Add support of vsock for intra agents communications#2336
Add support of vsock for intra agents communications#2336
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #2336 +/- ##
=======================================
Coverage 38.78% 38.78%
=======================================
Files 309 309
Lines 26852 26882 +30
=======================================
+ Hits 10414 10426 +12
- Misses 15658 15674 +16
- Partials 780 782 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
lebauce
force-pushed
the
lebauce/vsock-support
branch
2 times, most recently
from
d7d0987 to
1163533
Compare
lebauce
force-pushed
the
lebauce/vsock-support
branch
3 times, most recently
from
d4e009f to
c7ed7b7
Compare
lebauce
force-pushed
the
lebauce/vsock-support
branch
from
a5dc055 to
fa9b312
Compare
There was a problem hiding this comment.
Wondering if this communication mode is CWS/some specific features only, in which case, all the code could be moved to said features instead of spec.global ? Features are applied after global, so they would take priority over the default for the auth volume ensuring it's hostPath instead of emptyDir. This would make it even cleaner/scoped.
If it's meant to be a real global for all sub-Agents in a supported communication mode (they'll all communicate to core Agent using this socket), then it's fine to keep in spec.global but it should be moved as per the comments below: see #2786
| // Enable VSock communication between the Agent and containerized workloads if specified | ||
| if config.UseVSock != nil && *config.UseVSock { | ||
| manager.EnvVar().AddEnvVar(&corev1.EnvVar{ | ||
| Name: DDVSockAddr, | ||
| Value: "host", | ||
| }) | ||
|
|
||
| // Remote agent doesn't work with vsock yet | ||
| manager.EnvVar().AddEnvVar(&corev1.EnvVar{ | ||
| Name: DDRemoteAgentRegistryEnabled, | ||
| Value: "false", | ||
| }) | ||
| } |
There was a problem hiding this comment.
Since this applies solely from my understanding to node Agent, it's better suited to be moved in applyNodeAgentResources in internal/controller/datadogagent/global/agent.go. This also means we don't have to touch the signature of the default EDS/DS functions. See 6d158f7
There was a problem hiding this comment.
If you see the draft PR I made, we don't need the signature changes to the defaultpodtempaltespec, the default shouldn't know what's configured in the global. We simply need to move the volume to global:
authVol := common.GetVolumeForAuth(true)
manager.Volume().AddVolume(&authVol)
My PR compared to your head now looks weird, but this simple change allows to avoid changing all the defaults
This is not specific to CWS (you may want to use the vsock mode without CWS at all). So I left it in |
lebauce
force-pushed
the
lebauce/vsock-support
branch
from
07883db to
7d69a4e
Compare
lebauce
force-pushed
the
lebauce/vsock-support
branch
from
7d69a4e to
0093fe3
Compare
7 participants
What does this PR do?
Kata containers makes use of microVM to run pods. In these environments, network may not be available at all. vsock allows communication between the host and the guest through the hypervisor, without using TCP sockets.
DataDog/datadog-agent#39478 added support for vsock sockets in the agent.
This PR modifies the Helm Charts by:
Motivation
Some environments do not allow workload to have network interfaces. Using
vsocksocketsallow these workloads to communicate with the agent.
Additional Notes
Anything else we should know when reviewing?
Minimum Agent Versions
Are there minimum versions of the Datadog Agent and/or Cluster Agent required?
Describe your test plan
Write there any instructions and details you may have to test your PR.
Checklist
bug,enhancement,refactoring,documentation,tooling, and/ordependenciesqa/skip-qalabel