From 07c4ac77afdc8c228a5e2e1754a600daa1d88fd7 Mon Sep 17 00:00:00 2001 From: Gabriel Dos Santos Date: Fri, 3 Apr 2026 13:15:34 -0400 Subject: [PATCH] Configure hostProp as global config post processed --- api/datadoghq/v2alpha1/datadogagent_types.go | 7 + .../v2alpha1/zz_generated.deepcopy.go | 5 + ...ping_datadog_helm_to_datadogagent_crd.yaml | 2 +- .../datadoghq.com_datadogagentinternals.yaml | 10 + ...hq.com_datadogagentinternals_v1alpha1.json | 9 + .../datadoghq.com_datadogagentprofiles.yaml | 10 + ...ghq.com_datadogagentprofiles_v1alpha1.json | 9 + .../bases/v1/datadoghq.com_datadogagents.yaml | 10 + .../datadoghq.com_datadogagents_v2alpha1.json | 9 + docs/configuration.v2alpha1.md | 1 + docs/configuration_public.md | 3 + .../datadogagent/component_reconciler.go | 6 + .../controller_reconcile_agent.go | 11 + .../object/volume/mount_propagation.go | 43 ++++ .../object/volume/mount_propagation_test.go | 189 ++++++++++++++++++ .../component_reconciler.go | 6 + .../controller_reconcile_agent.go | 11 + 17 files changed, 340 insertions(+), 1 deletion(-) create mode 100644 internal/controller/datadogagent/object/volume/mount_propagation.go create mode 100644 internal/controller/datadogagent/object/volume/mount_propagation_test.go diff --git a/api/datadoghq/v2alpha1/datadogagent_types.go b/api/datadoghq/v2alpha1/datadogagent_types.go index 5ad50df0da..ab2eedfd4c 100644 --- a/api/datadoghq/v2alpha1/datadogagent_types.go +++ b/api/datadoghq/v2alpha1/datadogagent_types.go @@ -1837,6 +1837,13 @@ type GlobalConfig struct { // Default: 'false' // +optional UseVSock *bool `json:"useVSock,omitempty"` + + // HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers + // and the other way around for host path volumes. + // ref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation + // +kubebuilder:validation:Enum=None;HostToContainer;Bidirectional + // +optional + HostVolumeMountPropagation *corev1.MountPropagationMode `json:"hostVolumeMountPropagation,omitempty"` } // DatadogCredentials is a generic structure that holds credentials to access Datadog. diff --git a/api/datadoghq/v2alpha1/zz_generated.deepcopy.go b/api/datadoghq/v2alpha1/zz_generated.deepcopy.go index 4733c0d92d..4db5dac2f5 100644 --- a/api/datadoghq/v2alpha1/zz_generated.deepcopy.go +++ b/api/datadoghq/v2alpha1/zz_generated.deepcopy.go @@ -2112,6 +2112,11 @@ func (in *GlobalConfig) DeepCopyInto(out *GlobalConfig) { *out = new(bool) **out = **in } + if in.HostVolumeMountPropagation != nil { + in, out := &in.HostVolumeMountPropagation, &out.HostVolumeMountPropagation + *out = new(corev1.MountPropagationMode) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalConfig. diff --git a/cmd/yaml-mapper/mapper/mapping_datadog_helm_to_datadogagent_crd.yaml b/cmd/yaml-mapper/mapper/mapping_datadog_helm_to_datadogagent_crd.yaml index 46a64596c8..18bec65c3d 100644 --- a/cmd/yaml-mapper/mapper/mapping_datadog_helm_to_datadogagent_crd.yaml +++ b/cmd/yaml-mapper/mapper/mapping_datadog_helm_to_datadogagent_crd.yaml @@ -421,7 +421,7 @@ datadog.gpuMonitoring.runtimeClassName: spec.features.gpu.requiredRuntimeClassNa datadog.helmCheck.collectEvents: spec.features.helmCheck.collectEvents datadog.helmCheck.enabled: spec.features.helmCheck.enabled datadog.helmCheck.valuesAsTags: spec.features.helmCheck.valuesAsTags -datadog.hostVolumeMountPropagation: "" +datadog.hostVolumeMountPropagation: spec.global.hostVolumeMountPropagation datadog.ignoreAutoConfig: "" datadog.kubeStateMetricsCore.annotationsAsTags: "" datadog.kubeStateMetricsCore.collectApiServicesMetrics: "" diff --git a/config/crd/bases/v1/datadoghq.com_datadogagentinternals.yaml b/config/crd/bases/v1/datadoghq.com_datadogagentinternals.yaml index 43993cffb5..81a6ae7773 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagentinternals.yaml +++ b/config/crd/bases/v1/datadoghq.com_datadogagentinternals.yaml @@ -3004,6 +3004,16 @@ spec: Default: false type: boolean type: object + hostVolumeMountPropagation: + description: |- + HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers + and the other way around for host path volumes. + ref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation + enum: + - None + - HostToContainer + - Bidirectional + type: string kubelet: description: Kubelet contains the kubelet configuration parameters. properties: diff --git a/config/crd/bases/v1/datadoghq.com_datadogagentinternals_v1alpha1.json b/config/crd/bases/v1/datadoghq.com_datadogagentinternals_v1alpha1.json index ba086e025c..4c98760d93 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagentinternals_v1alpha1.json +++ b/config/crd/bases/v1/datadoghq.com_datadogagentinternals_v1alpha1.json @@ -3151,6 +3151,15 @@ }, "type": "object" }, + "hostVolumeMountPropagation": { + "description": "HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers\nand the other way around for host path volumes.