diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh index 04ad473d7..03d901387 100755 --- a/.github/helm-docs.sh +++ b/.github/helm-docs.sh @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -HELM_DOCS_VERSION="1.10.0" +HELM_DOCS_VERSION="1.14.2" OS=$(uname) ARCH=$(uname -m) diff --git a/.github/kubeconform.sh b/.github/kubeconform.sh index 872c011d3..749da9719 100755 --- a/.github/kubeconform.sh +++ b/.github/kubeconform.sh @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -KUBECONFORM_VERSION="v0.6.4" +KUBECONFORM_VERSION="v0.6.7" # https://github.com/yannh/kubeconform/issues/51 CRD_SPEC_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json" # Remove after v1.16 support / testing is dropped diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d6a4f786a..bbce00ed9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,11 @@ on: paths: - "charts/**" +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: changed: runs-on: ubuntu-latest @@ -12,7 +17,7 @@ jobs: charts: ${{ steps.list-changed.outputs.changed }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Helm @@ -23,7 +28,7 @@ jobs: with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed env: @@ -47,14 +52,14 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/setup-python@v4 with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (lint) run: ct lint --config .github/ct.yaml @@ -64,7 +69,7 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Run helm-docs @@ -87,10 +92,15 @@ jobs: - v1.22.17 - v1.24.17 - v1.25.16 - - v1.26.13 + - v1.26.15 + - v1.27.16 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Add datadog helm repo @@ -112,27 +122,43 @@ jobs: - kubeconform-chart strategy: matrix: - k8s: - - v1.18.20 - - v1.22.9 - - v1.24.2 - - v1.25.16 - - v1.26.13 + versions: + - k8s: v1.18.20 + kind: v0.17.0 + - k8s: v1.22.17 + kind: v0.22.0 + - k8s: v1.24.17 + kind: v0.22.0 + - k8s: v1.25.16 + kind: v0.22.0 + - k8s: v1.26.15 + kind: v0.22.0 + - k8s: v1.27.16 + kind: v0.22.0 + - k8s: v1.28.13 + kind: v0.22.0 + - k8s: v1.29.8 + kind: v0.22.0 + - k8s: v1.30.4 + kind: v0.22.0 + - k8s: v1.31.1 + kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create kind ${{ matrix.k8s }} cluster - uses: helm/kind-action@v1.5.0 + - name: Create kind ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} + uses: helm/kind-action@v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s }} + version: ${{ matrix.versions.kind }} + node_image: kindest/node:${{ matrix.versions.k8s}} config: .github/kind_config.yaml - uses: actions/setup-python@v4 with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (install) run: ct install --config .github/ct.yaml diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml index a42811bde..dc26fd575 100644 --- a/.github/workflows/go-test-private-action-runner.yaml +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -8,6 +8,12 @@ on: paths: - 'test/private-action-runner/**' - 'charts/private-action-runner/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 8b83c292b..739a20b1b 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -8,6 +8,12 @@ on: paths: - 'test/datadog-operator/**' - 'charts/datadog-operator/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" @@ -21,9 +27,9 @@ jobs: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@v4.2.0 with: - version: v3.10.1 + version: v3.14.0 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory @@ -39,27 +45,40 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - k8s: - - v1.16.15 - - v1.18.20 - - v1.22.9 - - v1.24.2 - - v1.25.2 - - v1.26.6 - - v1.27.3 - - v1.28.7 - - v1.29.2 - - v1.30.0 + versions: + - k8s: v1.16.15 + kind: v0.15.0 + - k8s: v1.18.20 + kind: v0.17.0 + - k8s: v1.22.17 + kind: v0.22.0 + - k8s: v1.24.17 + kind: v0.22.0 + - k8s: v1.25.16 + kind: v0.22.0 + - k8s: v1.26.15 + kind: v0.22.0 + - k8s: v1.27.16 + kind: v0.22.0 + - k8s: v1.28.13 + kind: v0.22.0 + - k8s: v1.29.8 + kind: v0.22.0 + - k8s: v1.30.4 + kind: v0.22.0 + - k8s: v1.31.1 + kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create kind ${{ matrix.k8s }} cluster - uses: helm/kind-action@v1.5.0 + - name: Create K8s ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} + uses: helm/kind-action@v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s }} - cluster_name: operator-ci-${{ matrix.k8s }} + version: ${{ matrix.versions.kind }} + node_image: kindest/node:${{ matrix.versions.k8s }} + cluster_name: operator-ci-${{ matrix.versions.k8s }} config: .github/kind_config.yaml - name: Add Cert Manager Helm repo run: helm repo add jetstack https://charts.jetstack.io && helm repo update @@ -69,8 +88,8 @@ jobs: env: API_KEY: ${{ secrets.GO_INTEG_TEST_API_KEY }} APP_KEY: ${{ secrets.GO_INTEG_TEST_APP_KEY }} - CLUSTER_NAME: operator-ci-${{ matrix.k8s }} - K8S_VERSION: ${{ matrix.k8s }} + CLUSTER_NAME: operator-ci-${{ matrix.versions.k8s }} + K8S_VERSION: ${{ matrix.versions.k8s }} run: | kubectl cluster-info kubectl get nodes diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml index f1d36ed3d..ff711a73d 100644 --- a/.github/workflows/pr-labeler.yaml +++ b/.github/workflows/pr-labeler.yaml @@ -4,10 +4,17 @@ on: branches: - main +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: label: name: Add label for PRs runs-on: ubuntu-latest + permissions: + pull-requests: write timeout-minutes: 5 steps: - uses: actions/labeler@v5 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bb531756f..e33b3d11f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,9 +7,14 @@ on: paths: - 'charts/**' +permissions: {} + jobs: release: runs-on: ubuntu-latest + permissions: + # https://github.com/helm/chart-releaser-action + contents: write steps: - name: Checkout uses: actions/checkout@v3 diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 23e68d1cf..39f9e8402 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,14 @@ # Changelog +# 2.2.0 + +* Update CRDs from Datadog Operator v1.10.0 tag. + +## 2.1.0 + +* Update CRDs from Datadog Operator v1.9.0 tag. +* Add DatadogDashboards CRD. + ## 2.0.0 * Update CRDs from Datadog Operator v1.8.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 95a8aefaf..f4e6c9763 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.0.0 +version: 2.2.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 07cd7d0d2..851d16f49 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -24,6 +24,7 @@ But the recommended Kubernetes versions are `1.16+`. |-----|------|---------|-------------| | crds.datadogAgentProfiles | bool | `false` | Set to true to deploy the DatadogAgentProfiles CRD | | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | +| crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboards CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | | crds.datadogPodAutoscalers | bool | `false` | Set to true to deploy the DatadogPodAutoscalers CRD | diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index 09f81c4e2..985391de5 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -250,7 +250,40 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + updateStrategy: + description: |- + The deployment strategy to use to replace existing pods with new ones. + Valid types are `RollingUpdate` or `OnDelete` for DaemonSets + properties: + rollingUpdate: + description: Configure the rolling update strategy of the Deployment or DaemonSet. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge behaves differently based on the Kubernetes resource. Refer to the + Kubernetes API documentation for additional details. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Refer to the Kubernetes API documentation for additional details.. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate" + or "Recreate" for Deployments + type: string + type: object type: object + description: Override the default configurations of the node agent. type: object type: object profileAffinity: @@ -373,6 +406,29 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + createStrategy: + description: CreateStrategy is the state of the create strategy feature. + properties: + lastTransition: + description: LastTransition is the last time the status was updated. + format: date-time + type: string + maxUnavailable: + description: MaxUnavailable shows the number of pods that can be in an unready state. + format: int32 + type: integer + nodesLabeled: + description: NodesLabeled shows the number of nodes currently labeled. + format: int32 + type: integer + podsReady: + description: PodsReady shows the number of pods in the ready state. + format: int32 + type: integer + status: + description: Status shows the current state of the feature. + type: string + type: object currentHash: description: CurrentHash is the stored hash of the DatadogAgentProfile. type: string diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index a0c10a59a..5359f9b03 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -701,6 +701,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -708,6 +716,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -851,6 +867,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1006,6 +1089,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1076,6 +1171,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1975,6 +2095,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2137,6 +2280,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3723,6 +3870,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3730,6 +3885,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml new file mode 100644 index 000000000..aa593079c --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml @@ -0,0 +1,268 @@ +{{- if and .Values.crds.datadogDashboards (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: datadogdashboards.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogDashboard + listKind: DatadogDashboardList + plural: datadogdashboards + shortNames: + - ddd + singular: datadogdashboard + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogDashboard is the Schema for the datadogdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogDashboardSpec defines the desired state of DatadogDashboard + properties: + description: + description: Description is the description of the dashboard. + type: string + layoutType: + description: LayoutType is the layout type of the dashboard. + type: string + notifyList: + description: NotifyList is the list of handles of users to notify when changes are made to this dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + reflowType: + description: |- + Reflowtype is the reflow type for a 'new dashboard layout' dashboard. Set this only when layout type is 'ordered'. + If set to 'fixed', the dashboard expects all widgets to have a layout, and if it's set to 'auto', + widgets should not have layouts. + type: string + tags: + description: Tags is a list of team names representing ownership of a dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + templateVariablePresets: + description: TemplateVariablePresets is an array of template variables saved views. + items: + description: DashboardTemplateVariablePreset Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + templateVariables: + description: List of variables. + items: + description: DashboardTemplateVariablePresetValue Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + values: + description: One or many template variable values within the saved view, which will be unioned together using `OR` if more than one is specified. Cannot be used in conjunction with `value`. