[datadog-operator] Expose DCA Agent Sidecar TLS Config

[gabedos]

What does this PR do?

Expose config option + creates RBACs for creating and mounting the cluster agent's certificate onto agent sidecar container it creates in application namespaces.

Motivation

Expose config option for new Agent feature for TLS communication on agent sidecar in admission controller

Minimum Agent Versions

This feature works only with newer Agent versions. However, the configmap rbac is fine to be applied everywhere.

• Agent: v7.78.0+
• Cluster Agent: v7.78.0+

Describe your test plan

Apply the following agent crd config

apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
  name: datadog-test-tls
  namespace: system
spec:
  global:
    credentials:
      apiSecret:
        secretName: datadog-secret
        keyName: api-key
      appSecret:
        secretName: datadog-secret
        keyName: app-key
  features:
    admissionController:
      enabled: true
      agentSidecarInjection:
        enabled: true
        provider: fargate
        clusterAgentTlsVerification:
          enabled: true
          copyCaConfigMap: true

Check that the configmaps rbacs are present on the dca role

kubectl get clusterrole datadog-test-tls-cluster-agent -o yaml | grep -A 5 "configmaps"
  - configmaps
  verbs:
  - create
  - get
  - list
  - update

Checklist

• PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
• PR has a milestone or the qa/skip-qa label
• All commits are signed (see: signing commits)

[codecov-commenter]

Codecov Report

❌ Patch coverage is 6.89655% with 27 lines in your changes missing coverage. Please review.
✅ Project coverage is 38.77%. Comparing base (08e6a48) to head (30d0938).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...atadogagent/feature/admissioncontroller/feature.go	0.00%	12 Missing and 4 partials ⚠️
...r/datadogagent/feature/admissioncontroller/rbac.go	15.38%	9 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2700      +/-   ##
==========================================
- Coverage   38.81%   38.77%   -0.04%     
==========================================
  Files         307      307              
  Lines       26610    26635      +25     
==========================================
  Hits        10329    10329              
- Misses      15501    15522      +21     
- Partials      780      784       +4     

Flag	Coverage Δ
unittests	38.77% <6.89%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...r/datadogagent/feature/admissioncontroller/rbac.go	79.31% <15.38%> (-10.31%)	⬇️
...atadogagent/feature/admissioncontroller/feature.go	62.67% <0.00%> (-3.40%)	⬇️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 08e6a48...30d0938. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cswatt]

For documentation styleguide reasons, can we capitalize Cluster Agent and Agent?

[cswatt]

thank you!