\nref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation", + "enum": [ + "None", + "HostToContainer", + "Bidirectional" + ], + "type": "string" + }, "kubelet": { "additionalProperties": false, "description": "Kubelet contains the kubelet configuration parameters.", diff --git a/config/crd/bases/v1/datadoghq.com_datadogagentprofiles.yaml b/config/crd/bases/v1/datadoghq.com_datadogagentprofiles.yaml index aa5590b088..f9e5146545 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagentprofiles.yaml +++ b/config/crd/bases/v1/datadoghq.com_datadogagentprofiles.yaml @@ -3004,6 +3004,16 @@ spec: Default: false type: boolean type: object + hostVolumeMountPropagation: + description: |- + HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers + and the other way around for host path volumes. + ref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation + enum: + - None + - HostToContainer + - Bidirectional + type: string kubelet: description: Kubelet contains the kubelet configuration parameters. properties: diff --git a/config/crd/bases/v1/datadoghq.com_datadogagentprofiles_v1alpha1.json b/config/crd/bases/v1/datadoghq.com_datadogagentprofiles_v1alpha1.json index 4dbcc7317b..e4b4dba686 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagentprofiles_v1alpha1.json +++ b/config/crd/bases/v1/datadoghq.com_datadogagentprofiles_v1alpha1.json @@ -3155,6 +3155,15 @@ }, "type": "object" }, + "hostVolumeMountPropagation": { + "description": "HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers\nand the other way around for host path volumes.\nref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation", + "enum": [ + "None", + "HostToContainer", + "Bidirectional" + ], + "type": "string" + }, "kubelet": { "additionalProperties": false, "description": "Kubelet contains the kubelet configuration parameters.", diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml index 4dde7e8f70..766fd07a0d 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents.yaml +++ b/config/crd/bases/v1/datadoghq.com_datadogagents.yaml @@ -3004,6 +3004,16 @@ spec: Default: false type: boolean type: object + hostVolumeMountPropagation: + description: |- + HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers + and the other way around for host path volumes. + ref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation + enum: + - None + - HostToContainer + - Bidirectional + type: string kubelet: description: Kubelet contains the kubelet configuration parameters. properties: diff --git a/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json b/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json index e7b9123233..adc06fd203 100644 --- a/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json +++ b/config/crd/bases/v1/datadoghq.com_datadogagents_v2alpha1.json @@ -3151,6 +3151,15 @@ }, "type": "object" }, + "hostVolumeMountPropagation": { + "description": "HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers\nand the other way around for host path volumes.\nref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation", + "enum": [ + "None", + "HostToContainer", + "Bidirectional" + ], + "type": "string" + }, "kubelet": { "additionalProperties": false, "description": "Kubelet contains the kubelet configuration parameters.", diff --git a/docs/configuration.v2alpha1.md b/docs/configuration.v2alpha1.md index 9640c91d49..546465c0c5 100644 --- a/docs/configuration.v2alpha1.md +++ b/docs/configuration.v2alpha1.md @@ -243,6 +243,7 @@ spec: | global.fips.resources.limits | Resource limits for the FIPS sidecar. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container . | | global.fips.resources.requests | Resource requests for the FIPS sidecar. If undefined, defaults to global.fips.resources.limits (if set), then to an implementation-defined value. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container . | | global.fips.useHTTPS | If true, enables HTTPS on the FIPS sidecar. Default: false | +| global.hostVolumeMountPropagation | HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers and the other way around for host path volumes. ref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation | | global.kubelet.agentCAPath | AgentCAPath is the container path where the kubelet CA certificate is stored. Default: '/var/run/host-kubelet-ca.crt' if hostCAPath is set, else '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' | | global.kubelet.host.configMapKeyRef.key | The key to select. | | global.kubelet.host.configMapKeyRef.name | Of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | diff --git a/docs/configuration_public.md b/docs/configuration_public.md index c536cfd615..7436aff82c 100644 --- a/docs/configuration_public.md +++ b/docs/configuration_public.md @@ -465,6 +465,9 @@ spec: `global.fips` : FIPS contains configuration used to customize the FIPS proxy sidecar. See [link](https://github.com/DataDog/datadog-operator/blob/main/docs/configuration.v2alpha1.md) for more information. +`global.hostVolumeMountPropagation` +: HostVolumeMountPropagation determines how mounts are propagated from the host to the Agent containers and the other way around for host path volumes. ref: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation + `global.kubelet.agentCAPath` : AgentCAPath is the container path where the kubelet CA certificate is stored. Default: '/var/run/host-kubelet-ca.crt' if hostCAPath is set, else '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt' diff --git a/internal/controller/datadogagent/component_reconciler.go b/internal/controller/datadogagent/component_reconciler.go index e0662b8bfa..31af697b57 100644 --- a/internal/controller/datadogagent/component_reconciler.go +++ b/internal/controller/datadogagent/component_reconciler.go @@ -20,6 +20,7 @@ import ( apiutils "github.com/DataDog/datadog-operator/api/utils" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/common" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/feature" + "github.com/DataDog/datadog-operator/internal/controller/datadogagent/object/volume" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/override" "github.com/DataDog/datadog-operator/pkg/condition" "github.com/DataDog/datadog-operator/pkg/constants" @@ -209,6 +210,11 @@ func (r *ComponentRegistry) reconcileComponent(ctx context.Context, params *Reco override.Deployment(deployment, componentOverride) } + // Apply host volume mount propagation from global config + if params.DDA.Spec.Global != nil { + volume.ApplyMountPropagation(podManagers.PodTemplateSpec(), params.DDA.Spec.Global.HostVolumeMountPropagation) + } + if r.reconciler.options.IntrospectionEnabled { // Add provider label to deployment if deployment.Labels == nil { diff --git a/internal/controller/datadogagent/controller_reconcile_agent.go b/internal/controller/datadogagent/controller_reconcile_agent.go index 09f910ef1b..b55e3bd747 100644 --- a/internal/controller/datadogagent/controller_reconcile_agent.go +++ b/internal/controller/datadogagent/controller_reconcile_agent.go @@ -31,6 +31,7 @@ import ( "github.com/DataDog/datadog-operator/internal/controller/datadogagent/feature" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/global" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/object" + "github.com/DataDog/datadog-operator/internal/controller/datadogagent/object/volume" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/override" "github.com/DataDog/datadog-operator/pkg/agentprofile" "github.com/DataDog/datadog-operator/pkg/condition" @@ -116,6 +117,11 @@ func (r *Reconciler) reconcileV2Agent(logger logr.Logger, requiredComponents fea experimental.ApplyExperimentalOverrides(logger, dda, podManagers) + // Apply host volume mount propagation from global config + if dda.Spec.Global != nil { + volume.ApplyMountPropagation(podManagers.PodTemplateSpec(), dda.Spec.Global.HostVolumeMountPropagation) + } + if disabledByOverride { if agentEnabled { // The override supersedes what's set in requiredComponents; update status to reflect the conflict @@ -216,6 +222,11 @@ func (r *Reconciler) reconcileV2Agent(logger logr.Logger, requiredComponents fea experimental.ApplyExperimentalOverrides(logger, dda, podManagers) + // Apply host volume mount propagation from global config + if dda.Spec.Global != nil { + volume.ApplyMountPropagation(podManagers.PodTemplateSpec(), dda.Spec.Global.HostVolumeMountPropagation) + } + if disabledByOverride { if agentEnabled { // The override supersedes what's set in requiredComponents; update status to reflect the conflict diff --git a/internal/controller/datadogagent/object/volume/mount_propagation.go b/internal/controller/datadogagent/object/volume/mount_propagation.go new file mode 100644 index 0000000000..4043dab1ca --- /dev/null +++ b/internal/controller/datadogagent/object/volume/mount_propagation.go @@ -0,0 +1,43 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2016-present Datadog, Inc. + +package volume + +import ( + corev1 "k8s.io/api/core/v1" +) + +// ApplyMountPropagation sets the