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + templateVariables: + description: TemplateVariables is a list of template variables for this dashboard. + items: + description: DashboardTemplateVariable Template variable. + properties: + availableValues: + description: The list of values that the template variable drop-down is limited to. + items: + type: string + type: array + defaults: + description: One or many default values for template variables on load. If more than one default is specified, they will be unioned together with `OR`. Cannot be used in conjunction with `default`. + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: The name of the variable. + type: string + prefix: + description: The tag prefix associated with the variable. Only tags with this prefix appear in the variable drop-down. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + title: + description: Title is the title of the dashboard. + type: string + widgets: + description: Widgets is a JSON string representation of a list of Datadog API Widgets + type: string + type: object + status: + description: DatadogDashboardStatus defines the observed state of DatadogDashboard + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogDashboard. + items: + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + + + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the dashboard was created. + format: date-time + type: string + creator: + description: Creator is the identity of the dashboard creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogDashboardSpec to know + if the Spec has changed and needs an update. + type: string + id: + description: ID is the dashboard ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API dashboard was last force synced with the DatadogDashboard resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the dashboard state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index 10e050b87..dd9811dd8 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -132,6 +132,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean @@ -159,6 +160,7 @@ spec: description: MonitorRenotifyStatusType The different statuses for which renotification is supported. type: string type: array + x-kubernetes-list-type: set requireFullWindow: description: |- A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly @@ -278,9 +280,11 @@ spec: downtimeStatus: description: DowntimeStatus defines whether the monitor is downtimed properties: - downtimeId: + downtimeID: + description: DowntimeID is the downtime ID. type: integer isDowntimed: + description: IsDowntimed shows the downtime status of the monitor. type: boolean type: object id: @@ -301,14 +305,14 @@ spec: description: MonitorStateLastUpdateTime is the last time the monitor state updated format: date-time type: string + monitorStateSyncStatus: + description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog + type: string primary: description: |- Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) type: boolean - syncStatus: - description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog - type: string triggeredState: description: TriggeredState only includes details for monitor groups that are triggering items: diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index d6c88cc67..457b77afd 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -59,3 +59,4 @@ download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors da download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogpodautoscalers datadogPodAutoscalers v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogdashboards datadogDashboards v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 5f9ea8e3d..2b89e21f0 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -15,6 +15,8 @@ crds: datadogAgentProfiles: false # crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD datadogPodAutoscalers: false + # crds.datadogDashboards -- Set to true to deploy the DatadogDashboards CRD + datadogDashboards: false # nameOverride -- Override name of app nameOverride: "" diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index e631e2761..773a75e11 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## 2.3.0 + +* Update Datadog Operator version to 1.10.0. + +## 2.2.0 + +* Add clusterRole.allowReadAllResources to allow viewing all resources. This is required for collecting custom resources in the Kubernetes Explorer + +## 2.1.0 + +* Update Datadog Operator version to 1.9.0. +* Add DatadogDashboard configuration. + ## 2.0.1 * Make Operator `livenessProbe` configurable. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index 6fd0a13b2..41fd2ccbd 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 2.0.0 -digest: sha256:39f4d700e87701398d61344f3f816586017a20396c07a4953a60da9c46edc74b -generated: "2024-08-16T15:47:01.022149-04:00" + version: 2.2.0 +digest: sha256:42b9b7296f565f17f11adea26fa8cb003c0f01551a84793873a3ae6c73efedc2 +generated: "2024-11-08T14:03:54.721912-05:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index cdf2a498e..c9e85b586 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.0.1 -appVersion: 1.8.0 +version: 2.3.0 +appVersion: 1.10.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=2.0.0" + version: "=2.2.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 41bdc7883..532eb73ce 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.0.1](https://img.shields.io/badge/Version-2.0.1-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square) ## Values @@ -12,15 +12,18 @@ | appKey | string | `nil` | Your Datadog APP key | | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one | | clusterName | string | `nil` | Set a unique cluster name reporting from the Datadog Operator. | +| clusterRole | object | `{"allowReadAllResources":false}` | Set specific configuration for the cluster role | | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | | datadogAgentProfile.enabled | bool | `false` | If true, enables DatadogAgentProfile controller (beta). Requires v1.5.0+ | | datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | +| datadogCRDs.crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboard CRD | | datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | | datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | | datadogCRDs.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | +| datadogDashboard.enabled | bool | `false` | Enables the Datadog Dashboard controller | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | | datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | @@ -30,7 +33,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.8.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.10.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 695d66d0a..afc48dc57 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.8.0" }} +{{ "1.10.0" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 7dc6b54bb..1032e2aba 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -200,15 +200,9 @@ rules: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resources: - validatingwebhookconfigurations verbs: - - list - - watch + - '*' - apiGroups: - apiextensions.k8s.io resources: @@ -772,5 +766,41 @@ rules: - patch - update {{- end }} +{{- if .Values.datadogDashboard.enabled }} +- apiGroups: + - datadoghq.com + resources: + - datadogdashboards + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datadoghq.com + resources: + - datadogdashboards/finalizers + verbs: + - update +- apiGroups: + - datadoghq.com + resources: + - datadogdashboards/status + verbs: + - get + - patch + - update +{{- end }} +{{- if .Values.clusterRole.allowReadAllResources }} +- apiGroups: + - '*' + resources: + - '*' + verbs: + - list + - watch +{{- end }} {{- end }} - diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 28c9da80b..1bb1b1322 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -129,6 +129,9 @@ spec: {{- if (semverCompare ">=1.3.0" $version) }} - "-datadogSLOEnabled={{ .Values.datadogSLO.enabled }}" {{- end }} + {{- if (semverCompare ">=1.9.0-0" $version) }} + - "-datadogDashboardEnabled={{ .Values.datadogDashboard.enabled }}" + {{- end }} {{- if (semverCompare ">=1.7.0" $version) }} - "-remoteConfigEnabled={{ .Values.remoteConfiguration.enabled }}" {{- end }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 6e8838726..3558679f4 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.8.0 + tag: 1.10.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. @@ -84,6 +84,9 @@ secretBackend: datadogAgent: # datadogAgent.enabled -- Enables Datadog Agent controller enabled: true +datadogDashboard: + # datadogDashboard.enabled -- Enables the Datadog Dashboard controller + enabled: false datadogMonitor: # datadogMonitor.enabled -- Enables the Datadog Monitor controller enabled: false @@ -142,6 +145,8 @@ datadogCRDs: datadogMonitors: true # datadogCRDs.crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD datadogSLOs: false + # datadogCRDs.crds.datadogDashboards -- Set to true to deploy the DatadogDashboard CRD + datadogDashboards: false # podAnnotations -- Allows setting additional annotations for Datadog Operator PODs podAnnotations: {} @@ -185,3 +190,9 @@ livenessProbe: # timeoutSeconds: 1 # successThreshold: 1 # failureThreshold: 3 + +# clusterRole -- Set specific configuration for the cluster role +clusterRole: + # allowReadAllResources is required to allow the operator to view all custom resources. + # If collecting CRDs in the Kubernetes Explorer this is required + allowReadAllResources: false diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 661a08cd5..d9817331a 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,8 +1,85 @@ # Datadog changelog +## 3.81.0 + +* Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. This option enables K8s clusters with hostPort and hostPath volumes restrictions to use the K8s local service to send traces. + +## 3.80.0 + +* Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. + +## 3.79.1 + +* Document how to use `datadog.envDict` option with the `--set` helm's flag. + +## 3.79.0 + +* Add Logs Collection support for Google GKE on GDC + +## 3.78.