From a5c4ca05c088b102f0ead9d071a8449bc61873b5 Mon Sep 17 00:00:00 2001 From: Andrii Kalinichenko Date: Fri, 13 Sep 2024 17:27:59 +0200 Subject: [PATCH 01/11] PL: release 1.51.0 (#1525) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index fca293393..a4c72d7f6 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.2 + +* Update private location image version to `1.51.0`. + ## 0.17.1 * Update private location image version to `1.50.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index f154d04d8..fdfd13df2 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.1 -appVersion: 1.50.0 +version: 0.17.2 +appVersion: 1.51.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 38d5ff1f1..03bcd7a24 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.1](https://img.shields.io/badge/Version-0.17.1-informational?style=flat-square) ![AppVersion: 1.50.0](https://img.shields.io/badge/AppVersion-1.50.0-informational?style=flat-square) +![Version: 0.17.2](https://img.shields.io/badge/Version-0.17.2-informational?style=flat-square) ![AppVersion: 1.51.0](https://img.shields.io/badge/AppVersion-1.51.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.50.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.51.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index dfb6d3e35..b2f912f40 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.50.0 + tag: 1.51.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 304008e8ddf83d2381105e3b480b3b75def9dc5d Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:40:36 +0200 Subject: [PATCH 02/11] Bump private action runner to v0.0.1-alpha31 (#1523) * Bump private action runner to v0.0.1-alpha30 * Bump private action runner to v0.0.1-alpha31 --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 2 +- charts/private-action-runner/values.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 2d1515106..5da120330 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +### 0.10.0 + +* Update private action image version to `v0.0.1-alpha31`. + ### 0.9.1 - Added ability to configure connection credentials in `config.yaml`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index c92d24dad..2f8fa419b 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.9.1 +version: 0.10.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index f3012b43f..ffa424683 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -41,7 +41,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha29"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha31"}` | Current Datadog Private Action Runner image | | connectionCredentials.basicAuth.credentials | list | `[]` | List of credentials for Basic Auth | | connectionCredentials.jenkinsAuth.credentials | list | `[]` | List of credentials for Jenkins Auth | | connectionCredentials.postgresAuth.credentials | list | `[]` | List of credentials for Postgres Auth | diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 36fef85a8..f8c28cb98 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.0.1-alpha29 + tag: v0.0.1-alpha31 runners: # runners[0].name -- Name of the Datadog Private Action Runner From 05fd80bca99eb16fc8e9e72a59e4bdb99a16de84 Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Wed, 18 Sep 2024 16:29:39 -0400 Subject: [PATCH 03/11] Update Helm chart for new Go private action runner (#1527) * staging changes for Go private action runner * Update Helm chart for Go runner * update port * suggestions * tweak wording * delete mistake * test with dummy private key * test with kubeconform * lint --- charts/private-action-runner/CHANGELOG.md | 6 ++++- charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 8 +++---- charts/private-action-runner/README.md.gotmpl | 2 +- .../ci/kubeconform-values.yaml | 9 ++++++++ .../examples/{config.yaml => values.yaml} | 23 +++++++++---------- .../templates/deployment.yaml | 5 ---- .../templates/secrets.yaml | 10 +++++--- charts/private-action-runner/values.yaml | 7 +++--- 9 files changed, 41 insertions(+), 31 deletions(-) rename charts/private-action-runner/examples/{config.yaml => values.yaml} (80%) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 5da120330..9ce0ebd32 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,12 +1,16 @@ # Datadog changelog +## 0.11.0 + +* Added top level `port` configuration option, superseding `appBuilder.port`. Update the private action image to the beta image, `v0.1.0-beta`. + ### 0.10.0 * Update private action image version to `v0.0.1-alpha31`. ### 0.9.1 -- Added ability to configure connection credentials in `config.yaml`. +* Added ability to configure connection credentials in `config.yaml`. ### 0.9.0 diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 2f8fa419b..6837dd301 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.10.0 +version: 0.11.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index ffa424683..2475177fc 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha29](https://img.shields.io/badge/AppVersion-v0.0.1--alpha29-informational?style=flat-square) +![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,16 +41,16 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha31"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.0-beta"}` | Current Datadog Private Action Runner image | | connectionCredentials.basicAuth.credentials | list | `[]` | List of credentials for Basic Auth | | connectionCredentials.jenkinsAuth.credentials | list | `[]` | List of credentials for Jenkins Auth | | connectionCredentials.postgresAuth.credentials | list | `[]` | List of credentials for Postgres Auth | | connectionCredentials.tokenAuth.credentials | list | `[]` | List of credentials for Token Auth | -| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | +| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | -| runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | | runners[0].config.modes | list | `["workflowAutomation","appBuilder"]` | Modes that the runner can run in | +| runners[0].config.port | int | `9016` | Port for HTTP server liveness checks and App Builder mode | | runners[0].config.privateKey | string | `"PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page | | runners[0].config.urn | string | `"URN_FROM_CONFIG"` | The runner's URN from the enrollment page | | runners[0].kubernetesPermissions | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | List of Kubernetes permissions that the Datadog Private Action Runner has | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index e55e8e00e..d77c11de3 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha29](https://img.shields.io/badge/AppVersion-v0.0.1--alpha29-informational?style=flat-square) +![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/ci/kubeconform-values.yaml b/charts/private-action-runner/ci/kubeconform-values.yaml index e69de29bb..4522b0137 100644 --- a/charts/private-action-runner/ci/kubeconform-values.yaml +++ b/charts/private-action-runner/ci/kubeconform-values.yaml @@ -0,0 +1,9 @@ +runners: + - name: "default" + config: + # -- Base URL of the Datadog app + ddBaseURL: "https://app.datadoghq.com" + # -- The runner's URN from the enrollment page + urn: "urn:dd:apps:on-prem-runner:us1:2:runner-CI_TEST_ONLY" + # -- The runner's privateKey from the enrollment page + privateKey: "eyJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImtpZCI6IkxXbl9LLU9qbXQ4TFJ6TWdjbFY4dTRMYUVsdF9mZGpCN2RXdlJ2TkVhN2ciLCJjcnYiOiJQLTI1NiIsImFsZyI6IkVTMjU2IiwieCI6Imd3MVFKNVBQQXJmZk56XzdmWmZxX0xMYjhTV0MyaXhJUDFBbDh2SjJmVTgiLCJ5IjoiRjQ4VGRWZVhIRnpack05N1BwbnFMZFRUOG9iWDdKa2N5d3RzQ2RhLXRpayIsImQiOiJaczdDQ0MzMkRJQkpuaUZ5S1hFV0VvWThrZ1ZXMTVZbGdTYU9ISm5uX1drIn0" diff --git a/charts/private-action-runner/examples/config.yaml b/charts/private-action-runner/examples/values.yaml similarity index 80% rename from charts/private-action-runner/examples/config.yaml rename to charts/private-action-runner/examples/values.yaml index 56dbf3e32..0dfc65f5c 100644 --- a/charts/private-action-runner/examples/config.yaml +++ b/charts/private-action-runner/examples/values.yaml @@ -1,5 +1,16 @@ runners: - name: "custom-runner" + # Replace this section with the output of the private action runner enrollment process with the `--enroll-and-print-config` flag + config: + ddBaseURL: "https://app.datadoghq.com" + urn: "CHANGE_ME_URN_FROM_CONFIG" + privateKey: "CHANGE_ME_PRIVATE_KEY_FROM_CONFIG" + modes: + - appBuilder + - workflowAutomation + port: 9016 + actionsAllowlist: + - com.datadoghq.http.request kubernetesPermissions: - apiGroups: - "" @@ -23,18 +34,6 @@ runners: - "patch" - "update" - "delete" - config: - urn: "URN_FROM_CONFIG" - privateKey: "PRIVATE_KEY_FROM_CONFIG" - modes: - - "workflowAutomation" - - "appBuilder" - appBuilder: - port: 9016 - actionsAllowlist: - - com.datadoghq.kubernetes.core.listPod - - com.datadoghq.http.request - - com.datadoghq.jenkins.buildJenkinsJob connectionCredentials: basicAuth: diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml index b7b3eeb4d..0021acb16 100644 --- a/charts/private-action-runner/templates/deployment.yaml +++ b/charts/private-action-runner/templates/deployment.yaml @@ -46,11 +46,6 @@ spec: - name: secrets mountPath: /etc/dd-action-runner env: - # Node memory limits - - name: NODE_OPTIONS - # See https://nodejs.org/docs/latest-v16.x/api/cli.html#--max-old-space-sizesize-in-megabytes - # 75% of memory limit/request - value: "--max-old-space-size=1536" - name: MANAGED_BY value: "helm" volumes: diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index 5085dfc5c..c8c6fd120 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -14,9 +14,13 @@ stringData: {{- range $mode := $runner.config.modes }} - {{ $mode }} {{- end }} - {{- if $runner.config.appBuilder }} - appBuilder: - port: {{ $runner.config.appBuilder.port }} + {{- if $runner.config.port }} + port: {{ $runner.config.port }} + {{- else if $runner.config.appBuilder }} + port: {{ $runner.config.appBuilder.port }} + {{- end }} + {{- if $runner.config.httpServerWriteTimeout }} + httpServerWriteTimeout: {{ $runner.config.httpServerWriteTimeout }} {{- end }} actionsAllowlist: {{- range $action := $runner.config.actionsAllowlist }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index f8c28cb98..d3eaebb82 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.0.1-alpha31 + tag: v0.1.0-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner @@ -49,9 +49,8 @@ runners: modes: - "workflowAutomation" - "appBuilder" - appBuilder: - # -- Required port for App Builder Mode - port: 9016 + # -- Port for HTTP server liveness checks and App Builder mode + port: 9016 # -- List of actions that the Datadog Private Action Runner is allowed to execute actionsAllowlist: - com.datadoghq.kubernetes.core.listPod From 451b67348d51c0375613353f359042dea14bc66c Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Fri, 20 Sep 2024 16:15:46 -0400 Subject: [PATCH 04/11] [Private Actions] Allow for arbitrary secret files to be specified in `values.yaml` (#1531) * Move to specifying credential files directly * lint --- charts/private-action-runner/CHANGELOG.md | 5 + charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 9 +- charts/private-action-runner/README.md.gotmpl | 4 +- .../examples/values.yaml | 153 ++++++++++++++---- .../templates/_helpers.tpl | 62 +++---- .../templates/secrets.yaml | 1 + charts/private-action-runner/values.yaml | 18 +-- 8 files changed, 173 insertions(+), 81 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 9ce0ebd32..08b0e01ab 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 0.12.0 + +* Introduced `credentialFiles` key in `values.yaml` for secret management. Deprecated the `connectionCredentials` key +* Fixed issue where specifying connection secrets under `connectionCredentials` can result in the Helm chart generating malformed JSON + ## 0.11.0 * Added top level `port` configuration option, superseding `appBuilder.port`. Update the private action image to the beta image, `v0.1.0-beta`. diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 6837dd301..623d3633d 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.11.0 +version: 0.12.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 2475177fc..e9d07f49c 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) +![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -25,7 +25,7 @@ helm repo update ## Use this chart with connection credentials 1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). 2. Create a new Private Action Runner and follow the instructions for Kubernetes. -3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `config.yaml`. +3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `values.yaml`. ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). @@ -42,10 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| | common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.0-beta"}` | Current Datadog Private Action Runner image | -| connectionCredentials.basicAuth.credentials | list | `[]` | List of credentials for Basic Auth | -| connectionCredentials.jenkinsAuth.credentials | list | `[]` | List of credentials for Jenkins Auth | -| connectionCredentials.postgresAuth.credentials | list | `[]` | List of credentials for Postgres Auth | -| connectionCredentials.tokenAuth.credentials | list | `[]` | List of credentials for Token Auth | +| credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index d77c11de3..cf4fc0207 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) +![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -25,7 +25,7 @@ helm repo update ## Use this chart with connection credentials 1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). 2. Create a new Private Action Runner and follow the instructions for Kubernetes. -3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `config.yaml`. +3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `values.yaml`. ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). diff --git a/charts/private-action-runner/examples/values.yaml b/charts/private-action-runner/examples/values.yaml index 0dfc65f5c..4298afca1 100644 --- a/charts/private-action-runner/examples/values.yaml +++ b/charts/private-action-runner/examples/values.yaml @@ -35,34 +35,125 @@ runners: - "update" - "delete" -connectionCredentials: - basicAuth: - credentials: - - fileName: "http_basic_creds.json" - username: "username" - password: "password" - - fileName: "another_http_basic_creds.json" - username: "another_username" - password: "another_password" - tokenAuth: - credentials: - - fileName: "http_token_creds.json" - tokenName: "name" - tokenValue: "value" - jenkinsAuth: - credentials: - - fileName: "jenkins_creds.json" - username: "username" - token: "token" - domain: "domain" - postgresAuth: - credentials: - - fileName: "creds.pgpass" - host: "host" - port: "port" - user: "user" - password: "password" - database: "database" - sslMode: "sslMode" - applicationName: "applicationName" - searchPath: "searchPath" +# credential files provided here will be mounted in /etc/dd-action-runner/ +# it is safe to remove unneeded files from this section +credentialFiles: + - fileName: "http_basic_creds.json" + data: | + { + "auth_type": "Basic Auth", + "credentials": [ + { + "username": "USERNAME", + "password": "PASSWORD" + } + ] + } + - fileName: "http_token_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "TOKEN1", + "tokenValue": "VALUE1" + } + ] + } + - fileName: "jenkins_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "username": "localhost:7233", + "token": "TOKEN", + "domain": "DOMAIN" + } + ] + } + - fileName: "creds.pgpass" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "host", + "tokenValue": "HOST" + }, + { + "tokenName": "port", + "tokenValue": "5432" + }, + { + "tokenName": "user", + "tokenValue": "USER" + }, + { + "tokenName": "password", + "tokenValue": "PASSWORD" + }, + { + "tokenName": "database", + "tokenValue": "DATABASE" + }, + { + "tokenName": "sslmode", + "tokenValue": "verify-full" + }, + { + "tokenName": "applicationName", + "tokenValue": "OPTIONAL: application name" + }, + { + "tokenName": "searchPath", + "tokenValue": "OPTIONAL: search path" + } + ] + } + - fileName: "temporal_mtls_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "serverAddress", + "tokenValue": "SERVERADDRESS" + }, + { + "tokenName": "serverNameOverride", + "tokenValue": "SERVERNAMEOERRIDE" + }, + { + "tokenName": "serverRootCACertificate", + "tokenValue": "SERVERROOTCACERTIFICATE" + }, + { + "tokenName": "clientCertPairCrt", + "tokenValue": "CLIENTCERTPAIRCRT" + }, + { + "tokenName": "clientCertPairKey", + "tokenValue": "CLIENTCERTPAIRKEY" + } + ] + } + - fileName: "temporal_tls_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "serverAddress", + "tokenValue": "SERVERADDRESS" + }, + { + "tokenName": "serverNameOverride", + "tokenValue": "SERVERNAMEOERRIDE" + }, + { + "tokenName": "serverRootCACertificate", + "tokenValue": "CLIENTCERTPAIRKEY" + } + ] + } diff --git a/charts/private-action-runner/templates/_helpers.tpl b/charts/private-action-runner/templates/_helpers.tpl index f3783523a..dac6ef7cf 100644 --- a/charts/private-action-runner/templates/_helpers.tpl +++ b/charts/private-action-runner/templates/_helpers.tpl @@ -5,65 +5,74 @@ {{- define "chart.serviceName" }} "private-action-runner-{{.