go 0.00% 19 Missing ⚠️
internal/controller/setup.go 40.00% 6 Missing ⚠️
cmd/main.go 33.33% 2 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #2844      +/-   ##
==========================================
+ Coverage   39.24%   39.74%   +0.50%     
==========================================
  Files         314      318       +4     
  Lines       27288    27812     +524     
==========================================
+ Hits        10708    11054     +346     
- Misses      15792    15944     +152     
- Partials      788      814      +26
Flag Coverage Δ
unittests 39.74% <66.03%> (+0.50%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
internal/controller/datadogcsidriver/csidriver.go 100.00% <100.00%> (ø)
cmd/main.go 6.66% <33.33%> (+0.23%) ⬆️
internal/controller/setup.go 36.12% <40.00%> (+0.21%) ⬆️
internal/controller/datadogcsidriver_controller.go 0.00% <0.00%> (ø)
internal/controller/datadogcsidriver/controller.go 62.50% <62.50%> (ø)
internal/controller/datadogcsidriver/daemonset.go 70.42% <70.42%> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ed2b4df...4ebe5ef. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@tbavelier tbavelier marked this pull request as ready for review April 2, 2026 08:53
@tbavelier tbavelier requested a review from a team April 2, 2026 08:53
@tbavelier tbavelier requested a review from a team as a code owner April 2, 2026 08:53
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 87ed63e94c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread internal/controller/datadogcsidriver/controller.go Outdated
Comment on lines +202 to +205
if current.Labels == nil ||
current.Labels[kubernetes.AppKubernetesManageByLabelKey] != "datadog-operator" ||
current.Labels[kubernetes.AppKubernetesPartOfLabelKey] != expectedPartOf {
logger.Info("Updating CSIDriver ownership labels", "csidriver", driverName)
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reconcile CSIDriver spec drift on existing objects

When a CSIDriver already exists, this branch only checks ownership labels and returns without reconciling current.Spec against buildCSIDriverObject(instance).Spec. That means out-of-band edits to fields like attachRequired, podInfoOnMount, or lifecycle modes will persist indefinitely, even though the controller watches CSIDriver events for drift. The result is that the operator can report success while leaving an unintended CSI API configuration in place.

Useful? React with 👍 / 👎.

Comment thread internal/controller/datadogcsidriver/controller.go Outdated
return ctrl.Result{}, nil
}

driverName := getCSIDriverName(instance)
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Track previous CSIDriver name for finalizer cleanup

Finalizer cleanup always deletes only getCSIDriverName(instance), i.e. the current spec value. If .spec.csiDriverName is changed from one name to another, reconcile can create/manage the new object but the previously managed cluster-scoped CSIDriver is never removed; deleting the CR later cleans up only the latest name and leaves the old one orphaned.

Useful? React with 👍 / 👎.

@tbavelier tbavelier marked this pull request as draft April 2, 2026 10:19
adel121
adel121 reviewed Apr 2, 2026
View reviewed changes
Comment thread api/datadoghq/v1alpha1/datadogcsidriver_types.go

// SecurityContext holds pod-level security attributes.
// +optional
SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
Copy link
Copy Markdown
Contributor

@adel121 adel121 Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the csi driver helm chart we don't define a pod-level security context.

We expose a container-level security contexts:

  • Here for the registrar
  • Here for the node server

In the CRD we expose pod level security context only, is this intentional?

Copy link
Copy Markdown
Contributor

@adel121 adel121 Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevermind, I have just noticed we also have pod level security context in helm here.

And in the operator we can override container-level security context via the container overrides.

@tbavelier
Copy link
Copy Markdown
Member Author

tbavelier commented Apr 2, 2026

Replaced with #2856

@tbavelier tbavelier closed this Apr 2, 2026
@tbavelier tbavelier deleted the tbavelier/csi-driver-standalone branch April 8, 2026 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adel121 adel121 adel121 left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

enhancement New feature or request team/container-autoscaling team/container-platform

Projects

None yet

Milestone

v1.26.0

Development

Successfully merging this pull request may close these issues.

3 participants

@tbavelier @codecov-commenter @adel121