MountPropagation mode on all volume mounts in the PodTemplateSpec +// that are backed by HostPath volumes. This mirrors the Helm chart's hostVolumeMountPropagation setting. +func ApplyMountPropagation(podTemplate *corev1.PodTemplateSpec, mode *corev1.MountPropagationMode) { + if mode == nil { + return + } + + // Build a set of volume names that use HostPath + hostPathVolumes := make(map[string]struct{}) + for _, vol := range podTemplate.Spec.Volumes { + if vol.VolumeSource.HostPath != nil { + hostPathVolumes[vol.Name] = struct{}{} + } + } + + // Apply mount propagation to all containers (regular and init) for host-path-backed mounts + applyToContainers(podTemplate.Spec.Containers, hostPathVolumes, mode) + applyToContainers(podTemplate.Spec.InitContainers, hostPathVolumes, mode) +} + +func applyToContainers(containers []corev1.Container, hostPathVolumes map[string]struct{}, mode *corev1.MountPropagationMode) { + for i := range containers { + for j := range containers[i].VolumeMounts { + if _, ok := hostPathVolumes[containers[i].VolumeMounts[j].Name]; ok { + // Only set if not already explicitly configured (e.g., by a per-mount override) + if containers[i].VolumeMounts[j].MountPropagation == nil { + containers[i].VolumeMounts[j].MountPropagation = mode + } + } + } + } +} diff --git a/internal/controller/datadogagent/object/volume/mount_propagation_test.go b/internal/controller/datadogagent/object/volume/mount_propagation_test.go new file mode 100644 index 0000000000..b566267d39 --- /dev/null +++ b/internal/controller/datadogagent/object/volume/mount_propagation_test.go @@ -0,0 +1,189 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2016-present Datadog, Inc. + +package volume + +import ( + "testing" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + "k8s.io/utils/ptr" +) + +func TestApplyMountPropagation(t *testing.T) { + hostToContainer := corev1.MountPropagationHostToContainer + bidirectional := corev1.MountPropagationBidirectional + + tests := []struct { + name string + podTemplate *corev1.PodTemplateSpec + mode *corev1.MountPropagationMode + wantMounts map[string]*corev1.MountPropagationMode // container name -> mount name -> expected propagation + }{ + { + name: "nil mode is a no-op", + podTemplate: &corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + {Name: "hostVol", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/host"}}}, + }, + Containers: []corev1.Container{ + { + Name: "agent", + VolumeMounts: []corev1.VolumeMount{ + {Name: "hostVol", MountPath: "/host"}, + }, + }, + }, + }, + }, + mode: nil, + wantMounts: map[string]*corev1.MountPropagationMode{"hostVol": nil}, + }, + { + name: "sets propagation on host path volume mounts", + podTemplate: &corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + {Name: "hostVol", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/host"}}}, + {Name: "emptyVol", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}}, + }, + Containers: []corev1.Container{ + { + Name: "agent", + VolumeMounts: []corev1.VolumeMount{ + {Name: "hostVol", MountPath: "/host"}, + {Name: "emptyVol", MountPath: "/empty"}, + }, + }, + }, + }, + }, + mode: &hostToContainer, + wantMounts: map[string]*corev1.MountPropagationMode{ + "hostVol": &hostToContainer, + "emptyVol": nil, + }, + }, + { + name: "does not override explicitly set propagation", + podTemplate: &corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + {Name: "hostVol", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/host"}}}, + }, + Containers: []corev1.Container{ + { + Name: "agent", + VolumeMounts: []corev1.VolumeMount{ + {Name: "hostVol", MountPath: "/host", MountPropagation: ptr.To(bidirectional)}, + }, + }, + }, + }, + }, + mode: &hostToContainer, + wantMounts: map[string]*corev1.MountPropagationMode{ + "hostVol": &bidirectional, // existing value preserved + }, + }, + { + name: "applies to init containers", + podTemplate: &corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + {Name: "hostVol", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/host"}}}, + }, + InitContainers: []corev1.Container{ + { + Name: "init", + VolumeMounts: []corev1.VolumeMount{ + {Name: "hostVol", MountPath: "/host"}, + }, + }, + }, + }, + }, + mode: &hostToContainer, + wantMounts: map[string]*corev1.MountPropagationMode{"hostVol": &hostToContainer}, + }, + { + name: "applies to multiple containers", + podTemplate: &corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + {Name: "hostVol", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/host"}}}, + }, + Containers: []corev1.Container{ + { + Name: "agent", + VolumeMounts: []corev1.VolumeMount{ + {Name: "hostVol", MountPath: "/host"}, + }, + }, + { + Name: "process-agent", + VolumeMounts: []corev1.VolumeMount{ + {Name: "hostVol", MountPath: "/host"}, + }, + }, + }, + }, + }, + mode: &hostToContainer, + }, + { + name: "no volumes is a no-op", + podTemplate: &corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + {Name: "agent"}, + }, + }, + }, + mode: &hostToContainer, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ApplyMountPropagation(tt.podTemplate, tt.mode) + + if tt.wantMounts != nil { + // Check regular containers + for _, c := range tt.podTemplate.Spec.Containers { + for _, vm := range c.VolumeMounts { + if expected, ok := tt.wantMounts[vm.Name]; ok { + assert.Equal(t, expected, vm.MountPropagation, + "container %s, mount %s", c.Name, vm.Name) + } + } + } + // Check init containers + for _, c := range tt.podTemplate.Spec.InitContainers { + for _, vm := range c.VolumeMounts { + if expected, ok := tt.wantMounts[vm.Name]; ok { + assert.Equal(t, expected, vm.MountPropagation, + "init container %s, mount %s", c.Name, vm.Name) + } + } + } + } + + // For multi-container test, verify all containers got the propagation + if tt.name == "applies to multiple containers" { + for _, c := range tt.podTemplate.Spec.Containers { + for _, vm := range c.VolumeMounts { + if vm.Name == "hostVol" { + assert.Equal(t, tt.mode, vm.MountPropagation, + "container %s, mount %s", c.Name, vm.Name) + } + } + } + } + }) + } +} diff --git a/internal/controller/datadogagentinternal/component_reconciler.go b/internal/controller/datadogagentinternal/component_reconciler.go index 1432e0e634..23f02748c0 100644 --- a/internal/controller/datadogagentinternal/component_reconciler.go +++ b/internal/controller/datadogagentinternal/component_reconciler.go @@ -22,6 +22,7 @@ import ( apiutils "github.com/DataDog/datadog-operator/api/utils" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/common" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/feature" + "github.com/DataDog/datadog-operator/internal/controller/datadogagent/object/volume" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/override" "github.com/DataDog/datadog-operator/pkg/condition" "github.com/DataDog/datadog-operator/pkg/controller/utils" @@ -217,6 +218,11 @@ func (r *ComponentRegistry) reconcileComponent(ctx context.Context, params *Reco override.Deployment(deployment, componentOverride) } + // Apply host volume mount propagation from global config + if params.DDAI.Spec.Global != nil { + volume.ApplyMountPropagation(podManagers.PodTemplateSpec(), params.DDAI.Spec.Global.HostVolumeMountPropagation) + } + res, err := r.reconciler.createOrUpdateDeployment(ctx, params.DDAI, deployment, params.Status, component.UpdateStatus) if err == nil { diff --git a/internal/controller/datadogagentinternal/controller_reconcile_agent.go b/internal/controller/datadogagentinternal/controller_reconcile_agent.go index bf3f4ffca7..31144e549c 100644 --- a/internal/controller/datadogagentinternal/controller_reconcile_agent.go +++ b/internal/controller/datadogagentinternal/controller_reconcile_agent.go @@ -25,6 +25,7 @@ import ( "github.com/DataDog/datadog-operator/internal/controller/datadogagent/experimental" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/feature" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/global" + "github.com/DataDog/datadog-operator/internal/controller/datadogagent/object/volume" "github.com/DataDog/datadog-operator/internal/controller/datadogagent/override" "github.com/DataDog/datadog-operator/pkg/condition" "github.com/DataDog/datadog-operator/pkg/constants" @@ -86,6 +87,11 @@ func (r *Reconciler) reconcileV2Agent(ctx context.Context, requiredComponents fe experimental.ApplyExperimentalOverrides(objLogger, ddai, podManagers) + // Apply host volume mount propagation from global config + if ddai.Spec.Global != nil { + volume.ApplyMountPropagation(podManagers.PodTemplateSpec(), ddai.Spec.Global.HostVolumeMountPropagation) + } + if disabledByOverride { if agentEnabled { // The override supersedes what's set in requiredComponents; update status to reflect the conflict @@ -144,6 +150,11 @@ func (r *Reconciler) reconcileV2Agent(ctx context.Context, requiredComponents fe experimental.ApplyExperimentalOverrides(objLogger, ddai, podManagers) + // Apply host volume mount propagation from global config + if ddai.Spec.Global != nil { + volume.ApplyMountPropagation(podManagers.PodTemplateSpec(), ddai.Spec.Global.HostVolumeMountPropagation) + } + if disabledByOverride { if agentEnabled { // The override supersedes what's set in requiredComponents; update status to reflect the conflict