Only add the AppArmor annotation if the container actually exists

[lebauce]

What does this PR do?

Do not fail on AppArmor annotation when the security-agent container is missing.

Motivation

When both CWS and CSPM are running in system-probe, the operator fails on trying
to add an annotation on a container that doesn't exist:

DaemonSet.apps
"compute-nodeless-adp-uds-v1-agent" is invalid: spec.template.annotations[container.apparmor.security.beta.kubernetes.io/security-agent]: Invalid value:
"security-agent": container not found

Additional Notes

Anything else we should know when reviewing?

Minimum Agent Versions

Are there minimum versions of the Datadog Agent and/or Cluster Agent required?

• Agent: vX.Y.Z
• Cluster Agent: vX.Y.Z

Describe your test plan

Write there any instructions and details you may have to test your PR.

Checklist

• PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
• PR has a milestone or the qa/skip-qa label
• All commits are signed (see: signing commits)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f3d161f83b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Check AppArmor existence using the current container name

When override.Name is set with AppArmorProfileName, this check compares effectiveName (the future renamed name) against the current Spec.Containers list before Container() applies the rename, so containerExists is false and the function returns early. That drops the AppArmor annotation for valid renamed containers, silently ignoring a requested security profile.

Useful? React with 👍 / 👎.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 92.30769% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 39.47%. Comparing base (3d96136) to head (54c6512).

Files with missing lines	Patch %	Lines
...rnal/controller/datadogagent/override/container.go	92.30%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2834      +/-   ##
==========================================
+ Coverage   39.45%   39.47%   +0.01%     
==========================================
  Files         315      315              
  Lines       27482    27489       +7     
==========================================
+ Hits        10842    10850       +8     
  Misses      15836    15836              
+ Partials      804      803       -1     

Flag	Coverage Δ
unittests	39.47% <92.30%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...rnal/controller/datadogagent/override/container.go	96.10% <92.30%> (+0.86%)	⬆️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3d96136...54c6512. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.