diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 65d14dc62..d7a0dda5f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.57.1 + +* Allow configuring CWS security profile based auto suppression feature and enable it by default. + ## 3.57.0 * Set default `Agent` and `Cluster-Agent` version to `7.51.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b44e8fcea..23f173e03 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.57.0 +version: 3.57.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 6a3cd3493..eee03e8cd 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.57.0](https://img.shields.io/badge/Version-3.57.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.57.1](https://img.shields.io/badge/Version-3.57.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -785,6 +785,7 @@ helm install \ | datadog.securityAgent.runtime.network.enabled | bool | `true` | Set to true to enable the collection of CWS network events | | datadog.securityAgent.runtime.policies.configMap | string | `nil` | Contains CWS policies that will be used | | datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled | bool | `true` | Set to true to enable CWS runtime drift events | +| datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled | bool | `true` | Set to true to enable CWS runtime auto suppression | | datadog.securityAgent.runtime.securityProfile.enabled | bool | `true` | Set to true to enable CWS runtime security profiles | | datadog.securityAgent.runtime.syscallMonitor.enabled | bool | `false` | Set to true to enable the Syscall monitoring (recommended for troubleshooting only) | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index 233e18fda..55ce1162c 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -73,7 +73,7 @@ data: anomaly_detection: enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled }} auto_suppression: - enabled: false + enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled }} {{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} --- diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 5f8152c5a..8f805415a 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -783,6 +783,10 @@ datadog: # datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled -- Set to true to enable CWS runtime drift events enabled: true + autoSuppression: + # datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled -- Set to true to enable CWS runtime auto suppression + enabled: true + ## Manage NetworkPolicy networkPolicy: # datadog.networkPolicy.create -- If true, create NetworkPolicy for all the components