feat: Add instrumentation controller crd feature

[Mathew-Estafanous]

What does this PR do?

Adds a feature.instrumentationCRD feature that'll be used to enable the DatadogInstrumentation CRD controller in the cluster agent and node agent's AD provider.

The feature depends on:

1. Admission controller being enabled.
2. Cluster Agent RBACs added (done automatically).

Motivation

Without this feature, enabling instrumentation CRD controller requires manually adding DD_INSTRUMENTATION_CRD_CONTROLLER_ENABLED to both cluster and node agents. Additionally there'd be no enforcement of admission controller or rbac pre-requisites.

Minimum Agent Versions

Are there minimum versions of the Datadog Agent and/or Cluster Agent required?

• Agent: vX.Y.Z
• Cluster Agent: vX.Y.Z

Describe your test plan

1. Added unit tests in instrumentationcrd/feature_test.go.

Manual QA

1. Deploy custom operator
2. Deploy DDA with instrumentationCRD enabled.

apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
  name: datadog
spec:
  global:
    logLevel: "info"
    clusterName: <YOUR_CLUSTER_NAME>
    credentials:
      apiSecret:
        secretName: datadog-secret
        keyName: api-key
      appSecret:
        secretName: datadog-secret
        keyName: app-key
    kubelet:
      tlsVerify: false
  features:
    instrumentationCRD:
      enabled: true
    apm:
      instrumentation:
        enabled: true

3. Check that DCA and node agents have DD_INSTRUMENTATION_CRD_CONTROLLER_ENABLED: "true"

4. A cluster role and binding created with necessary datadoginstrumentation RBACs.

Checklist

• PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
• PR has a milestone or the qa/skip-qa label
• All commits are signed (see: signing commits)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2b15c1b4da

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Configure instrumentation env var for single-container agents

The new feature never configures node-agent env vars when SingleContainerStrategy is used because ManageSingleContainerNodeAgent is a no-op. In that mode the reconciler calls ManageSingleContainerNodeAgent instead of ManageNodeAgent, so DD_INSTRUMENTATION_CRD_CONTROLLER_ENABLED is not added to the node agent container and the instrumentation CRD flow is only partially enabled.

Useful? React with 👍 / 👎.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 51.21951% with 40 lines in your changes missing coverage. Please review.
✅ Project coverage is 40.59%. Comparing base (bed889f) to head (d8fdb7f).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...datadogagent/feature/instrumentationcrd/feature.go	60.60%	24 Missing and 2 partials ⚠️
pkg/testutils/builder.go	0.00%	7 Missing ⚠️
pkg/testutils/ddai_builder.go	0.00%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3002      +/-   ##
==========================================
- Coverage   40.76%   40.59%   -0.17%     
==========================================
  Files         332      334       +2     
  Lines       28197    28272      +75     
==========================================
- Hits        11494    11477      -17     
- Misses      15928    16018      +90     
- Partials      775      777       +2     

Flag	Coverage Δ
unittests	40.59% <51.21%> (-0.17%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...roller/datadogagent/component/clusteragent/rbac.go	22.88% <ø> (-42.54%)	⬇️
internal/controller/datadogagent/controller.go	48.00% <ø> (ø)
...r/datadogagent/feature/instrumentationcrd/const.go	100.00% <100.00%> (ø)
pkg/testutils/builder.go	0.00% <0.00%> (ø)
pkg/testutils/ddai_builder.go	0.00% <0.00%> (ø)
...datadogagent/feature/instrumentationcrd/feature.go	60.60% <60.60%> (ø)

... and 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bed889f...d8fdb7f. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[datadog-official]

✨ Fix all issues with BitsAI

🛑 Gate Violations

🎯 1 Code Coverage issue detected

A Patch coverage percentage gate may be blocking this PR.

• Patch coverage: 52.38% (threshold: 80.00%)

ℹ️ Info

🎯 Code Coverage (details)
• Patch Coverage: 52.38%
• Overall Coverage: 40.88% (-0.19%)

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: d8fdb7f | Docs | Datadog PR Page | Give us feedback!}