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.59.0`. + +## 3.77.3 + +* Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. + +## 3.77.2 + +* Add the ability to include Security Contexts at the container level for Cluster Checks Runners. + +## 3.77.1 + +* Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. + +## 3.77.0 + +* Add experimental support for overlayfs direct scan for SBOMs + +## 3.76.3 + +* Add `podisruptionbudgets` RBAC to the Cluster Agent. + +## 3.76.2 + +* Fix warning message displayed when installing/upgrading the Agent with OTel collector. +* Add preview message in values.yaml file. + +## 3.76.1 + +* Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. + +## 3.76.0 + +* Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. + +## 3.75.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.58.0`. + +## 3.74.6 + +* Fix error message for when System Probe is enabled on GKE Autopilot + +## 3.74.5 + +* Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. + +## 3.74.4 + +* Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. + +## 3.74.3 + +* Do not mount `/usr/lib/sysimage/rpm` (reverts https://github.com/DataDog/helm-charts/pull/1541): in some operating systems such as Bottlerocket, `/usr` is `read-only`, preventing the Agent from being deployed when `datadog.sbom.host.enabled` is set to `true` as kubelet cannot create the directory at this location if it does not exist. + +## 3.74.2 + +* Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). + ## 3.74.1 -* Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. -* This is for K8s clusters that restrict hostPorts and hostPaths volumes, therefore can only use the K8s local service to send traces. + +* Pass components env variables to the cluster checks runner deployment pod spec. ## 3.74.0 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index ea5a84191..a7f218f42 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.1 +version: 3.81.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index bff0a4e03..4f40759a1 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.1](https://img.shields.io/badge/Version-3.74.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.81.0](https://img.shields.io/badge/Version-3.81.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -441,6 +441,16 @@ agents: # (...) ``` +## Set an environment variable with the `--set` helm flag + +You can set environment variables using the `--set` helm's flag thanks to the `datadog.envDict` field. + +For example, to set the `DD_ENV` environment variable: + +```console +$ helm install --set datadog.envDict.DD_ENV=prod datadog/datadog +``` + ## All configuration options The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -515,7 +525,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.57.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.59.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -564,8 +574,12 @@ helm install \ | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | +| clusterAgent.admissionController.mutation | object | `{"enabled":true}` | Mutation Webhook configuration options | +| clusterAgent.admissionController.mutation.enabled | bool | `true` | Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). | | clusterAgent.admissionController.port | int | `8000` | Set port of cluster-agent admission controller service | | clusterAgent.admissionController.remoteInstrumentation.enabled | bool | `false` | Enable polling and applying library injection using Remote Config. # This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. # Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. | +| clusterAgent.admissionController.validation | object | `{"enabled":true}` | Validation Webhook configuration options | +| clusterAgent.admissionController.validation.enabled | bool | `true` | Enabled enables the Admission Controller validation webhook. Default: true. (Requires Agent 7.59.0+). | | clusterAgent.admissionController.webhookName | string | `"datadog-webhook"` | Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent | | clusterAgent.advancedConfd | object | `{}` | Provide additional cluster check configurations. Each key is an integration containing several config files. | | clusterAgent.affinity | object | `{}` | Allow the Cluster Agent Deployment to schedule using affinity rules | @@ -590,7 +604,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.57.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.59.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -629,6 +643,8 @@ helm install \ | clusterAgent.volumes | list | `[]` | Specify additional volumes to mount in the cluster-agent container | | clusterChecksRunner.additionalLabels | object | `{}` | Adds labels to the cluster checks runner deployment and pods | | clusterChecksRunner.affinity | object | `{}` | Allow the ClusterChecks Deployment to schedule using affinity rules. | +| clusterChecksRunner.containers.agent.securityContext | object | `{}` | Specify securityContext on the agent container | +| clusterChecksRunner.containers.initContainers.securityContext | object | `{}` | Specify securityContext on the init containers | | clusterChecksRunner.createPodDisruptionBudget | bool | `false` | Create the pod disruption budget to apply to the cluster checks agents | | clusterChecksRunner.deploymentAnnotations | object | `{}` | Annotations to add to the cluster-checks-runner's Deployment | | clusterChecksRunner.dnsConfig | object | `{}` | specify dns configuration options for datadog cluster agent containers e.g ndots | @@ -642,7 +658,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.57.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.59.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | @@ -751,6 +767,7 @@ helm install \ | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | +| datadog.kubernetesEvents.sourceDetectionEnabled | bool | `false` | Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | | datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | @@ -774,7 +791,7 @@ helm install \ | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | | datadog.originDetectionUnified.enabled | bool | `false` | Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | -| datadog.otelCollector.config | object | `{}` | OTel collector configuration | +| datadog.otelCollector.config | string | `nil` | OTel collector configuration | | datadog.otelCollector.enabled | bool | `false` | Enable the OTel Collector | | datadog.otelCollector.ports | list | `[{"containerPort":"4317","name":"otel-grpc"},{"containerPort":"4318","name":"otel-http"}]` | Ports that OTel Collector is listening | | datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | @@ -790,7 +807,7 @@ helm install \ | datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | | datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection | | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | -| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. | +| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.57.0+ and Linux. | | datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | | datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | @@ -799,7 +816,8 @@ helm install \ | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. DEPRECATED: Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | -| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `false` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. | +| datadog.sbom.containerImage.overlayFSDirectScan | bool | `false` | Use experimental overlayFS direct scan | +| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `true` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | | datadog.secretAnnotations | object | `{}` | | | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | @@ -876,6 +894,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | +| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/README.md.gotmpl b/charts/datadog/README.md.gotmpl index 6e4708ca0..5e99e6f20 100644 --- a/charts/datadog/README.md.gotmpl +++ b/charts/datadog/README.md.gotmpl @@ -437,6 +437,16 @@ agents: # (...) ``` +## Set an environment variable with the `--set` helm flag + +You can set environment variables using the `--set` helm's flag thanks to the `datadog.envDict` field. + +For example, to set the `DD_ENV` environment variable: + +```console +$ helm install --set datadog.envDict.DD_ENV=prod datadog/datadog +``` + ## All configuration options The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/charts/datadog/ci/gke-gdc-values.yaml b/charts/datadog/ci/gke-gdc-values.yaml new file mode 100644 index 000000000..1c6fcc087 --- /dev/null +++ b/charts/datadog/ci/gke-gdc-values.yaml @@ -0,0 +1,20 @@ +providers: + gke: + gdc: true + +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + + apm: + socketEnabled: false + portEnabled: false + + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true + + kubeStateMetricsCore: + enabled: true diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 64c91fc40..f2db9ed25 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -352,7 +352,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes ##################################################################### #### WARNING: System Probe is not supported on GKE Autopilot #### ##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} +{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill' and 'datadog.serviceMonitoring.enabled' must be set 'false'" }} {{- end }} @@ -619,5 +619,5 @@ OTel collector is not supported on GKE Autopilot. ################################################################# #### WARNING: Private Beta notice #### ################################################################# -OTel collector is in private beta. Please reach out to your Datadog representative for more information. +OTel collector is in preview. Please reach out to your Datadog representative for more information. {{- end }} diff --git a/charts/datadog/templates/_ac-agent-sidecar-env.yaml b/charts/datadog/templates/_ac-agent-sidecar-env.yaml index c25e783d7..0e9799d38 100644 --- a/charts/datadog/templates/_ac-agent-sidecar-env.yaml +++ b/charts/datadog/templates/_ac-agent-sidecar-env.yaml @@ -14,14 +14,6 @@ value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} {{- end }} -{{- if .Values.clusterAgent.admissionController.containerRegistry }} -- name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: {{ .Values.clusterAgent.admissionController.containerRegistry }} -{{- else if .Values.registry }} -- name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: {{ .Values.registry }} -{{- end }} - {{- if .