Make OpenShift Helm values a Pulumi Asset

Author: triviajon

test/e2e-framework/components/datadog/agent/kubernetes_helm.go

@@ -186,7 +186,7 @@ func NewHelmInstallation(e config.Env, args HelmInstallationArgs, opts ...pulumi
 	values.configureImagePullSecret(imgPullSecret)
 	values.configureFakeintake(e, args.Fakeintake, args.DualShipping)
 
-	defaultYAMLValues := values.toYAMLPulumiAssetOutput()
+	defaultYAMLValues := values.ToYAMLPulumiAssetOutput()
 
 	var valuesYAML pulumi.AssetOrArchiveArray
 	valuesYAML = append(valuesYAML, defaultYAMLValues)
@@ -233,7 +233,7 @@ func NewHelmInstallation(e config.Env, args HelmInstallationArgs, opts ...pulumi
 		values := buildWindowsHelmValues(baseName, agentImagePath, agentImageTag, clusterAgentImagePath, clusterAgentImageTag)
 		values.configureImagePullSecret(imgPullSecret)
 		values.configureFakeintake(e, args.Fakeintake, args.DualShipping)
-		defaultYAMLValues := values.toYAMLPulumiAssetOutput()
+		defaultYAMLValues := values.ToYAMLPulumiAssetOutput()
 
 		var windowsValuesYAML pulumi.AssetOrArchiveArray
 		windowsValuesYAML = append(windowsValuesYAML, defaultYAMLValues)
@@ -680,6 +680,106 @@ func buildLinuxHelmValuesAutopilot(baseName, agentImagePath, agentImageTag, clus
 	}
 }
 
+// BuildOpenShiftHelmValues returns Helm values for deploying the agent on OpenShift clusters.
+func BuildOpenShiftHelmValues() HelmValues {
+	return HelmValues{
+		"datadog": pulumi.Map{
+			"kubelet": pulumi.Map{
+				"tlsVerify": pulumi.Bool(false),
+			},
+			// https://docs.datadoghq.com/containers/troubleshooting/admission-controller/?tab=helm#openshift
+			"apm": pulumi.Map{
+				"portEnabled": pulumi.Bool(true),
+			},
+			"sbom": pulumi.Map{
+				"containerImage": pulumi.Map{
+					"enabled":             pulumi.Bool(true),
+					"overlayFSDirectScan": pulumi.Bool(true),
+				},
+			},
+			"criSocketPath": pulumi.String("/var/run/crio/crio.sock"),
+			"useHostPID":    pulumi.Bool(true),
+			"originDetectionUnified": pulumi.Map{
+				"enabled": pulumi.Bool(true),
+			},
+			"dogstatsd": pulumi.Map{
+				"originDetection": pulumi.Bool(true),
+				"tagCardinality":  pulumi.String("high"),
+			},
+		},
+		"agents": pulumi.Map{
+			"enabled": pulumi.Bool(true),
+			"tolerations": pulumi.MapArray{
+				// Deploy Agents on master nodes
+				pulumi.Map{
+					"effect":   pulumi.String("NoSchedule"),
+					"key":      pulumi.String("node-role.kubernetes.io/master"),
+					"operator": pulumi.String("Exists"),
+				},
+				// Deploy Agents on infra nodes
+				pulumi.Map{
+					"effect":   pulumi.String("NoSchedule"),
+					"key":      pulumi.String("node-role.kubernetes.io/infra"),
+					"operator": pulumi.String("Exists"),
+				},
+				// Tolerate disk pressure
+				pulumi.Map{
+					"effect":   pulumi.String("NoSchedule"),
+					"key":      pulumi.String("node.kubernetes.io/disk-pressure"),
+					"operator": pulumi.String("Exists"),
+				},
+			},
+			"useHostNetwork": pulumi.Bool(true),
+			"replicas":       pulumi.Int(1),
+			"podSecurity": pulumi.Map{
+				"securityContextConstraints": pulumi.Map{
+					"create": pulumi.Bool(true),
+				},
+			},
+			"volumeMounts": pulumi.MapArray{
+				pulumi.Map{
+					"name":      pulumi.String("trivycache"),
+					"mountPath": pulumi.String("/root/.cache/trivy"),
+				},
+				pulumi.Map{
+					"name":      pulumi.String("imageoverlay"),
+					"mountPath": pulumi.String("/var/lib/containers/storage"),
+				},
+			},
+			"volumes": pulumi.MapArray{
+				pulumi.Map{
+					"name":     pulumi.String("trivycache"),
+					"emptyDir": pulumi.Map{},
+				},
+				pulumi.Map{
+					"name": pulumi.String("imageoverlay"),
+					"hostPath": pulumi.Map{
+						"path": pulumi.String("/var/lib/containers/storage"),
+					},
+				},
+			},
+		},
+		"clusterAgent": pulumi.Map{
+			"resources": pulumi.StringMapMap{
+				"limits": pulumi.StringMap{
+					"cpu":    pulumi.String("300m"),
+					"memory": pulumi.String("400Mi"),
+				},
+				"requests": pulumi.StringMap{
+					"cpu":    pulumi.String("150m"),
+					"memory": pulumi.String("300Mi"),
+				},
+			},
+			"enabled": pulumi.Bool(true),
+			"podSecurity": pulumi.Map{
+				"securityContextConstraints": pulumi.Map{
+					"create": pulumi.Bool(true),
+				},
+			},
+		},
+	}
+}
+
 func buildWindowsHelmValues(baseName string, agentImagePath, agentImageTag, _, _ string) HelmValues {
 	return HelmValues{
 		"targetSystem": pulumi.String("windows"),
@@ -879,7 +979,7 @@ func (values HelmValues) configureFakeintake(e config.Env, fakeintake *fakeintak
 	}
 }
 
