feat(agent): add label for Java options variable name (#1035)

internal/controllers/constants/constants.go

@@ -65,6 +65,7 @@ const (
 	AgentLabelCallbackPort      = agentLabelPrefix + "callback-port"
 	AgentLabelContainer         = agentLabelPrefix + "container"
 	AgentLabelReadOnly          = agentLabelPrefix + "read-only"
+	AgentLabelJavaOptionsVar    = agentLabelPrefix + "java-options-var"
 
 	CryostatCATLSCommonName     = "cryostat-ca-cert-manager"
 	CryostatTLSCommonName       = "cryostat"

internal/webhooks/agent/pod_defaulter.go

@@ -53,6 +53,7 @@ const (
 	agentMaxSizeBytes      = "50Mi"
 	agentInitCpuRequest    = "10m"
 	agentInitMemoryRequest = "32Mi"
+	defaultJavaOptsVar     = "JAVA_TOOL_OPTIONS"
 )
 
 // Default optionally mutates a pod to inject the Cryostat agent
@@ -274,8 +275,8 @@ func (r *podMutator) Default(ctx context.Context, obj runtime.Object) error {
 			},
 		)
 	}
-	// Inject agent using JAVA_TOOL_OPTIONS, appending to any existing value
-	extended, err := extendJavaToolOptions(container.Env)
+	// Inject agent using JAVA_TOOL_OPTIONS or specified variable, appending to any existing value
+	extended, err := extendJavaOptsVar(container.Env, getJavaOptionsVar(pod.Labels))
 	if err != nil {
 		return err
 	}
@@ -339,6 +340,15 @@ func hasWriteAccess(labels map[string]string) (*bool, error) {
 	return &result, nil
 }
 
+func getJavaOptionsVar(labels map[string]string) string {
+	result := defaultJavaOptsVar
+	value, pres := labels[constants.AgentLabelJavaOptionsVar]
+	if pres {
+		result = value
+	}
+	return result
+}
+
 func (r *podMutator) callbackEnv(cr *model.CryostatInstance, namespace string, tls bool, containerPort int32) []corev1.EnvVar {
 	scheme := "https"
 	if !tls {
@@ -409,8 +419,8 @@ func findNamedContainer(containers []corev1.Container, name string) (*corev1.Con
 	return nil, fmt.Errorf("no container found with name \"%s\"", name)
 }
 
-func extendJavaToolOptions(envs []corev1.EnvVar) ([]corev1.EnvVar, error) {
-	existing, err := findJavaToolOptions(envs)
+func extendJavaOptsVar(envs []corev1.EnvVar, javaOptsVar string) ([]corev1.EnvVar, error) {
+	existing, err := findJavaOptsVar(envs, javaOptsVar)
 	if err != nil {
 		return nil, err
 	}
@@ -419,21 +429,19 @@ func extendJavaToolOptions(envs []corev1.EnvVar) ([]corev1.EnvVar, error) {
 		existing.Value += " " + agentArg
 	} else {
 		envs = append(envs, corev1.EnvVar{
-			Name:  "JAVA_TOOL_OPTIONS",
+			Name:  javaOptsVar,
 			Value: agentArg,
 		})
 	}
 
 	return envs, nil
 }
 
-var errJavaToolOptionsValueFrom error = errors.New("environment variable JAVA_TOOL_OPTIONS uses \"valueFrom\" and cannot be extended")
-
-func findJavaToolOptions(envs []corev1.EnvVar) (*corev1.EnvVar, error) {
+func findJavaOptsVar(envs []corev1.EnvVar, javaOptsVar string) (*corev1.EnvVar, error) {
 	for i, env := range envs {
-		if env.Name == "JAVA_TOOL_OPTIONS" {
+		if env.Name == javaOptsVar {
 			if env.ValueFrom != nil {
-				return nil, errJavaToolOptionsValueFrom
+				return nil, fmt.Errorf("environment variable %s uses \"valueFrom\" and cannot be extended", javaOptsVar)
 			}
 			return &envs[i], nil
 		}

internal/webhooks/agent/pod_defaulter_test.go

@@ -409,6 +409,16 @@ var _ = Describe("PodDefaulter", func() {
 					ExpectPod()
 				})
 			})
+
+			Context("with a custom java options var label", func() {
+				BeforeEach(func() {
+					t.objs = append(t.objs, t.NewCryostat().Object)
+					originalPod = t.NewPodJavaOptsVar()
+					expectedPod = t.NewMutatedPodJavaOptsVarLabel()
+				})
+
+				ExpectPod()
+			})
 		})
 