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 95b8016d3..0ca7b0363 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -1,10 +1,6 @@ # The purpose of this template is to define a minimal set of environment -# variables shared between components: agent, cluster-agent +# variables shared between components: agent, cluster-agent and cluster checks runner {{- define "components-common-env" -}} -- name: DD_LANGUAGE_DETECTION_ENABLED - value: {{ include "language-detection-enabled" . | quote }} -- name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: {{ include "language-detection-enabled" . | quote }} {{- if .Values.datadog.secretBackend.command }} - name: DD_SECRET_BACKEND_COMMAND value: {{ .Values.datadog.secretBackend.command | quote }} @@ -68,4 +64,10 @@ - name: DD_EXCLUDE_PAUSE_CONTAINER value: "false" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt +- name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key +{{- end }} {{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 90200d49e..5219db7ed 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" .Values.datadog.sbom.containerImage.uncompressedLayersSupport) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") (and .Values.datadog.sbom.containerImage.uncompressedLayersSupport (not .Values.datadog.sbom.containerImage.overlayFSDirectScan)))) | indent 2 }} resources: {{ toYaml .Values.agents.containers.agent.resources | indent 4 }} ports: @@ -121,7 +121,7 @@ - name: DD_HEALTH_PORT {{- $healthPort := .Values.agents.containers.agent.healthPort }} value: {{ $healthPort | quote }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} @@ -177,11 +177,17 @@ - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} + {{- if (eq (include "should-enable-sbom-container-image-collection" .) "true") }} {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if .Values.datadog.sbom.containerImage.overlayFSDirectScan }} + - name: DD_SBOM_CONTAINER_IMAGE_OVERLAYFS_DIRECT_SCAN + value: "true" + {{- else }} - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT value: "true" {{- end }} - + {{- end }} + {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: DD_SBOM_HOST_ENABLED value: "true" @@ -231,6 +237,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false @@ -256,6 +263,7 @@ mountPath: /etc/passwd readOnly: true {{- end }} + {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir mountPath: /opt/datadog-agent/run @@ -269,17 +277,20 @@ mountPath: /var/log/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if not .Values.datadog.criSocketPath }} + {{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - name: logdockercontainerpath mountPath: /var/lib/docker/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} {{- end }} - {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") (or .Values.datadog.sbom.containerImage.uncompressedLayersSupport .Values.datadog.sbom.containerImage.overlayFSDirectScan)}} - name: host-containerd-dir mountPath: /host/var/lib/containerd readOnly: true + - name: host-docker-dir + mountPath: /host/var/lib/docker + readOnly: true {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: host-apk-dir @@ -329,6 +340,10 @@ {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} {{- end }} + {{- if .Values.providers.gke.gdc }} + - name: kubelet-cert-volume + mountPath: /certs + {{- end }} {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} diff --git a/charts/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/templates/_container-cri-volumemounts.yaml index fa85ce44e..af88ed5f3 100644 --- a/charts/datadog/templates/_container-cri-volumemounts.yaml +++ b/charts/datadog/templates/_container-cri-volumemounts.yaml @@ -1,5 +1,5 @@ {{- define "container-crisocket-volumemounts" -}} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if eq .Values.targetSystem "linux" }} - name: runtimesocketdir mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 7e3ad1ac4..b775b7953 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,4 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} +{{- if not .Values.providers.gke.gdc }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} @@ -9,3 +10,4 @@ readOnly: true {{- end }} {{- end }} +{{- end }} diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index c14094a09..66130e2f1 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -86,7 +86,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{- if not .Values.providers.gke.autopilot }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -99,6 +99,7 @@ - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket @@ -109,6 +110,7 @@ {{- end }} {{- end }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index dfb27ea2d..84428aeb1 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -13,6 +13,7 @@ value: {{ template "datadog.confPath" . }}/auth/token {{- end }} {{ include "components-common-env" . }} +{{ include "language-detection-common-env" . }} {{- if .Values.datadog.kubelet.host }} - name: DD_KUBERNETES_KUBELET_HOST {{ toYaml .Values.datadog.kubelet.host | indent 2 }} @@ -29,6 +30,15 @@ - name: DD_KUBERNETES_HTTPS_KUBELET_PORT value: "0" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName +- name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" +{{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} - name: DD_HOSTNAME_FILE @@ -115,7 +125,7 @@ {{- end }} {{- end }} {{- else }} # No support for env AD -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }} - name: DD_CRI_SOCKET_PATH value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index 089555505..fd0636250 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,7 +1,7 @@ {{- define "containers-init-linux" -}} - name: init-volume {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -16,7 +16,7 @@ {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -26,9 +26,6 @@ args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: {{ template "datadog.logDirectoryPath" . }} - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path @@ -42,11 +39,16 @@ mountPath: /checks.d readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config mountPath: /etc/datadog-agent/system-probe.yaml diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 39ce80f63..de1e13924 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -3,6 +3,14 @@ emptyDir: {} - name: tmpdir emptyDir: {} +- name: s6-run + emptyDir: {} +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +- name: confd + configMap: + name: {{ include "agents.confd-configmap-name" . }} +{{- end }} +{{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc name: procdir @@ -58,13 +66,6 @@ type: DirectoryOrCreate name: apmsocket {{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ include "agents.confd-configmap-name" . }} -{{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config configMap: @@ -147,10 +148,13 @@ path: / name: hostroot {{- end }} -{{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} +{{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - hostPath: path: /var/lib/containerd name: host-containerd-dir +- hostPath: + path: /var/lib/docker + name: host-docker-dir {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - hostPath: @@ -180,6 +184,12 @@ name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} {{- end }} {{- end }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} +- hostPath: + path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} + name: runtimesocketdir +{{- end }} +{{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - hostPath: path: {{ template "datadog.hostMountRoot" . }}/logs @@ -190,15 +200,15 @@ - hostPath: path: /var/log/containers name: logscontainerspath -{{- if not .Values.datadog.criSocketPath }} +{{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - hostPath: path: /var/lib/docker/containers name: logdockercontainerpath {{- end }} {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} -- hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir +{{- if .Values.providers.gke.gdc }} +- secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume {{- end }} {{- end -}} diff --git a/charts/datadog/templates/_daemonset-volumes-windows.yaml b/charts/datadog/templates/_daemonset-volumes-windows.yaml index 39598e91b..55a606065 100644 --- a/charts/datadog/templates/_daemonset-volumes-windows.yaml +++ b/charts/datadog/templates/_daemonset-volumes-windows.yaml @@ -21,7 +21,7 @@ path: C:/ProgramData name: logdockercontainerpath {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} - hostPath: path: {{ template "datadog.dockerOrCriSocketPath" . }} name: runtimesocket diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index b118cc079..c601eae97 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -10,7 +10,7 @@ {{- $version = "6.55.1" -}} {{- end -}} {{- if and (eq $length 1) (or (eq $version "7") (eq $version "latest")) -}} -{{- $version = "7.55.1" -}} +{{- $version = "7.58.1" -}} {{- end -}} {{- $version -}} {{- end -}} @@ -110,7 +110,7 @@ Create chart name and version as used by the chart label. Return true if the OTelAgent needs to be deployed */}} {{- define "should-enable-otel-agent" -}} -{{- if and .Values.datadog.otelCollector.enabled -}} +{{- if and .Values.datadog.otelCollector.enabled (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -237,6 +237,8 @@ Return agent host mount root {{- define "datadog.hostMountRoot" -}} {{- if .Values.providers.gke.autopilot -}} /var/autopilot/addon/datadog +{{- else if .Values.providers.gke.gdc -}} +/var/datadog {{- else -}} /var/lib/datadog-agent {{- end -}} @@ -340,7 +342,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -363,7 +365,7 @@ false Return true if the fips side car container should be created. */}} {{- define "should-enable-fips" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} true {{- else -}} false @@ -385,7 +387,7 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} true {{- else -}} false @@ -396,7 +398,7 @@ false Return true if the compliance features should be enabled. */}} {{- define "should-enable-compliance" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} true {{- else -}} false @@ -407,7 +409,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -420,7 +422,7 @@ Return true if the hostPid features should be enabled for the Agent pod. {{- define "should-enable-host-pid" -}} {{- if eq .Values.targetSystem "windows" -}} false -{{- else if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} +{{- else if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} true {{- else -}} false @@ -474,10 +476,10 @@ false {{- end -}} {{/* -Return true hostPath should be use for DSD socket. Return always false on GKE autopilot. +Return true hostPath should be use for DSD socket. Return always false on GKE autopilot or GDC. */}} {{- define "should-mount-hostPath-for-dsd-socket" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} {{- if .Values.datadog.dogstatsd.useSocketVolume -}} @@ -488,13 +490,13 @@ false {{- end -}} {{/* -Return true if a APM over UDS is configured. Return always false on GKE autopilot. +Return true if a APM over UDS is configured. Return always false on GKE Autopilot or Google Distributed