}}-service" {{ end }} {{- define "chart.secretName" }} "private-action-runner-{{.}}-secrets" {{ end }} +{{- define "chart.credentialFiles" -}} +{{- if hasKey $.Values "credentialFiles" }} +{{- range $c := $.Values.credentialFiles }} +{{ $c.fileName }}: | +{{ $c.data | indent 2 }} +{{- end -}} +{{- end -}} +{{- end -}} + {{- define "chart.basicAuth" -}} -{{- if hasKey $.Values.connectionCredentials.basicAuth "credentials" }} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.basicAuth $.Values.connectionCredentials.basicAuth.credentials }} {{- range $c := $.Values.connectionCredentials.basicAuth.credentials }} {{ $c.fileName }}: | { - auth_type: 'Basic Auth', - credentials: [ + "auth_type": "Basic Auth", + "credentials": [ { - username: {{ $c.username | quote }}, - password: {{ $c.password | quote }} - }, - ], + "username": {{ $c.username | quote }}, + "password": {{ $c.password | quote }} + } + ] } {{- end -}} {{- end -}} {{- end -}} {{- define "chart.tokenAuth" -}} -{{- if hasKey $.Values.connectionCredentials.tokenAuth "credentials" }} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.tokenAuth $.Values.connectionCredentials.tokenAuth.credentials }} {{- range $c := $.Values.connectionCredentials.tokenAuth.credentials }} {{ $c.fileName }}: | { - auth_type: 'Token Auth', - credentials: [ + "auth_type": "Token Auth", + "credentials": [ { - tokenName: {{ $c.tokenName | quote }}, - tokenValue: {{ $c.tokenValue | quote }} - }, - ], + "tokenName": {{ $c.tokenName | quote }}, + "tokenValue": {{ $c.tokenValue | quote }} + } + ] } {{- end -}} {{- end -}} {{- end -}} {{- define "chart.jenkinsAuth" -}} -{{- if hasKey $.Values.connectionCredentials.jenkinsAuth "credentials" }} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.jenkinsAuth $.Values.connectionCredentials.jenkinsAuth.credentials }} {{- range $c := $.Values.connectionCredentials.jenkinsAuth.credentials }} {{ $c.fileName }}: | { - auth_type: 'Token Auth', - credentials: [ + "auth_type": "Token Auth", + "credentials": [ { - username: {{ $c.username | quote }}, - token: {{ $c.token | quote }}, - domain: {{ $c.domain | quote }} - }, - ], + "username": {{ $c.username | quote }}, + "token": {{ $c.token | quote }}, + "domain": {{ $c.domain | quote }} + } + ] } {{- end -}} {{- end -}} {{- end -}} {{- define "chart.postgresAuth" -}} -{{- if hasKey $.Values.connectionCredentials.postgresAuth "credentials" }} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.postgresAuth $.Values.connectionCredentials.postgresAuth.credentials }} {{- range $c := $.Values.connectionCredentials.postgresAuth.credentials }} {{ $c.fileName }}: | { - auth_type: 'Token Auth', - credentials: [ + "auth_type": "Token Auth", + "credentials": [ { "tokenName": "host", "tokenValue": {{ $c.host | quote }} @@ -95,13 +104,12 @@ }, {{ end }} {{- if $c.searchPath }} - { { "tokenName": "searchPath", "tokenValue": {{ $c.searchPath | quote }} } {{ end }} - ], + ] } {{- end -}} {{- end -}} diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index c8c6fd120..792f68919 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -26,6 +26,7 @@ stringData: {{- range $action := $runner.config.actionsAllowlist }} - {{ $action }} {{- end }} + {{- include "chart.credentialFiles" $ | indent 2 }} {{- include "chart.basicAuth" $ | indent 2 }} {{- include "chart.tokenAuth" $ | indent 2 }} {{- include "chart.jenkinsAuth" $ | indent 2 }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index d3eaebb82..6ff85caa3 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -110,17 +110,7 @@ runners: # - com.datadoghq.temporal.listWorkflows # - com.datadoghq.temporal.runWorkflow -# see examples/config.yaml for credential keys -connectionCredentials: - basicAuth: - # -- List of credentials for Basic Auth - credentials: [] - tokenAuth: - # -- List of credentials for Token Auth - credentials: [] - jenkinsAuth: - # -- List of credentials for Jenkins Auth - credentials: [] - postgresAuth: - # -- List of credentials for Postgres Auth - credentials: [] +# -- List of credential files to be used by the Datadog Private Action Runner +credentialFiles: [] +# see examples/values.yaml for examples on how to specify secrets +# credential files provided here will be mounted in /etc/dd-action-runner/ From 9f4bd9102ab486e8ba40eb96d28d04f2969b5668 Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Mon, 23 Sep 2024 14:56:18 -0400 Subject: [PATCH 05/11] Bump PAR version to v0.1.1-beta (#1533) --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 08b0e01ab..3a1c37598 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.13.0 + +* Update private action image version to `v0.1.1-beta` + ## 0.12.0 * Introduced `credentialFiles` key in `values.yaml` for secret management. Deprecated the `connectionCredentials` key diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 623d3633d..af3652fe0 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.12.0 +version: 0.13.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index e9d07f49c..3cc51d205 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) +![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -41,7 +41,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.0-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.1-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index cf4fc0207..f0080171c 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square) +![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 6ff85caa3..cea2568f3 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.1.0-beta + tag: v0.1.1-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner From 222f1ae6abe0258569139536f941c1c4f08c88c5 Mon Sep 17 00:00:00 2001 From: Gabriel Plassard <138318954+dd-gplassard@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:34:01 +0200 Subject: [PATCH 06/11] Improve private actions runner helm chart for kubernetes actions (#1529) * Improve private actions runner helm chart for kubernetes actions * Fix after rebase * Remove tests as they are not actually testing * Linebreak --- charts/private-action-runner/CHANGELOG.md | 4 + charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 41 ++++-- charts/private-action-runner/README.md.gotmpl | 7 +- .../examples/values.yaml | 61 +++++--- .../templates/_helpers.tpl | 89 ++++++++++++ .../templates/deployment.yaml | 2 +- .../private-action-runner/templates/role.yaml | 12 +- .../templates/secrets.yaml | 14 ++ charts/private-action-runner/values.yaml | 136 +++++++----------- 10 files changed, 248 insertions(+), 120 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 3a1c37598..42983f45d 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.14.0 + +* Add support for `kubernetesActions`. + ## 0.13.0 * Update private action image version to `v0.1.1-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index af3652fe0..f8fbc7e77 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.13.0 +version: 0.14.0 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index 3cc51d205..29b1e83fa 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) +![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -30,10 +30,11 @@ helm repo update ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). 2. Create a new connection, select your private action runner, and use **Service account authentication**. -3. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. +3. Enable the actions you want in the Chart values using `kubernetesActions` (see [the example file](examples/values.yaml)). +4. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. ## Going further -* Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). +* Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). * Deploy several runners with different permissions or create different connections according to your needs. * Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). @@ -43,13 +44,37 @@ helm repo update |-----|------|---------|-------------| | common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.1-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | -| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | -| runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | +| runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | +| runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | | runners[0].config.modes | list | `["workflowAutomation","appBuilder"]` | Modes that the runner can run in | | runners[0].config.port | int | `9016` | Port for HTTP server liveness checks and App Builder mode | -| runners[0].config.privateKey | string | `"PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page | -| runners[0].config.urn | string | `"URN_FROM_CONFIG"` | The runner's URN from the enrollment page | -| runners[0].kubernetesPermissions | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | List of Kubernetes permissions that the Datadog Private Action Runner has | +| runners[0].config.privateKey | string | `"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page | +| runners[0].config.urn | string | `"CHANGE_ME_URN_FROM_CONFIG"` | The runner's URN from the enrollment page | +| runners[0].kubernetesActions | object | `{"configMaps":[],"controllerRevisions":[],"cronJobs":[],"customObjects":[],"customResourceDefinitions":[],"daemonSets":[],"deployments":[],"endpoints":[],"events":[],"jobs":[],"limitRanges":[],"namespaces":[],"nodes":[],"persistentVolumeClaims":[],"persistentVolumes":[],"podTemplates":[],"pods":["get","list"],"replicaSets":[],"replicationControllers":[],"resourceQuotas":[],"serviceAccounts":[],"services":[],"statefulSets":[]}` | Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account | +| runners[0].kubernetesActions.configMaps | list | `[]` | Actions related to configMaps (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.controllerRevisions | list | `[]` | Actions related to controllerRevisions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.cronJobs | list | `[]` | Actions related to cronJobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.customObjects | list | `[]` | Actions related to customObjects (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple"). You also need to add appropriate `kubernetesPermissions`. | +| runners[0].kubernetesActions.customResourceDefinitions | list | `[]` | Actions related to customResourceDefinitions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.daemonSets | list | `[]` | Actions related to daemonSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.deployments | list | `[]` | Actions related to deployments (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart") | +| runners[0].kubernetesActions.endpoints | list | `[]` | Actions related to endpoints (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.events | list | `[]` | Actions related to events (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.jobs | list | `[]` | Actions related to jobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.limitRanges | list | `[]` | Actions related to limitRanges (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.namespaces | list | `[]` | Actions related to namespaces (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.nodes | list | `[]` | Actions related to nodes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.persistentVolumeClaims | list | `[]` | Actions related to persistentVolumeClaims (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.persistentVolumes | list | `[]` | Actions related to persistentVolumes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.podTemplates | list | `[]` | Actions related to podTemplates (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.pods | list | `["get","list"]` | Actions related to pods (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.replicaSets | list | `[]` | Actions related to replicaSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.replicationControllers | list | `[]` | Actions related to replicationControllers (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.resourceQuotas | list | `[]` | Actions related to resourceQuotas (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.serviceAccounts | list | `[]` | Actions related to serviceAccounts (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.services | list | `[]` | Actions related to services (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.statefulSets | list | `[]` | Actions related to statefulSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesPermissions | list | `[]` | Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) | | runners[0].name | string | `"default"` | Name of the Datadog Private Action Runner | | runners[0].replicas | int | `1` | Number of pod instances for the Datadog Private Action Runner | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index f0080171c..dbf98b61e 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) +![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![AppVersion: v0.1.1-beta](https://img.shields.io/badge/AppVersion-v0.1.1--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -30,10 +30,11 @@ helm repo update ## To use Kubernetes actions 1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). 2. Create a new connection, select your private action runner, and use **Service account authentication**. -3. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. +3. Enable the actions you want in the Chart values using `kubernetesActions` (see [the example file](examples/values.yaml)). +4. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. ## Going further -* Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). +* Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). * Deploy several runners with different permissions or create different connections according to your needs. * Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). diff --git a/charts/private-action-runner/examples/values.yaml b/charts/private-action-runner/examples/values.yaml index 4298afca1..7d2106f39 100644 --- a/charts/private-action-runner/examples/values.yaml +++ b/charts/private-action-runner/examples/values.yaml @@ -11,30 +11,45 @@ runners: port: 9016 actionsAllowlist: - com.datadoghq.http.request + # -- Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account + kubernetesActions: + controllerRevisions: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + daemonSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + deployments: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart"] + replicaSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + statefulSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + cronJobs: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + configMaps: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + endpoints: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + events: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + limitRanges: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + namespaces: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + nodes: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + persistentVolumes: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + persistentVolumeClaims: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + pods: ["get", "list" ] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + podTemplates: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + replicationControllers: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + resourceQuotas: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + services: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + serviceAccounts: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + customResourceDefinitions: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + jobs: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + customObjects: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + # -- Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) kubernetesPermissions: - - apiGroups: - - "" - resources: - - "pods" - verbs: - - "list" - - "get" - - "create" - - "patch" - - "update" - - "delete" - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "list" - - "get" - - "create" - - "patch" - - "update" - - "delete" - + # CRD example +# - apiGroups: +# - "example.com" +# resources: +# - "tests" +# verbs: +# - "list" +# - "get" +# - "create" +# - "patch" +# - "update" +# - "delete" # credential files provided here will be mounted in /etc/dd-action-runner/ # it is safe to remove unneeded files from this section credentialFiles: diff --git a/charts/private-action-runner/templates/_helpers.tpl b/charts/private-action-runner/templates/_helpers.tpl index dac6ef7cf..34ffa291b 100644 --- a/charts/private-action-runner/templates/_helpers.tpl +++ b/charts/private-action-runner/templates/_helpers.tpl @@ -114,3 +114,92 @@ {{- end -}} {{- end -}} {{- end -}} + +{{/* +Defines an RBAC rule for provided apiGroup, resource type and allowed verbs +*/}} +{{- define "rbacRule" }} +- apiGroups: + - {{ .apiGroup }} + resources: + - {{ .resource }} + verbs: +{{- range $_, $verb := (.verbs | uniq) }} + - {{ $verb }} +{{- end }} +{{- end }} + +{{/* +Map from plural(resourceName) to actionBundle +*/}} +{{- define "chart.k8sResourceMap" -}} +{{- $resourceMap := dict + "customResourceDefinitions" "apiextensions" + "controllerRevisions" "apps" + "daemonSets" "apps" + "deployments" "apps" + "replicaSets" "apps" + "statefulSets" "apps" + "cronJobs" "batch" + "jobs" "batch" + "configMaps" "core" + "endpoints" "core" + "events" "core" + "limitRanges" "core" + "namespaces" "core" + "nodes" "core" + "persistentVolumes" "core" + "persistentVolumeClaims" "core" + "pods" "core" + "podTemplates" "core" + "replicationControllers" "core" + "resourceQuotas" "core" + "services" "core" + "serviceAccounts" "core" +}} +{{- toYaml $resourceMap -}} +{{- end -}} + +{{/* +Turns a plural(resourceName) into a singular(resourceName) +*/}} +{{- define "chart.k8sResourceSingular" -}} +{{- $resource := . -}} +{{- if eq $resource "endpoints" -}} + {{- $resource -}} +{{- else -}} + {{- printf "%s" (trimSuffix "s" $resource) -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the kubernetes apiGroup for the plural(resourceName) +*/}} +{{- define "chart.k8sApiGroup" -}} +{{- $bundle := . -}} +{{- if eq $bundle "apiextensions" -}} +apiextensions.k8s.io +{{- else if eq $bundle "core" -}} +"" +{{- else -}} + {{- $bundle -}} +{{- end -}} +{{- end -}} + +{{/* +Transform a list of actions into the list of k8s verbs that are required to perform those actions +*/}} +{{- define "chart.k8sVerbs" -}} +{{- $actions := . -}} +{{- $allVerbs := list -}} +{{- range $action := $actions }} + {{- if eq $action "deleteMultiple" -}} + {{- $allVerbs = concat $allVerbs (list "delete" "list") -}} + {{- else if eq $action "restart" -}} + {{- $allVerbs = append $allVerbs "patch" -}} + {{- else -}} + {{- $allVerbs = append $allVerbs $action -}} + {{- end -}} +{{- end -}} +{{- $allVerbs | toJson -}} +{{- end -}} diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml index 0021acb16..b6a9ac64e 100644 --- a/charts/private-action-runner/templates/deployment.yaml +++ b/charts/private-action-runner/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: app: {{ include "chart.deploymentName" $runner.name }} service: {{ include "chart.serviceName" $runner.name }} annotations: - config-hash: {{ $runner.config | toJson | sha256sum }} + config-hash: {{ $runner | toJson | sha256sum }} spec: serviceAccountName: {{ include "chart.serviceAccountName" $runner.name }} tolerations: diff --git a/charts/private-action-runner/templates/role.yaml b/charts/private-action-runner/templates/role.yaml index a32f58e8f..17e65e76e 100644 --- a/charts/private-action-runner/templates/role.yaml +++ b/charts/private-action-runner/templates/role.yaml @@ -5,5 +5,15 @@ kind: ClusterRole metadata: namespace: {{ $.Release.Namespace }} name: {{ include "chart.roleName" $runner.name }} -rules: {{ $runner.kubernetesPermissions | toJson }} +rules: +{{- if $runner.kubernetesPermissions }} +{{ $runner.kubernetesPermissions | toYaml }} +{{- end }} +{{- if $runner.kubernetesActions }} + {{- range $resourceType, $bundle := fromYaml (include "chart.k8sResourceMap" .) }} + {{- if index $runner.kubernetesActions $resourceType }} + {{- include "rbacRule" (dict "apiGroup" (include "chart.k8sApiGroup" $bundle) "resource" (lower $resourceType) "verbs" (fromJsonArray (include "chart.k8sVerbs" (index $runner.kubernetesActions $resourceType))))}} + {{- end }} + {{- end }} +{{- end }} {{- end }} diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml index 792f68919..63c1d70b5 100644 --- a/charts/private-action-runner/templates/secrets.yaml +++ b/charts/private-action-runner/templates/secrets.yaml @@ -26,6 +26,20 @@ stringData: {{- range $action := $runner.config.actionsAllowlist }} - {{ $action }} {{- end }} + {{- if $runner.kubernetesActions }} + {{- range $resourceType, $bundle := fromYaml (include "chart.k8sResourceMap" .) }} + {{- range $verb := (index $runner.kubernetesActions $resourceType) }} + - com.datadoghq.kubernetes.{{ $bundle }}.{{ $verb }}{{ upper (substr 0 1 $resourceType)}}{{ substr 1 -1 (include "chart.k8sResourceSingular" $resourceType) }}{{ if eq $verb "deleteMultiple" }}s{{ end }} + {{- end }} + {{- end }} + {{- end }} + {{- if $runner.kubernetesActions }} + {{- if $runner.kubernetesActions.customObjects }} + {{- range $verb := index $runner.kubernetesActions.customObjects }} + - com.datadoghq.kubernetes.customresources.{{ $verb }}CustomObject{{ if eq $verb "deleteMultiple" }}s{{ end }} + {{- end }} + {{- end}} + {{- end}} {{- include "chart.credentialFiles" $ | indent 2 }} {{- include "chart.basicAuth" $ | indent 2 }} {{- include "chart.tokenAuth" $ | indent 2 }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index cea2568f3..4a767c14d 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -13,38 +13,14 @@ runners: - name: "default" # -- Number of pod instances for the Datadog Private Action Runner replicas: 1 - # -- List of Kubernetes permissions that the Datadog Private Action Runner has - kubernetesPermissions: - - apiGroups: - - "" - resources: - - "pods" - verbs: - - "list" - - "get" - # - "create" - # - "patch" - # - "update" - # - "delete" - - apiGroups: - - "apps" - resources: - - "deployments" - verbs: - - "list" - - "get" - # - "create" - # - "patch" - # - "update" - # - "delete" # -- Configuration for the Datadog Private Action Runner config: # -- Base URL of the Datadog app ddBaseURL: "https://app.datadoghq.com" # -- The runner's URN from the enrollment page - urn: "URN_FROM_CONFIG" + urn: "CHANGE_ME_URN_FROM_CONFIG" # -- The runner's privateKey from the enrollment page - privateKey: "PRIVATE_KEY_FROM_CONFIG" + privateKey: "CHANGE_ME_PRIVATE_KEY_FROM_CONFIG" # -- Modes that the runner can run in modes: - "workflowAutomation" @@ -52,63 +28,57 @@ runners: # -- Port for HTTP server liveness checks and App Builder mode port: 9016 # -- List of actions that the Datadog Private Action Runner is allowed to execute - actionsAllowlist: - - com.datadoghq.kubernetes.core.listPod - # you can also add from the following list - # - com.datadoghq.http.request - # - com.datadoghq.jenkins.buildJenkinsJob - # - com.datadoghq.jenkins.deleteJenkinsJob - # - com.datadoghq.jenkins.getJobStatus - # - com.datadoghq.kubernetes.apps.createDeployment - # - com.datadoghq.kubernetes.apps.getControllerRevision - # - com.datadoghq.kubernetes.apps.getDaemonSet - # - com.datadoghq.kubernetes.apps.getDeployment - # - com.datadoghq.kubernetes.apps.getReplicaSet - # - com.datadoghq.kubernetes.apps.getStatefulSet - # - com.datadoghq.kubernetes.apps.listControllerRevision - # - com.datadoghq.kubernetes.apps.listDaemonSet - # - com.datadoghq.kubernetes.apps.listDeployment - # - com.datadoghq.kubernetes.apps.listReplicaSet - # - com.datadoghq.kubernetes.apps.listStatefulSet - # - com.datadoghq.kubernetes.apps.restartDeployment - # - com.datadoghq.kubernetes.apps.updateDeployment - # - com.datadoghq.kubernetes.apps.updateReplicaSet - # - com.datadoghq.kubernetes.core.createNode - # - com.datadoghq.kubernetes.core.createPod - # - com.datadoghq.kubernetes.core.deleteMultiplePods - # - com.datadoghq.kubernetes.core.deletePod - # - com.datadoghq.kubernetes.core.getConfigMap - # - com.datadoghq.kubernetes.core.getEndpoints - # - com.datadoghq.kubernetes.core.getEvent - # - com.datadoghq.kubernetes.core.getLimitRange - # - com.datadoghq.kubernetes.core.getNamespace - # - com.datadoghq.kubernetes.core.getNode - # - com.datadoghq.kubernetes.core.getPersistentVolume - # - com.datadoghq.kubernetes.core.getPersistentVolumeClaim - # - com.datadoghq.kubernetes.core.getPod - # - com.datadoghq.kubernetes.core.getPodTemplate - # - com.datadoghq.kubernetes.core.getReplicationController - # - com.datadoghq.kubernetes.core.getResourceQuota - # - com.datadoghq.kubernetes.core.getService - # - com.datadoghq.kubernetes.core.getServiceAccount - # - com.datadoghq.kubernetes.core.listConfigMap - # - com.datadoghq.kubernetes.core.listEndpoints - # - com.datadoghq.kubernetes.core.listEvent - # - com.datadoghq.kubernetes.core.listLimitRange - # - com.datadoghq.kubernetes.core.listNamespace - # - com.datadoghq.kubernetes.core.listNode - # - com.datadoghq.kubernetes.core.listPersistentVolume - # - com.datadoghq.kubernetes.core.listPersistentVolumeClaim - # - com.datadoghq.kubernetes.core.listPodTemplate - # - com.datadoghq.kubernetes.core.listReplicationController - # - com.datadoghq.kubernetes.core.listResourceQuota - # - com.datadoghq.kubernetes.core.listService - # - com.datadoghq.kubernetes.core.listServiceAccount - # - com.datadoghq.kubernetes.core.updatePod - # - com.datadoghq.postgresql.select - # - com.datadoghq.temporal.getWorkflowResult - # - com.datadoghq.temporal.listWorkflows - # - com.datadoghq.temporal.runWorkflow + actionsAllowlist: [] + # -- Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account + kubernetesActions: + # -- Actions related to controllerRevisions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + controllerRevisions: [] + # -- Actions related to daemonSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + daemonSets: [] + # -- Actions related to deployments (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart") + deployments: [] + # -- Actions related to replicaSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + replicaSets: [] + # -- Actions related to statefulSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + statefulSets: [] + # -- Actions related to cronJobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + cronJobs: [] + # -- Actions related to configMaps (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + configMaps: [] + # -- Actions related to endpoints (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + endpoints: [] + # -- Actions related to events (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + events: [] + # -- Actions related to limitRanges (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + limitRanges: [] + # -- Actions related to namespaces (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + namespaces: [] + # -- Actions related to nodes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + nodes: [] + # -- Actions related to persistentVolumes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + persistentVolumes: [] + # -- Actions related to persistentVolumeClaims (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + persistentVolumeClaims: [] + # -- Actions related to pods (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + pods: ["get", "list"] + # -- Actions related to podTemplates (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + podTemplates: [] + # -- Actions related to replicationControllers (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + replicationControllers: [] + # -- Actions related to resourceQuotas (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + resourceQuotas: [] + # -- Actions related to services (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + services: [] + # -- Actions related to serviceAccounts (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + serviceAccounts: [] + # -- Actions related to customResourceDefinitions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + customResourceDefinitions: [] + # -- Actions related to jobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + jobs: [] + # -- Actions related to customObjects (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple"). You also need to add appropriate `kubernetesPermissions`. + customObjects: [] + # -- Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) + kubernetesPermissions: [] # -- List of credential files to be used by the Datadog Private Action Runner credentialFiles: [] From 0f893ff650631bccc7726a8a168577761c592362 Mon Sep 17 00:00:00 2001 From: Gabriel Dos Santos <91925154+gabedos@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:39:56 -0400 Subject: [PATCH 07/11] [CONTP-277] Expose k8s resource labels as tags to configure tagger (#1534) --- charts/datadog/CHANGELOG.md | 5 +++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +++- .../templates/_components-common-env.yaml | 8 +++++++ charts/datadog/values.yaml | 22 +++++++++++++++++++ 5 files changed, 39 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 31331df86..31166aad3 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 3.71.2 + +* Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger +* Add `datadog.kubernetesResourcesAnnotationsAsTags` to assign Kuberenetes Resources Annotations as tags in the tagger + ## 3.71.1 * Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a7c4361f9..75bee51bb 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.71.1 +version: 3.71.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index a7641a317..c02553f1f 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.71.1](https://img.shields.io/badge/Version-3.71.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.71.2](https://img.shields.io/badge/Version-3.71.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -750,6 +750,8 @@ helm install \ | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | +| datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | +| datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | | datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | | datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. | | datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 3ef5bb8f4..95b8016d3 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -46,6 +46,14 @@ - name: DD_KUBERNETES_NAMESPACE_ANNOTATIONS_AS_TAGS value: '{{ toJson .Values.datadog.namespaceAnnotationsAsTags }}' {{- end }} +{{- if .Values.datadog.kubernetesResourcesLabelsAsTags }} +- name: DD_KUBERNETES_RESOURCES_LABELS_AS_TAGS + value: '{{ toJson .Values.datadog.kubernetesResourcesLabelsAsTags }}' +{{- end}} +{{- if .Values.datadog.kubernetesResourcesAnnotationsAsTags }} +- name: DD_KUBERNETES_RESOURCES_ANNOTATIONS_AS_TAGS + value: '{{ toJson .Values.datadog.kubernetesResourcesAnnotationsAsTags }}' +{{- end}} - name: KUBERNETES value: "yes" {{- if .Values.datadog.site }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 720ecee6f..61e44ab83 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -254,6 +254,28 @@ datadog: # env: environment # : + # datadog.kubernetesResourcesLabelsAsTags -- Provide a mapping of Kubernetes Resources Labels to Datadog Tags + kubernetesResourcesLabelsAsTags: {} + # deployments.apps: + # x-team: team-from-label + # pods: + # x-ref: reference + # namespaces: + # kubernetes.io/metadata.name: name-as-tag + # : + # : + + # datadog.kubernetesResourcesAnnotationsAsTags -- Provide a mapping of Kubernetes Resources Annotations to Datadog Tags + kubernetesResourcesAnnotationsAsTags: {} + # deployments.apps: + # x-team: team-from-annotation + # pods: + # x-ann: annotation-reference + # namespaces: + # stale-annotation: annotation-as-tag + # : + # : + originDetectionUnified: # datadog.originDetectionUnified.enabled -- Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). enabled: false From 928581cae6911695a72e92fd16ed59da1944335c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Tue, 24 Sep 2024 18:06:12 +0200 Subject: [PATCH 08/11] [datadog/datadog] Update Agent/cluster Agent to `7.57.2` (#1535) * update to 7.57.2 * fix conflict from main --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 31166aad3..358be8229 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.72.