-func (values HelmValues) toYAMLPulumiAssetOutput() pulumi.AssetOutput {
+func (values HelmValues) ToYAMLPulumiAssetOutput() pulumi.AssetOutput {
 	return pulumi.Map(values).ToMapOutput().ApplyT(func(v map[string]any) (pulumi.Asset, error) {
 		yamlValues, err := yaml.Marshal(v)
 		if err != nil {

test/e2e-framework/testing/provisioners/gcp/kubernetes/openshiftvm/openshiftvm.go

@@ -12,7 +12,7 @@ import (
 	kubernetesNewProvider "github.com/pulumi/pulumi-kubernetes/sdk/v4/go/kubernetes"
 
 	"github.com/DataDog/datadog-agent/test/e2e-framework/common/utils"
-	"github.com/DataDog/datadog-agent/test/e2e-framework/components/datadog/agent"
+	agentComp "github.com/DataDog/datadog-agent/test/e2e-framework/components/datadog/agent"
 	"github.com/DataDog/datadog-agent/test/e2e-framework/components/datadog/agent/helm"
 	"github.com/DataDog/datadog-agent/test/e2e-framework/components/datadog/apps/cpustress"
 	"github.com/DataDog/datadog-agent/test/e2e-framework/components/datadog/apps/dogstatsd"
@@ -39,67 +39,6 @@ import (
 
 const (
 	provisionerBaseID = "gcp-openshiftvm"
-	customAgentValues = `
-datadog:
-  kubelet:
-    tlsVerify: false
-  # https://docs.datadoghq.com/containers/troubleshooting/admission-controller/?tab=helm#openshift
-  apm:
-    portEnabled: true
-  sbom:
-    containerImage:
-      enabled: true
-      overlayFSDirectScan: true
-  criSocketPath: /var/run/crio/crio.sock
-  useHostPID: true
-  originDetectionUnified:
-    enabled: true
-  dogstatsd:
-    originDetection: true
-    tagCardinality: high
-agents:
-  enabled: true
-  tolerations:
-    # Deploy Agents on master nodes
-    - effect: NoSchedule
-      key: node-role.kubernetes.io/master
-      operator: Exists
-    # Deploy Agents on infra nodes
-    - effect: NoSchedule
-      key: node-role.kubernetes.io/infra
-      operator: Exists
-    # Tolerate disk pressure
-    - effect: NoSchedule
-      key: node.kubernetes.io/disk-pressure
-      operator: Exists
-  useHostNetwork: true
-  replicas: 1
-  podSecurity:
-    securityContextConstraints:
-      create: true
-  volumeMounts:
-    - name: trivycache
-      mountPath: /root/.cache/trivy
-    - name: imageoverlay
-      mountPath: /var/lib/containers/storage
-  volumes:
-    - name: trivycache
-      emptyDir: {}
-    - name: imageoverlay
-      hostPath:
-        path: /var/lib/containers/storage
-clusterAgent:
-  resources:
-    limits:
-      cpu: 300m
-      memory: 400Mi
-    requests:
-      cpu: 150m
-      memory: 300Mi
-  enabled: true
-  podSecurity:
-    securityContextConstraints:
-      create: true`
 )
 
 // OpenshiftVMProvisioner creates a new provisioner for OpenShift VM on GCP
@@ -183,10 +122,13 @@ func OpenShiftVMRunFunc(ctx *pulumi.Context, env *environments.Kubernetes, param
 	}
 
 	// Deploy the agent
-	var agent *agent.KubernetesAgent
+	var agent *agentComp.KubernetesAgent
 	if params.agentOptions != nil {
 		params.agentOptions = append(params.agentOptions,
-			kubernetesagentparams.WithHelmValues(customAgentValues),
+			func(p *kubernetesagentparams.Params) error {
+				p.HelmValues = append(p.HelmValues, agentComp.BuildOpenShiftHelmValues().ToYAMLPulumiAssetOutput())
+				return nil
+			},
 			kubernetesagentparams.WithClusterName(openshiftCluster.ClusterName),
 			kubernetesagentparams.WithNamespace("datadog"),
 			// OpenShift deployments need more time due to security context constraints and slower startup