Add Private Action Runner feature support

[merchristK]

What does this PR do?

This PR adds support for the Private Action Runner (PAR) feature in the Datadog Operator, allowing users to configure PAR in the cluster agent via the DatadogAgent CRD.

Motivation

Currently, the Datadog Operator doesn't support configuring the Private Action Runner feature through the v2alpha1 API. Users who want to enable PAR need to manually override environment variables or use custom configurations. This PR makes PAR a first-class feature in the operator.

Changes

• API Types: Added PrivateActionRunnerFeatureConfig to v2alpha1.DatadogFeatures

• enabled: Enable/disable PAR in the cluster agent

• selfEnroll: Configure automatic enrollment with Datadog backend

• actionsAllowlist: List of action patterns that PAR is allowed to execute

• Feature Implementation: Created privateactionrunner feature package

• Configures cluster agent with appropriate environment variables:

• DD_PRIVATE_ACTION_RUNNER_ENABLED

• DD_PRIVATE_ACTION_RUNNER_SELF_ENROLL

• DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST

• Registration: Added feature to factory and IDs

• Generated Files: Updated CRDs, deepcopy, OpenAPI schemas, and documentation

Example Configuration

apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
spec:
features:
privateActionRunner:
    enabled: true
    selfEnroll: true
    actionsAllowlist:
    - com.datadoghq.gitlab.*
    - com.datadoghq.script.*
    - com.datadoghq.kubernetes.core.*

Testing

• Code generation completed successfully (make generate, make manifests)
• Build passes (go build ./...)
• CRD generated correctly with PAR configuration
• Documentation auto-generated with PAR fields
• TODO: Add unit tests for the feature
• TODO: Add E2E tests

Additional Notes

This implementation follows the same pattern as other cluster-level features like ClusterChecks and Autoscaling.

[merchristK]

• Add Private Action Runner feature support #2581 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0% with 62 lines in your changes missing coverage. Please review.
✅ Project coverage is 37.94%. Comparing base (998fd8d) to head (837b3c5).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...atadogagent/feature/privateactionrunner/feature.go	0.00%	62 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2581      +/-   ##
==========================================
- Coverage   38.03%   37.94%   -0.10%     
==========================================
  Files         303      304       +1     
  Lines       26091    26153      +62     
==========================================
  Hits         9924     9924              
- Misses      15414    15476      +62     
  Partials      753      753              

Flag	Coverage Δ
unittests	37.94% <0.00%> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
internal/controller/datadogagent/controller.go	53.57% <ø> (ø)
...atadogagent/feature/privateactionrunner/feature.go	0.00% <0.00%> (ø)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 998fd8d...837b3c5. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.