 		Context("with a missing Cryostat CR", func() {

internal/webhooks/agent/test/resources.go

@@ -180,15 +180,22 @@ func (r *AgentWebhookTestResources) NewPodReadOnlyLabelInvalid() *corev1.Pod {
 	return pod
 }
 
+func (r *AgentWebhookTestResources) NewPodJavaOptsVar() *corev1.Pod {
+	pod := r.NewPod()
+	pod.Labels["cryostat.io/java-options-var"] = "SOME_OTHER_VAR"
+	return pod
+}
+
 type mutatedPodOptions struct {
-	javaToolOptions string
-	namespace       string
-	image           string
-	pullPolicy      corev1.PullPolicy
-	gatewayPort     int32
-	callbackPort    int32
-	writeAccess     *bool
-	scheme          string
+	javaOptionsName  string
+	javaOptionsValue string
+	namespace        string
+	image            string
+	pullPolicy       corev1.PullPolicy
+	gatewayPort      int32
+	callbackPort     int32
+	writeAccess      *bool
+	scheme           string
 	// Function to produce mutated container array
 	containersFunc func(*AgentWebhookTestResources, *mutatedPodOptions) []corev1.Container
 }
@@ -212,6 +219,9 @@ func (r *AgentWebhookTestResources) setDefaultMutatedPodOptions(options *mutated
 	if options.writeAccess == nil {
 		options.writeAccess = &[]bool{true}[0]
 	}
+	if len(options.javaOptionsName) == 0 {
+		options.javaOptionsName = "JAVA_TOOL_OPTIONS"
+	}
 	options.scheme = "https"
 	if !r.TLS {
 		options.scheme = "http"
@@ -227,7 +237,7 @@ func (r *AgentWebhookTestResources) NewMutatedPod() *corev1.Pod {
 
 func (r *AgentWebhookTestResources) NewMutatedPodJavaToolOptions() *corev1.Pod {
 	return r.newMutatedPod(&mutatedPodOptions{
-		javaToolOptions: "-Dexisting=var ",
+		javaOptionsValue: "-Dexisting=var ",
 	})
 }
 
@@ -281,6 +291,12 @@ func (r *AgentWebhookTestResources) NewMutatedPodReadOnlyLabel() *corev1.Pod {
 	})
 }
 
+func (r *AgentWebhookTestResources) NewMutatedPodJavaOptsVarLabel() *corev1.Pod {
+	return r.newMutatedPod(&mutatedPodOptions{
+		javaOptionsName: "SOME_OTHER_VAR",
+	})
+}
+
 func (r *AgentWebhookTestResources) newMutatedPod(options *mutatedPodOptions) *corev1.Pod {
 	r.setDefaultMutatedPodOptions(options)
 	pod := &corev1.Pod{
@@ -403,8 +419,8 @@ func (r *AgentWebhookTestResources) newMutatedContainer(original *corev1.Contain
 				Value: strconv.Itoa(int(options.callbackPort)),
 			},
 			{
-				Name:  "JAVA_TOOL_OPTIONS",
-				Value: options.javaToolOptions + "-javaagent:/tmp/cryostat-agent/cryostat-agent-shaded.jar",
+				Name:  options.javaOptionsName,
+				Value: options.javaOptionsValue + "-javaagent:/tmp/cryostat-agent/cryostat-agent-shaded.jar",
 			},
 		}...),
 		Ports: []corev1.ContainerPort{