Cloud. */}} {{- define "trace-agent-use-uds" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} -{{- if or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume -}} +{{- if and (or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -560,6 +562,9 @@ Returns provider kind {{- if .Values.providers.gke.autopilot -}} gke-autopilot {{- end -}} +{{- if .Values.providers.gke.gdc -}} +gke-gdc +{{- end -}} {{- end -}} {{/* @@ -872,7 +877,7 @@ In 7.36, `--config` was deprecated and `--cfgpath` should be used instead. {{/* Returns whether or not the underlying OS is Google Container-Optimized-OS -Note: GKE Autopilot clusters only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) +Note: GKE Autopilot only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) */}} {{- define "can-mount-host-usr-src" -}} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.cos -}} @@ -886,7 +891,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -897,7 +902,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) -}} +{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -920,11 +925,22 @@ Create RBACs for custom resources {{- end }} {{- end }} +{{/* + Return true if Container Runtime Support is enabled +*/}} +{{- define "container-runtime-support-enabled" -}} + {{- if and .Values.datadog.containerRuntimeSupport.enabled (not .Values.providers.gke.gdc) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if container image collection is enabled */}} {{- define "should-enable-container-image-collection" -}} - {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} + {{- if and (not (include "container-runtime-support-enabled" .)) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}} @@ -963,6 +979,9 @@ Create RBACs for custom resources Return true if any process-related check is enabled */}} {{- define "process-checks-enabled" -}} + {{- if .Values.providers.gke.gdc }} + false + {{- end -}} {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} true {{- else -}} @@ -985,11 +1004,14 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if ne .Values.targetSystem "linux" -}} false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} {{- include "get-process-checks-in-core-agent-envvar" . -}} - {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" (include "get-agent-version" .)) -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.57.0-0" (include "get-agent-version" .)) -}} true {{- else -}} false @@ -1000,6 +1022,9 @@ Create RBACs for custom resources Returns true if the process-agent container should be created. */}} {{- define "should-enable-process-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} true {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} diff --git a/charts/datadog/templates/_language_detection_env.yaml b/charts/datadog/templates/_language_detection_env.yaml new file mode 100644 index 000000000..5ac676110 --- /dev/null +++ b/charts/datadog/templates/_language_detection_env.yaml @@ -0,0 +1,8 @@ +# The purpose of this template is to define a minimal set of environment +# variables to enable language detection +{{- define "language-detection-common-env" -}} +- name: DD_LANGUAGE_DETECTION_ENABLED + value: {{ include "language-detection-enabled" . | quote }} +- name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: {{ include "language-detection-enabled" . | quote }} +{{- end -}} diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml index 41f723d26..65fcd07f8 100644 --- a/charts/datadog/templates/_processes-common-env.yaml +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -1,5 +1,6 @@ # Defines set of environment variables for Processes-related checks. {{- define "processes-common-envs" -}} +{{- if not .Values.providers.gke.gdc }} - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: {{ .Values.datadog.processAgent.processCollection | quote }} - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -11,5 +12,6 @@ {{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }} - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }} -{{- end }} +{{- end }} +{{- end }} {{- end -}} diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index 1f0442c1b..6ae0de1c5 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -78,6 +78,10 @@ spec: command: ["bash", "-c"] args: - cp -r /etc/datadog-agent /opt +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /opt/datadog-agent @@ -90,6 +94,10 @@ spec: command: ["bash", "-c"] args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -109,7 +117,7 @@ spec: image: "{{ include "image-path" (dict "root" .Values "image" .Values.clusterChecksRunner.image) }}" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} {{- if .Values.clusterChecksRunner.ports }} ports: @@ -125,33 +133,12 @@ spec: {{- end }} {{- end }} env: + {{- include "components-common-env" . | nindent 10 }} - name: DD_API_KEY valueFrom: secretKeyRef: name: {{ template "datadog.apiSecretName" . }} key: api-key - {{- if .Values.datadog.secretBackend.command }} - - name: DD_SECRET_BACKEND_COMMAND - value: {{ .Values.datadog.secretBackend.command | quote }} - {{- end }} - {{- if .Values.datadog.secretBackend.arguments }} - - name: DD_SECRET_BACKEND_ARGUMENTS - value: {{ .Values.datadog.secretBackend.arguments | quote }} - {{- end }} - {{- if .Values.datadog.secretBackend.timeout }} - - name: DD_SECRET_BACKEND_TIMEOUT - value: {{ .Values.datadog.secretBackend.timeout | quote }} - {{- end }} - - name: KUBERNETES - value: "yes" - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.datadog.logLevel | quote }} @@ -192,17 +179,16 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - {{- if .Values.datadog.clusterName }} - {{- template "check-cluster-name" . }} - - name: DD_CLUSTER_NAME - value: {{ tpl .Values.datadog.clusterName . | quote }} - {{- end }} {{- include "provider-env" . | nindent 10 }} {{- include "fips-envvar" . | nindent 10 }} {{- include "additional-env-entries" .Values.clusterChecksRunner.env | indent 10 }} {{- include "additional-env-dict-entries" .Values.clusterChecksRunner.envDict | indent 10 }} resources: {{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} +{{- if .Values.clusterChecksRunner.containers.agent.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.agent.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: installinfo subPath: install_info diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 931d37618..ba6b9119a 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -170,6 +170,7 @@ spec: key: api-key optional: true {{- include "components-common-env" . | nindent 10 }} + {{- include "language-detection-common-env" . | nindent 10 }} {{- if .Values.clusterAgent.metricsProvider.enabled }} - name: DD_APP_KEY valueFrom: @@ -202,6 +203,10 @@ spec: {{- if .Values.clusterAgent.admissionController.enabled }} - name: DD_ADMISSION_CONTROLLER_ENABLED value: {{ .Values.clusterAgent.admissionController.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: {{ .Values.clusterAgent.admissionController.validation.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: {{ .Values.clusterAgent.admissionController.mutation.enabled | quote }} - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: {{ .Values.clusterAgent.admissionController.webhookName | quote }} - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -237,6 +242,12 @@ spec: - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED value: "true" {{- end }} + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + {{- if .Values.clusterAgent.admissionController.containerRegistry }} + value: {{ .Values.clusterAgent.admissionController.containerRegistry | quote }} + {{- else }} + value: {{ include "registry" .Values | quote }} + {{- end }} {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} @@ -303,6 +314,8 @@ spec: - name: DD_COLLECT_KUBERNETES_EVENTS value: {{ .Values.datadog.collectEvents | quote }} {{- end }} + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: {{ .Values.datadog.kubernetesEvents.sourceDetectionEnabled | quote }} - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: {{ template "datadog.fullname" . }}-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index dd6c22cf3..e02be2434 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -272,16 +272,17 @@ rules: - namespaces verbs: - list -{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: - "policy" resources: + - poddisruptionbudgets + {{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - podsecuritypolicies + {{- end }} verbs: - get - list - watch -{{- end }} - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ba95268cf..45dc64663 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -62,7 +62,7 @@ spec: container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} - {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} {{- if .Values.agents.podAnnotations }} @@ -73,7 +73,7 @@ spec: shareProcessNamespace: {{ .Values.agents.shareProcessNamespace }} {{- end }} {{- if .Values.datadog.securityContext -}} - {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version ) | nindent 6 }} + {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | nindent 6 }} {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} {{- if .Values.agents.podSecurity.securityContext }} {{- if .Values.agents.podSecurity.securityContext.seLinuxOptions }} @@ -139,7 +139,7 @@ spec: {{ include "containers-init-windows" . | nindent 6 }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} + {{- include "containers-init-linux" . | nindent 6 -}} {{- end }} {{- if and (eq (include "should-enable-system-probe" .) "true") (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} {{ include "system-probe-init" . | nindent 6 }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index f04acaf9c..cffe82ddc 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -392,6 +392,8 @@ datadog: # Configure Kubernetes events collection kubernetesEvents: + # datadog.kubernetesEvents.sourceDetectionEnabled -- Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). + sourceDetectionEnabled: false # datadog.kubernetesEvents.filteringEnabled -- Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). filteringEnabled: false # datadog.kubernetesEvents.unbundleEvents -- Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). @@ -550,22 +552,6 @@ datadog: iast: # datadog.asm.iast.enabled -- Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster enabled: false - - ## OTel collector related configuration - otelCollector: - # datadog.otelCollector.enabled -- Enable the OTel Collector - enabled: false - # datadog.otelCollector.ports -- Ports that OTel Collector is listening - ports: - - # Default GRPC port of OTLP receiver - - containerPort: "4317" - name: otel-grpc - # Default HTTP port of OTLP receiver - - containerPort: "4318" - name: otel-http - # datadog.otelCollector.config -- OTel collector configuration - config: {} ## OTLP ingest related configuration otlp: receiver: @@ -590,6 +576,23 @@ datadog: logs: # datadog.otlp.logs.enabled -- Enable logs support in the OTLP ingest endpoint enabled: false + ## OTel collector is currently in preview. Please reach out to your Datadog representative for more information. + ## OTLP Ingest is the GA feature for sending OTLP data to Datadog Agent. + ## OTel collector related configuration + otelCollector: + # datadog.otelCollector.enabled -- Enable the OTel Collector + enabled: false + # datadog.otelCollector.ports -- Ports that OTel Collector is listening + ports: + + # Default GRPC port of OTLP receiver + - containerPort: "4317" + name: otel-grpc + # Default HTTP port of OTLP receiver + - containerPort: "4318" + name: otel-http + # datadog.otelCollector.config -- OTel collector configuration + config: null ## Continuous Profiler configuration ## @@ -688,7 +691,7 @@ datadog: processDiscovery: true # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. - ## This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. + ## This requires Agent 7.57.0+ and Linux. runInCoreAgent: false # datadog.processAgent.containerCollection -- Set this to true to enable container collection @@ -825,7 +828,12 @@ datadog: # This should be set to true when using EKS, GKE or if containerd is configured to # discard uncompressed layers. # This feature will cause the SYS_ADMIN capability to be added to the Agent container. - uncompressedLayersSupport: false + # Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. + # See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers + uncompressedLayersSupport: true + + # datadog.sbom.containerImage.overlayFSDirectScan -- Use experimental overlayFS direct scan + overlayFSDirectScan: false host: # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems @@ -1006,7 +1014,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.57.2 + tag: 7.59.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1145,6 +1153,16 @@ clusterAgent: # clusterAgent.admissionController.enabled -- Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods enabled: true + # clusterAgent.admissionController.validation -- Validation Webhook configuration options + validation: + # clusterAgent.admissionController.validation.enabled -- Enabled enables the Admission Controller validation webhook. Default: true. (Requires Agent 7.59.0+). + enabled: true + + # clusterAgent.admissionController.mutation -- Mutation Webhook configuration options + mutation: + # clusterAgent.admissionController.mutation.enabled -- Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). + enabled: true + # clusterAgent.admissionController.webhookName -- Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent webhookName: datadog-webhook @@ -1500,7 +1518,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.57.2 + tag: 7.59.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2006,7 +2024,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.57.2 + tag: 7.59.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2217,6 +2235,14 @@ clusterChecksRunner: # clusterChecksRunner.securityContext -- Allows you to overwrite the default PodSecurityContext on the clusterchecks pods. securityContext: {} + containers: + agent: + # clusterChecksRunner.containers.agent.securityContext -- Specify securityContext on the agent container + securityContext: {} + initContainers: + # clusterChecksRunner.containers.initContainers.securityContext -- Specify securityContext on the init containers + securityContext: {} + # clusterChecksRunner.ports -- Allows to specify extra ports (hostPorts for instance) for this container ports: [] @@ -2266,6 +2292,9 @@ providers: # providers.gke.cos -- Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) cos: false + # providers.gke.gdc -- Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) + gdc: false + eks: ec2: # providers.eks.ec2.useHostnameFromFile -- Use hostname from EC2 filesystem instead of fetching from metadata endpoint. diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 5b0a92a21..8343fb4c1 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 2.2.2 + +* Official image `2.2.2` + +## 2.2.1 + +* Official image `2.2.1` + ## 2.2.0 * Official image `2.2.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 0e4de305c..5029e59d3 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.2.0" +version: "2.2.2" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.2.0" +appVersion: "2.2.2" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 485509309..45a1b3c03 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) +![Version: 2.2.2](https://img.shields.io/badge/Version-2.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.2.0"` | Specify the image tag to use. | +| image.tag | string | `"2.2.2"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index e4f84ec44..12db3e3ea 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.2.0 + tag: 2.2.2 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 42983f45d..fb7d362c5 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,21 @@ # Datadog changelog +## 0.15.0 + +* Update private action image version to `v0.1.5-beta` + +## 0.14.3 + +* Add GitLab private actions and fix image repository link. + +## 0.14.2 + +* Update private action image version to `v0.1.3-beta` + +## 0.14.1 + +* Update private action image version to `v0.1.2-beta` + ## 0.14.0 * Add support for `kubernetesActions`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index f8fbc7e77..a6f65933a 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.0 +version: 0.15.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 29b1e83fa..e0f476e0a 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) +![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![AppVersion: v0.1.5-beta](https://img.shields.io/badge/AppVersion-v0.1.5--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.1-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.5-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index dbf98b61e..a7cb66089 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) +![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![AppVersion: v0.1.5-beta](https://img.shields.io/badge/AppVersion-v0.1.5--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 4a767c14d..8b453c4d9 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -5,8 +5,8 @@ common: # -- Current Datadog Private Action Runner image image: - repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.1.1-beta + repository: gcr.io/datadoghq/private-action-runner + tag: v0.1.5-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index f907b10ef..a8bc6cf18 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.4 + +* Update private location image version to `1.53.0`. + ## 0.17.3 * Update private location image version to `1.52.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index b98ebed0b..1effbb319 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.3 -appVersion: 1.52.0 +version: 0.17.4 +appVersion: 1.53.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 782849a0a..7ea53f254 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.3](https://img.shields.io/badge/Version-0.17.3-informational?style=flat-square) ![AppVersion: 1.52.0](https://img.shields.io/badge/AppVersion-1.52.0-informational?style=flat-square) +![Version: 0.17.4](https://img.shields.io/badge/Version-0.17.4-informational?style=flat-square) ![AppVersion: 1.53.0](https://img.shields.io/badge/AppVersion-1.53.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.52.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.53.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index e9f0c0c55..e1bb1e48c 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.52.0 + tag: 1.53.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index 9aab15bdd..c080a083f 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -244,7 +244,40 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + updateStrategy: + description: |- + The deployment strategy to use to replace existing pods with new ones. + Valid types are `RollingUpdate` or `OnDelete` for DaemonSets + properties: + rollingUpdate: + description: Configure the rolling update strategy of the Deployment or DaemonSet. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge behaves differently based on the Kubernetes resource. Refer to the + Kubernetes API documentation for additional details. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Refer to the Kubernetes API documentation for additional details.. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate" + or "Recreate" for Deployments + type: string + type: object type: object + description: Override the default configurations of the node agent. type: object type: object profileAffinity: @@ -367,6 +400,29 @@ spec: x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map + createStrategy: + description: CreateStrategy is the state of the create strategy feature. + properties: + lastTransition: + description: LastTransition is the last time the status was updated. + format: date-time + type: string + maxUnavailable: + description: MaxUnavailable shows the number of pods that can be in an unready state. + format: int32 + type: integer + nodesLabeled: + description: NodesLabeled shows the number of nodes currently labeled. + format: int32 + type: integer + podsReady: + description: PodsReady shows the number of pods in the ready state. + format: int32 + type: integer + status: + description: Status shows the current state of the feature. + type: string + type: object currentHash: description: CurrentHash is the stored hash of the DatadogAgentProfile. type: string diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index d3c0cf280..b8a5b538c 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -695,6 +695,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -702,6 +710,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -845,6 +861,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1000,6 +1083,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1070,6 +1165,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1969,6 +2089,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2131,6 +2274,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3717,6 +3864,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3724,6 +3879,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object diff --git a/crds/datadoghq.com_datadogdashboards.yaml b/crds/datadoghq.com_datadogdashboards.yaml new file mode 100644 index 000000000..608dccf89 --- /dev/null +++ b/crds/datadoghq.com_datadogdashboards.yaml @@ -0,0 +1,261 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: datadogdashboards.