Only add the AppArmor annotation if the container actually exists

[lebauce]

What does this PR do?

Do not fail on AppArmor annotation when the security-agent container is missing.

Motivation

When both CWS and CSPM are running in system-probe, the operator fails on trying
to add an annotation on a container that doesn't exist:

DaemonSet.apps
"compute-nodeless-adp-uds-v1-agent" is invalid: spec.template.annotations[container.apparmor.security.beta.kubernetes.io/security-agent]: Invalid value:
"security-agent": container not found

Additional Notes

Anything else we should know when reviewing?

Minimum Agent Versions

Are there minimum versions of the Datadog Agent and/or Cluster Agent required?

• Agent: vX.Y.Z
• Cluster Agent: vX.Y.Z

Describe your test plan

Write there any instructions and details you may have to test your PR.

Checklist

• PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
• PR has a milestone or the qa/skip-qa label
• All commits are signed (see: signing commits)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f3d161f83b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Check AppArmor existence using the current container name

When override.Name is set with AppArmorProfileName, this check compares effectiveName (the future renamed name) against the current Spec.Containers list before Container() applies the rename, so containerExists is false and the function returns early. That drops the AppArmor annotation for valid renamed containers, silently ignoring a requested security profile.

Useful? React with 👍 / 👎.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 91.66667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 38.80%. Comparing base (8c060c4) to head (e07beeb).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...rnal/controller/datadogagent/override/container.go	91.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2834      +/-   ##
==========================================
+ Coverage   38.74%   38.80%   +0.05%     
==========================================
  Files         311      311              
  Lines       26992    27056      +64     
==========================================
+ Hits        10459    10499      +40     
- Misses      15755    15780      +25     
+ Partials      778      777       -1     

Flag	Coverage Δ
unittests	38.80% <91.66%> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...rnal/controller/datadogagent/override/container.go	96.07% <91.66%> (+0.84%)	⬆️

... and 2 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8c060c4...e07beeb. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.