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.57.2`. + ## 3.71.2 * Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 75bee51bb..3c92b8709 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.71.2 +version: 3.72.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c02553f1f..5febc2994 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.71.2](https://img.shields.io/badge/Version-3.71.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.72.0](https://img.shields.io/badge/Version-3.72.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.56.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.57.2"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.56.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.57.2"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -642,7 +642,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.56.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.57.2"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 61e44ab83..112183e57 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -997,7 +997,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.56.2 + tag: 7.57.2 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1490,7 +1490,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.56.2 + tag: 7.57.2 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1996,7 +1996,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.56.2 + tag: 7.57.2 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 0010864c7dc73dca25558a3f25bd20f26967c3e4 Mon Sep 17 00:00:00 2001 From: Ethan Wood-Thomas Date: Tue, 24 Sep 2024 15:13:11 -0400 Subject: [PATCH 09/11] [CONTINT-4406] add helm option to filter kubernetes events (#1517) * Add config option for datadog.kubernetesEvents.filteringEnabled * Added CI test and updated documentation * Allow filtering and unbundle to bet set to false --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/ci/cluster-agent-values.yaml | 1 + charts/datadog/templates/_kubernetes_apiserver_config.yaml | 7 +++++-- charts/datadog/templates/cluster-agent-deployment.yaml | 2 +- charts/datadog/values.yaml | 2 ++ 7 files changed, 16 insertions(+), 5 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 358be8229..b957845a9 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.72.1 + +* Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. + ## 3.72.0 * Set default `Agent` and `Cluster-Agent` version to `7.57.2`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 3c92b8709..33663741d 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.72.0 +version: 3.72.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5febc2994..17b2ab9c4 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.72.0](https://img.shields.io/badge/Version-3.72.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.72.1](https://img.shields.io/badge/Version-3.72.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -749,6 +749,7 @@ helm install \ | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | +| datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | | datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | diff --git a/charts/datadog/ci/cluster-agent-values.yaml b/charts/datadog/ci/cluster-agent-values.yaml index e51445d2b..ed84b4d0e 100644 --- a/charts/datadog/ci/cluster-agent-values.yaml +++ b/charts/datadog/ci/cluster-agent-values.yaml @@ -6,6 +6,7 @@ datadog: clusterChecks: enabled: true kubernetesEvents: + filteringEnabled: true unbundleEvents: true clusterTagger: collectKubernetesTags: true diff --git a/charts/datadog/templates/_kubernetes_apiserver_config.yaml b/charts/datadog/templates/_kubernetes_apiserver_config.yaml index 0454838a2..208e21594 100644 --- a/charts/datadog/templates/_kubernetes_apiserver_config.yaml +++ b/charts/datadog/templates/_kubernetes_apiserver_config.yaml @@ -1,10 +1,13 @@ {{- define "kubernetes_apiserver-config" -}} -{{- if and .Values.datadog.collectEvents .Values.datadog.kubernetesEvents.unbundleEvents -}} +{{- if .Values.datadog.collectEvents -}} kubernetes_apiserver.yaml: |- init_config: instances: - - unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} + - filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} + unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} + {{- if .Values.datadog.kubernetesEvents.unbundleEvents }} collected_event_types: {{ .Values.datadog.kubernetesEvents.collectedEventTypes | toYaml | nindent 8 }} + {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index bc89c75b9..e63d4b57c 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -451,7 +451,7 @@ spec: - key: helm.yaml path: helm.yaml {{- end }} -{{- if and .Values.datadog.collectEvents .Values.datadog.kubernetesEvents.unbundleEvents }} +{{- if .Values.datadog.collectEvents }} - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml {{- end }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 112183e57..1130d271f 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -391,6 +391,8 @@ datadog: # Configure Kubernetes events collection kubernetesEvents: + # datadog.kubernetesEvents.filteringEnabled -- Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). + filteringEnabled: false # datadog.kubernetesEvents.unbundleEvents -- Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). unbundleEvents: false # datadog.kubernetesEvents.collectedEventTypes -- Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. From dbf0d50e17deedef0147a26ad2a8d15dfc279fd8 Mon Sep 17 00:00:00 2001 From: AliDatadog <125997632+AliDatadog@users.noreply.github.com> Date: Wed, 25 Sep 2024 12:19:58 +0200 Subject: [PATCH 10/11] Add Azure Container Registry (#1537) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/templates/_helpers.tpl | 2 ++ charts/datadog/values.yaml | 3 ++- 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index b957845a9..2fd54654f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.73.0 + +* Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. + ## 3.72.1 * Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 33663741d..239449a1a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.72.1 +version: 3.73.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 17b2ab9c4..e4af954ef 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.72.1](https://img.shields.io/badge/Version-3.72.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.73.0](https://img.shields.io/badge/Version-3.73.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -875,7 +875,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | -| registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) | +| registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index a67ce9c9b..2060ada51 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -295,6 +295,8 @@ eu.gcr.io/datadoghq public.ecr.aws/datadog {{- else if eq .datadog.site "ap1.datadoghq.com" -}} asia.gcr.io/datadoghq +{{- else if eq .datadog.site "us3.datadoghq.com" -}} +datadoghq.azurecr.io {{- else -}} gcr.io/datadoghq {{- end -}} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 1130d271f..f3b04cd53 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -18,12 +18,13 @@ targetSystem: "linux" commonLabels: {} # team_name: dev -# registry -- Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) +# registry -- Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) ## Currently we offer Datadog Agent images on: ## GCR US - use gcr.io/datadoghq ## GCR Europe - use eu.gcr.io/datadoghq ## GCR Asia - use asia.gcr.io/datadoghq +## Azure - use datadoghq.azurecr.io ## AWS - use public.ecr.aws/datadog ## DockerHub - use docker.io/datadog registry: # gcr.io/datadoghq From 9a12ba803e479b95251edfdd84855284f396fd15 Mon Sep 17 00:00:00 2001 From: Celene Date: Wed, 25 Sep 2024 15:06:47 -0400 Subject: [PATCH 11/11] fix tests (#1538) --- .github/workflows/ci.yaml | 2 + ...gent-clusterchecks-deployment_default.yaml | 12 +- .../cluster-agent-deployment_default.yaml | 16 +-- ...loyment_default_advanced_AC_injection.yaml | 16 +-- ...ployment_default_minimal_AC_injection.yaml | 18 +-- test/datadog/baseline/daemonset_default.yaml | 16 +-- test/datadog/baseline/other_default.yaml | 111 ++++++++++-------- test/datadog/process_agent_test.go | 10 +- 8 files changed, 108 insertions(+), 93 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d6a4f786a..71b9159ea 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -4,6 +4,8 @@ on: pull_request: paths: - "charts/**" + paths-ignore: + - 'test/**' jobs: changed: diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 4cf8b1f8e..a629e6ffe 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 898b7de0d59fe1803c9e99f2010332dae52edfc36ef050f7f77c7ab12b8709c5 - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: e95c3aa09253f021e31a1ac5c7ee014e6454d2d5fee0482b0f253e12dab68afd + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index a7858e1f3..57a30d06a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1e89899244fb44ae50129b361b512027fd59eeec723dc4e43ec8c54084de2f92 - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: d786ae722980a2b7f91d4be2bf9eebfb9997a1fd85c3a0368c360cb060ed54fc + checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc + checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent resources: {} @@ -237,6 +237,8 @@ spec: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 32656490f..d6572693a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7991408bb52fa0f7419e6e11edf9a98b11a769fe9fd4574652c99d896a836f3a - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: 146a7a7f2e304ae7637352cb1ecd1fd9b92739626753086c8a562b3a848904fa + checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc + checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent resources: {} @@ -251,6 +251,8 @@ spec: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 25417c0a1..a461cb056 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 1c7f1ed04182e5250ad3cdd92f5e0549d68b792b85514efd1343d473b4b0ed31 - checksum/clusteragent-configmap: fa5c139d4a60573ab9b4ecd4827360c3718bde0bcaaf5c9f1eae8ae24ff48edf - checksum/api_key: 43fd540dba2ec5835bddb0920a960e152d63d0dc44c95cdb376dfd5c8c39bdd4 + checksum/clusteragent_token: 5df33a65f728b7353527940691335906c2e2a4837cf2545fc465c3ccbdecb7cd + checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc + checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent resources: {} @@ -119,7 +119,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.55.2 + value: 7.57.2 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -247,6 +247,8 @@ spec: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 4b877c588..0661feb0b 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: de542da9e3ea422b2ed413961187c1fe5bd28d1608c78a8bb16a4bc64b508e9b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 6b801cdee7b458f8dc8cf101150135babecf647416c222dcf109ae6517afefc4 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -202,7 +202,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -308,7 +308,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -405,7 +405,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -418,7 +418,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index cdb527639..202d88d15 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.73.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.73.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "Y2NkeDBJRG50UWdHTlRiUWtIMTNRV2x2Wkk2VVA5VEE=" + token: "RmllNXRpbDNzWGNCeXpsVFpPOUU4ZXUzSVZncU1NeFA=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -149,6 +149,11 @@ data: {} annotations_as_tags: {} + kubernetes_apiserver.yaml: |- + init_config: + instances: + - filtering_enabled: false + unbundle_events: false --- # Source: datadog/templates/install_info-configmap.yaml apiVersion: v1 @@ -157,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.69.3 + installer_version: datadog-3.73.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -179,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "ea017c66-3746-4347-86ef-32a14ddda1c7" - install_time: "1723838680" + install_id: "eadedf6d-d365-4d8d-860f-93fcf8617956" + install_time: "1727279193" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -409,7 +414,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -505,7 +510,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -553,7 +558,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -573,7 +578,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -593,7 +598,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -614,7 +619,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -633,7 +638,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -650,7 +655,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -672,7 +677,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -693,7 +698,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -716,7 +721,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -738,10 +743,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.73.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -764,10 +769,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.69.3" + chart: "datadog-3.73.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -793,7 +798,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -817,8 +822,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 2eda47b55579b010297762c6bc060f2992f6c3663c187124b71071457e50321d - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: a73a414b38d45377a23c51d2dc231cae02e9fcc4eb937bfe7d692f0f989e1391 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -829,7 +834,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -990,7 +995,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1096,7 +1101,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1193,7 +1198,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1206,7 +1211,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: - bash @@ -1311,7 +1316,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1341,8 +1346,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: df513ccb46ac6f45f78030ba267aede6b25632a9d5beda28d8d1e3edf07a1601 - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 76253444996a0411d5a94059333082990230f8818371b4c7b8493c5147e20108 + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1350,7 +1355,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1362,7 +1367,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1375,7 +1380,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.55.2" + image: "gcr.io/datadoghq/agent:7.57.2" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1502,7 +1507,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.69.3' + helm.sh/chart: 'datadog-3.73.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1532,15 +1537,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 61cab1de9ffa31fa392576b66b69e7fef5e5918ac8257f49fa119b96c0941f34 - checksum/clusteragent-configmap: 7d7437f233eef67301769d5141b59f31f12ac10c0354e17bf5ae9405058ea53b - checksum/install_info: 88c52cd7ef5158f4eb2738b4c3b575985b7d139c6b2a25213c46c5a6266e22e7 + checksum/clusteragent_token: 8d93968cf1fcd7528edb7c1d0667c1e200602d1dbcc33fbf7c7274cabc757ee1 + checksum/clusteragent-configmap: 65496f49f667006695458d448536cabbf214be02a08201234f491c7a3b50e1bd + checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent command: - cp @@ -1553,7 +1558,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.55.2" + image: "gcr.io/datadoghq/cluster-agent:7.57.2" imagePullPolicy: IfNotPresent resources: {} @@ -1733,6 +1738,8 @@ spec: items: - key: kubernetes_state_core.yaml.default path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml - name: config emptyDir: {} affinity: diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index 941bf00a7..a9f16bc4d 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -236,12 +236,12 @@ func Test_processAgentConfigs(t *testing.T) { ReleaseName: "datadog", ChartPath: "../../charts/datadog", ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml", "values/process-run-in-core-envvars.yaml" }, + Values: []string{"../../charts/datadog/values.yaml", "values/process-run-in-core-envvars.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "false", - "agents.image.doNotCheckTag": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + "agents.image.doNotCheckTag": "true", "datadog.processAgent.processCollection": "true", }, },