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogDashboard + listKind: DatadogDashboardList + plural: datadogdashboards + shortNames: + - ddd + singular: datadogdashboard + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogDashboard is the Schema for the datadogdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogDashboardSpec defines the desired state of DatadogDashboard + properties: + description: + description: Description is the description of the dashboard. + type: string + layoutType: + description: LayoutType is the layout type of the dashboard. + type: string + notifyList: + description: NotifyList is the list of handles of users to notify when changes are made to this dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + reflowType: + description: |- + Reflowtype is the reflow type for a 'new dashboard layout' dashboard. Set this only when layout type is 'ordered'. + If set to 'fixed', the dashboard expects all widgets to have a layout, and if it's set to 'auto', + widgets should not have layouts. + type: string + tags: + description: Tags is a list of team names representing ownership of a dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + templateVariablePresets: + description: TemplateVariablePresets is an array of template variables saved views. + items: + description: DashboardTemplateVariablePreset Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + templateVariables: + description: List of variables. + items: + description: DashboardTemplateVariablePresetValue Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + values: + description: One or many template variable values within the saved view, which will be unioned together using `OR` if more than one is specified. Cannot be used in conjunction with `value`. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + templateVariables: + description: TemplateVariables is a list of template variables for this dashboard. + items: + description: DashboardTemplateVariable Template variable. + properties: + availableValues: + description: The list of values that the template variable drop-down is limited to. + items: + type: string + type: array + defaults: + description: One or many default values for template variables on load. If more than one default is specified, they will be unioned together with `OR`. Cannot be used in conjunction with `default`. + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: The name of the variable. + type: string + prefix: + description: The tag prefix associated with the variable. Only tags with this prefix appear in the variable drop-down. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + title: + description: Title is the title of the dashboard. + type: string + widgets: + description: Widgets is a JSON string representation of a list of Datadog API Widgets + type: string + type: object + status: + description: DatadogDashboardStatus defines the observed state of DatadogDashboard + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogDashboard. + items: + description: |- + Condition contains details for one aspect of the current state of this API Resource. + --- + This struct is intended for direct use as an array at the field path .status.conditions. For example, + + + type FooStatus struct{ + // Represents the observations of a foo's current state. + // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` + + + // other fields + } + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the dashboard was created. + format: date-time + type: string + creator: + description: Creator is the identity of the dashboard creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogDashboardSpec to know + if the Spec has changed and needs an update. + type: string + id: + description: ID is the dashboard ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API dashboard was last force synced with the DatadogDashboard resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the dashboard state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index 9245116e6..11c854954 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -126,6 +126,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: set notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean @@ -153,6 +154,7 @@ spec: description: MonitorRenotifyStatusType The different statuses for which renotification is supported. type: string type: array + x-kubernetes-list-type: set requireFullWindow: description: |- A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly @@ -272,9 +274,11 @@ spec: downtimeStatus: description: DowntimeStatus defines whether the monitor is downtimed properties: - downtimeId: + downtimeID: + description: DowntimeID is the downtime ID. type: integer isDowntimed: + description: IsDowntimed shows the downtime status of the monitor. type: boolean type: object id: @@ -295,14 +299,14 @@ spec: description: MonitorStateLastUpdateTime is the last time the monitor state updated format: date-time type: string + monitorStateSyncStatus: + description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog + type: string primary: description: |- Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) type: boolean - syncStatus: - description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog - type: string triggeredState: description: TriggeredState only includes details for monitor groups that are triggering items: diff --git a/repository.datadog.yml b/repository.datadog.yml index b49e10d17..814d38c3e 100644 --- a/repository.datadog.yml +++ b/repository.datadog.yml @@ -10,11 +10,11 @@ github_teams_restrictions: - container-helm-chart-maintainers - container-integrations - container-t2 - - Synthetics - - Documentation - - Observability Pipelines - - Telemetry and Analytics - - Vector + - synthetics + - documentation + - observability-pipelines + - telemetry-and-analytics + - vector github_users_restrictions: - cahillsf - clamoriniere diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index d241a6bc6..2b46bb5d6 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -7,7 +7,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-2.0.0' + helm.sh/chart: 'datadogCRDs-2.2.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -701,6 +701,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -708,6 +716,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -851,6 +867,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1006,6 +1089,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1076,6 +1171,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1975,6 +2095,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2137,6 +2280,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3723,6 +3870,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3730,6 +3885,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 4e2bef0f7..cd52a9683 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.0.1 + helm.sh/chart: datadog-operator-2.3.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.8.0" + app.kubernetes.io/version: "1.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.8.0" + image: "gcr.io/datadoghq/operator:1.10.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -59,6 +59,7 @@ spec: - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" + - "-datadogDashboardEnabled=false" - "-remoteConfigEnabled=false" ports: - name: metrics diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index c59bc2c7a..d97cad2a5 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -104,7 +104,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.8.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.10.0", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index a629e6ffe..f0d675e83 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: e95c3aa09253f021e31a1ac5c7ee014e6454d2d5fee0482b0f253e12dab68afd - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: 7252ac95e9b7a2be76a893f29be97ba3ddfa93e988f208d18a1e4e410b6b9b7a + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,19 +70,20 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: + + - name: KUBERNETES + value: "yes" - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog-secret" key: api-key - - name: KUBERNETES - value: "yes" - name: DD_LOG_LEVEL value: "INFO" - name: DD_EXTRA_CONFIG_PROVIDERS diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 57a30d06a..20f97b46b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d786ae722980a2b7f91d4be2bf9eebfb9997a1fd85c3a0368c360cb060ed54fc - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: 789eaddd8ebf97ad196c8ccbad93bdfa98bebad0d60672807686f6587b30fe99 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_REMOTE_CONFIGURATION_ENABLED @@ -130,6 +133,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index d6572693a..567fca801 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 146a7a7f2e304ae7637352cb1ecd1fd9b92739626753086c8a562b3a848904fa - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: e3466aa95772fd657b731896232e59a2386ac6c1a38b0ab18cbdeb09156544e8 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED @@ -144,6 +147,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a461cb056..6421f7579 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5df33a65f728b7353527940691335906c2e2a4837cf2545fc465c3ccbdecb7cd - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: 153bf4c7a1851a4a2b03bcb46a026255dda1d786c6a5b95827e5364391602e55 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED @@ -119,7 +122,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.57.2 + value: 7.59.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -140,6 +143,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 0661feb0b..15abb4696 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 6b801cdee7b458f8dc8cf101150135babecf647416c222dcf109ae6517afefc4 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: 36d1e9094d3cb200659405983a1c3aa58982bd20ea30a71974a01965e0df5ddf + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -62,12 +62,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -76,6 +77,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -202,7 +204,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -221,12 +223,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -308,7 +311,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -323,12 +326,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -346,6 +350,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -402,10 +407,8 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - - image: "gcr.io/datadoghq/agent:7.57.2" + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -416,9 +419,8 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - - image: "gcr.io/datadoghq/agent:7.57.2" + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: - bash @@ -426,12 +428,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -451,12 +453,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -479,6 +482,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -496,8 +501,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml new file mode 100644 index 000000000..829e5c79f --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -0,0 +1,280 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.79.