Add network policies for admission controller feature

[khewonc]

What does this PR do?

Add network policies for the admission controller feature

Motivation

#1490
https://datadoghq.atlassian.net/browse/CECO-1741

Additional Notes

Anything else we should know when reviewing?

Minimum Agent Versions

Are there minimum versions of the Datadog Agent and/or Cluster Agent required?

• Agent: vX.Y.Z
• Cluster Agent: vX.Y.Z

Describe your test plan

1. Create a cluster with a network plugin enabled
2. Deploy the operator
3. Deploy a DDA with network policies and the admission controller feature enabled

    networkPolicy:
      create: true
      flavor: <kubernetes or cilium>

4. Deploy an app that the admission controller should mutate. Example label and annotation below adds an init container that installs the python tracer to the app pod

apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis
  labels:
    app: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  template:
    metadata:
      labels:
        app: redis
        admission.datadoghq.com/enabled: "true"
      annotations:
        admission.datadoghq.com/python-lib.version: "v2.16.0"
    spec:
      containers:
        - name: redis
          imagePullPolicy: IfNotPresent
          image: redis:latest
          resources: {}

5. Ensure the app is mutated. The example above should start the app pod with the init container datadog-lib-python-init. If not mutated successfully, there won't be an init container

Checklist

• PR has at least one valid label: bug, enhancement, refactoring, documentation, tooling, and/or dependencies
• PR has a milestone or the qa/skip-qa label

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 5.45455% with 52 lines in your changes missing coverage. Please review.

Project coverage is 48.57%. Comparing base (ae0c0ff) to head (f035b61).

Files with missing lines	Patch %	Lines
...atadogagent/feature/admissioncontroller/feature.go	5.45%	50 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1515      +/-   ##
==========================================
- Coverage   48.69%   48.57%   -0.13%     
==========================================
  Files         225      225              
  Lines       19903    19957      +54     
==========================================
+ Hits         9692     9694       +2     
- Misses       9702     9752      +50     
- Partials      509      511       +2     

Flag	Coverage Δ
unittests	48.57% <5.45%> (-0.13%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...atadogagent/feature/admissioncontroller/feature.go	66.23% <5.45%> (-13.30%)	⬇️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ae0c0ff...f035b61. Read the comment docs.

[clamoriniere]

I was wondering if we have some available possibility to change the port, but it doesnt seems to be the case. Service is created the same way

[khewonc]

I see we have DD_ADMISSION_CONTROLLER_PORT in the agent but we don't have an option to set that in the operator. I can create a card for it