datadog-operator
datadog-operator copied to clipboard
DataDog
Add uncompressed layers support using either mounts or overlayfs
What does this PR do?
Add features.sbom.containerImage.uncompressedLayersSupport.
Motivation
GKE or EKS container runtimes are configured to discard uncompressed layers which break container image scanning. This PR adds a configuration setting to allow mounting the container image before scanning it, or use the experimental overlayfs direct scan.
Additional Notes
Anything else we should know when reviewing?
Minimum Agent Versions
Are there minimum versions of the Datadog Agent and/or Cluster Agent required?
- Agent: vX.Y.Z
- Cluster Agent: vX.Y.Z
Describe your test plan
Write there any instructions and details you may have to test your PR.
Checklist
- [ ] PR has at least one valid label:
bug,enhancement,refactoring,documentation,tooling, and/ordependencies - [ ] PR has a milestone or the
qa/skip-qalabel
Codecov Report
Attention: Patch coverage is 45.16129% with 17 lines in your changes missing coverage. Please review.
Project coverage is 54.97%. Comparing base (
c72fc48) to head (4b94885). Report is 358 commits behind head on main.
| Files with missing lines | Patch % | Lines |
|---|---|---|
| controllers/datadogagent/feature/sbom/feature.go | 48.27% | 14 Missing and 1 partial :warning: |
| pkg/remoteconfig/updater.go | 0.00% | 2 Missing :warning: |
:x: Your patch status has failed because the patch coverage (45.16%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.
Additional details and impacted files
@@ Coverage Diff @@
## main #1201 +/- ##
==========================================
- Coverage 54.98% 54.97% -0.01%
==========================================
Files 243 243
Lines 28031 28058 +27
==========================================
+ Hits 15412 15426 +14
- Misses 11747 11759 +12
- Partials 872 873 +1
| Flag | Coverage Δ | |
|---|---|---|
| unittests | 54.97% <45.16%> (-0.01%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Files with missing lines | Coverage Δ | |
|---|---|---|
| apis/datadoghq/v2alpha1/datadogagent_types.go | 100.00% <ø> (ø) |
|
| pkg/remoteconfig/updater.go | 0.00% <0.00%> (ø) |
|
| controllers/datadogagent/feature/sbom/feature.go | 65.88% <48.27%> (-2.65%) |
:arrow_down: |
Continue to review full report in Codecov by Sentry.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update c72fc48...4b94885. Read the comment docs.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
@lebauce, required agent version wasn't specified here and we couldn't get more details offline. After checking agent repo the config for env var DD_SBOM_CONTAINER_IMAGE_OVERLAYFS_DIRECT_SCAN added in this PR is added by https://github.com/DataDog/datadog-agent/pull/25886 merged today on 05/29/2024. I suppose this makes this change available in 7.55 so updating milestone to 1.18.
Please, update minimum required Agent version and provide testing instructions in the PR description.
:x: MergeQueue
You are not allowed to use the merge queue towards main.
If you need support, contact us on Slack #devflow with those details!
![dd-devflow[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}