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: ac6f3df32a82b47f1cec6be0a9dce0cc1978c1f64fd5b75177734090bacf54da + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..46d33c986 --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,301 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.79.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: 009553ab18468f5e3c937f34ded921a712214a78b4cbd82f8233e4512e20390d + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: pointerdir + mountPath: /opt/datadog-agent/run + mountPropagation: None + readOnly: false # Need RW for logs pointer + - name: logpodpath + mountPath: /var/log/pods + mountPropagation: None + readOnly: true + - name: logscontainerspath + mountPath: /var/log/containers + mountPropagation: None + readOnly: true + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 202d88d15..b203ba643 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "RmllNXRpbDNzWGNCeXpsVFpPOUU4ZXUzSVZncU1NeFA=" + token: "VUhXVVpZMDVTb1Bnd2VxODM1bTRDcU43SFc0UEhTSng=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.73.0 + installer_version: datadog-3.79.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "eadedf6d-d365-4d8d-860f-93fcf8617956" - install_time: "1727279193" + install_id: "3111252e-d253-4641-b8b3-30b9c6be6466" + install_time: "1731360232" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -384,6 +384,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations resourceNames: - "datadog-webhook" @@ -391,6 +392,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations verbs: ["create"] - apiGroups: ["batch"] @@ -414,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -510,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -558,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -578,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -598,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -619,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -655,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -677,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -698,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -721,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -743,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -769,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -798,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -822,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: a73a414b38d45377a23c51d2dc231cae02e9fcc4eb937bfe7d692f0f989e1391 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: f00581a69706d733ac0c8e932c003a67a287dff70bc15af0030fff5a1e66e0cd + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -834,7 +836,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -854,12 +856,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -868,6 +871,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -995,7 +999,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1014,12 +1018,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1101,7 +1106,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1116,12 +1121,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1139,6 +1145,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1195,10 +1202,8 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - - image: "gcr.io/datadoghq/agent:7.57.2" + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1209,9 +1214,8 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - - image: "gcr.io/datadoghq/agent:7.57.2" + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: - bash @@ -1219,12 +1223,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -1244,12 +1248,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1272,6 +1277,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -1289,8 +1296,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd @@ -1316,7 +1321,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1346,8 +1351,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 76253444996a0411d5a94059333082990230f8818371b4c7b8493c5147e20108 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: 0f3c4653bf6f20423353df3b2c09b545f377c8943c78e038a764c08ee01e7cec + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1355,7 +1360,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1367,7 +1372,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1380,19 +1385,20 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.59.0" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: + + - name: KUBERNETES + value: "yes" - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog-secret" key: api-key - - name: KUBERNETES - value: "yes" - name: DD_LOG_LEVEL value: "INFO" - name: DD_EXTRA_CONFIG_PROVIDERS @@ -1507,7 +1513,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1537,15 +1543,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 8d93968cf1fcd7528edb7c1d0667c1e200602d1dbcc33fbf7c7274cabc757ee1 - checksum/clusteragent-configmap: 65496f49f667006695458d448536cabbf214be02a08201234f491c7a3b50e1bd - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: dc1e3efaa7c41119e5e666c61d458d5dd5b608c3f5be3e7044f14e087aadeca2 + checksum/clusteragent-configmap: 01caadfa4eb3983f3938c37d3a44a51e3ca2969b2d5ffff36f24d025f3246067 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -1558,7 +1564,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} @@ -1585,12 +1591,13 @@ spec: name: "datadog-secret" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -1607,6 +1614,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_REMOTE_CONFIGURATION_ENABLED @@ -1631,6 +1640,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 8118d5128..baf66fe53 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -113,6 +113,42 @@ func Test_baseline_manifests(t *testing.T) { baselineManifestPath: "./baseline/other_default.yaml", assertions: verifyUntypedResources, }, + { + name: "GDC DaemonSet default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "GDC DaemonSet logs collection enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", + assertions: verifyDaemonset, + }, } for _, tt := range tests { diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go new file mode 100644 index 000000000..b8b2ecf98 --- /dev/null +++ b/test/datadog/gdc_test.go @@ -0,0 +1,90 @@ +package datadog + +import ( + "fmt" + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "testing" +) + +var allowedHostPaths = map[string]interface{}{ + "/var/datadog/logs": nil, + "/var/log/pods": nil, + "/var/log/containers": nil, +} + +func Test_gdcConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "agents.image.doNotCheckTag": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + assertions: verifyDaemonsetGDCMinimal, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { + var ds appsv1.DaemonSet + common.Unmarshal(t, manifest, &ds) + agentContainer := &corev1.Container{} + + assert.Equal(t, 1, len(ds.Spec.Template.Spec.Containers)) + + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Name == "agent" { + agentContainer = &container + } + } + + assert.NotNil(t, agentContainer) + + var validHostPath = true + for _, volume := range ds.Spec.Template.Spec.Volumes { + if volume.HostPath != nil { + _, validHostPath = allowedHostPaths[volume.HostPath.Path] + assert.True(t, validHostPath, fmt.Sprintf("DaemonSet has restricted hostPath mounted: %s ", volume.HostPath.Path)) + } + } + + validPorts := true + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Ports != nil { + for _, port := range container.Ports { + if port.HostPort > 0 { + validPorts = false + break + } + } + } + } + assert.True(t, validPorts, "Daemonset has restricted hostPort mounted.") +} diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index a9f16bc4d..09c042e2b 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -19,6 +19,7 @@ const ( DDSystemProbeEnabled = "DD_SYSTEM_PROBE_ENABLED" DDNetworkMonitoringEnabled = "DD_SYSTEM_PROBE_NETWORK_ENABLED" DDOrchestratorEnabled = "DD_ORCHESTRATOR_EXPLORER_ENABLED" + DDLanguageDetectionEnabled = "DD_LANGUAGE_DETECTION_ENABLED" ) func Test_processAgentConfigs(t *testing.T) { @@ -247,6 +248,44 @@ func Test_processAgentConfigs(t *testing.T) { }, assertions: verifyLinuxRunInCoreAgent, }, + { + name: "language detection on process agent", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.56", + "datadog.apm.instrumentation.language_detection.enabled": "true", + "datadog.apm.instrumentation.enabled": "true", + }, + }, + assertions: verifyLanguageDetectionInProcessAgent, + }, + { + name: "language detection on core agent", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.57", + "datadog.apm.instrumentation.language_detection.enabled": "true", + "datadog.apm.instrumentation.enabled": "true", + }, + }, + assertions: verifyLanguageDetectionInCoreAgent, + }, } for _, tt := range tests { @@ -272,7 +311,7 @@ func verifyDaemonsetMinimal(t *testing.T, manifest string) { assert.True(t, ok) processEnvs := getEnvVarMap(processAgentContainer.Env) assertDefaultCommonProcessEnvs(t, processEnvs) - assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled]) assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) } @@ -309,6 +348,45 @@ func verifyLinuxRunInCoreAgent(t *testing.T, manifest string) { assert.False(t, ok) } +func verifyLanguageDetectionInCoreAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "true", coreEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", coreEnvs[DDStripProcessArgs]) + assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", coreEnvs[DDLanguageDetectionEnabled]) + assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyLanguageDetectionInProcessAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assert.Equal(t, "true", processEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", processEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", processEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", processEnvs[DDStripProcessArgs]) + assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", processEnvs[DDLanguageDetectionEnabled]) + assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + func verifyChecksOff(t *testing.T, manifest string) { var deployment appsv1.DaemonSet common.Unmarshal(t, manifest, &deployment) diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 32ac11b49..3766b77ec 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.1-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.5-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 1b553c9bd..6b2d3f55c 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.1-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.5-beta" imagePullPolicy: IfNotPresent ports: - name: http