Add providers.gke.gdc option to datadog chart (#1521)

* wip * add providers.gke.gdc option to datadog chart * update test baselines * syntax fix * add back logs hostPaths * cleanup/wip * fixes, add test, update baselines * fix dd_nodename * fix test, bump version, update baselines * update readme, fix test * cleanup/refactor * apply review suggestions * bump chart version and update baselines/docs * remove redundant template
DataDog · Nov 11, 2024 · 6db36e9 · 6db36e9
1 parent db5854c
commit 6db36e9
Show file tree

Hide file tree

Showing 27 changed files with 920 additions and 126 deletions.
diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Datadog changelog
 
+## 3.79.0
+
+* Add Logs Collection support for Google GKE on GDC
+
 ## 3.78.0
 
 * Set default `Agent` and `Cluster-Agent` version to `7.59.0`.

diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: datadog
-version: 3.78.0
+version: 3.79.0
 appVersion: "7"
 description: Datadog Agent
 keywords:

diff --git a/charts/datadog/README.md b/charts/datadog/README.md
@@ -1,6 +1,6 @@
 # Datadog
 
-![Version: 3.78.0](https://img.shields.io/badge/Version-3.78.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
+![Version: 3.79.0](https://img.shields.io/badge/Version-3.79.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
 
 [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).
 
@@ -879,6 +879,7 @@ helm install <RELEASE_NAME> \
 | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. |
 | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot |
 | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) |
+| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) |
 | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) |
 | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. |
 | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) |

diff --git a/charts/datadog/ci/gke-gdc-values.yaml b/charts/datadog/ci/gke-gdc-values.yaml
@@ -0,0 +1,20 @@
+providers:
+  gke:
+    gdc: true
+
+datadog:
+  apiKey: "00000000000000000000000000000000"
+  appKey: "0000000000000000000000000000000000000000"
+
+  apm:
+    socketEnabled: false
+    portEnabled: false
+
+  logs:
+    enabled: true
+    containerCollectAll: true
+    containerCollectUsingFiles: true
+    autoMultiLineDetection: true
+
+  kubeStateMetricsCore:
+    enabled: true
diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml
@@ -64,4 +64,10 @@
 - name: DD_EXCLUDE_PAUSE_CONTAINER
   value: "false"
 {{- end }}
+{{- if .Values.providers.gke.gdc }}
+- name: DD_KUBELET_CLIENT_CRT
+  value: /certs/tls.crt
+- name: DD_KUBELET_CLIENT_KEY
+  value: /certs/tls.key
+{{- end }}
 {{- end }}
diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml
@@ -121,7 +121,7 @@
     - name: DD_HEALTH_PORT
     {{- $healthPort := .Values.agents.containers.agent.healthPort }}
       value: {{ $healthPort | quote }}
-    {{- if eq .Values.targetSystem "linux" }}
+    {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }}
     - name: DD_DOGSTATSD_SOCKET
       value: {{ .Values.datadog.dogstatsd.socketPath | quote }}
     {{- end }}
@@ -237,6 +237,7 @@
       readOnly: true
     {{- end }}
     {{- if eq .Values.targetSystem "linux" }}
+    {{- if not .Values.providers.gke.gdc }}
     - name: dsdsocket
       mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
       readOnly: false
@@ -262,6 +263,7 @@
       mountPath: /etc/passwd
       readOnly: true
     {{- end }}
+    {{- end }}
     {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }}
     - name: pointerdir
       mountPath: /opt/datadog-agent/run
@@ -275,7 +277,7 @@
       mountPath: /var/log/containers
       mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
       readOnly: true
-    {{- if not .Values.datadog.criSocketPath }}
+    {{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }}
     - name: logdockercontainerpath
       mountPath: /var/lib/docker/containers
       mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
@@ -338,6 +340,10 @@
     {{- if .Values.datadog.kubelet.hostCAPath }}
 {{ include "datadog.kubelet.volumeMount" . | indent 4 }}
     {{- end }}
+    {{- if .Values.providers.gke.gdc }}
+    - name: kubelet-cert-volume
+      mountPath: /certs
+    {{- end }}
 {{- if .Values.agents.volumeMounts }}
 {{ toYaml .Values.agents.volumeMounts | indent 4 }}
 {{- end }}

diff --git a/charts/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/templates/_container-cri-volumemounts.yaml
@@ -1,5 +1,5 @@
 {{- define "container-crisocket-volumemounts" -}}
-{{- if .Values.datadog.containerRuntimeSupport.enabled }}
+{{- if (eq (include  "container-runtime-support-enabled" .) "true") }}
 {{- if eq .Values.targetSystem "linux" }}
 - name: runtimesocketdir
   mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }}

diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml
@@ -1,4 +1,5 @@
 {{- define "linux-container-host-release-volumemounts" -}}
+{{- if not .Values.providers.gke.gdc }}
 {{- if eq (include "should-enable-system-probe" .) "true" }}
 - name: os-release-file
   mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }}
@@ -9,3 +10,4 @@
   readOnly: true
 {{- end }}
 {{- end }}
+{{- end }}
diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml
@@ -86,7 +86,7 @@
       readOnly: true
     {{- end }}
     {{- if eq .Values.targetSystem "linux" }}
-    {{- if not .Values.providers.gke.autopilot }}
+    {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }}
     - name: procdir
       mountPath: /host/proc
       mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
@@ -99,6 +99,7 @@
     - name: tmpdir
       mountPath: /tmp
       readOnly: false # Need RW for tmp directory
+    {{- if not .Values.providers.gke.gdc }}
     - name: dsdsocket
       mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }}
       readOnly: false # Need RW for UDS DSD socket
@@ -109,6 +110,7 @@
     {{- end }}
     {{- end }}
     {{- include "container-crisocket-volumemounts" . | nindent 4 }}
+    {{- end }}
     {{- include "container-cloudinit-volumemounts" . | nindent 4 }}
     {{- if .Values.datadog.kubelet.hostCAPath }}
 {{ include "datadog.kubelet.volumeMount" . | indent 4 }}

diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml
@@ -30,6 +30,15 @@
 - name: DD_KUBERNETES_HTTPS_KUBELET_PORT
   value: "0"
 {{- end }}
+{{- if .Values.providers.gke.gdc }}
+- name: DD_NODE_NAME
+  valueFrom:
+    fieldRef:
+      apiVersion: v1
+      fieldPath: spec.nodeName
+- name: DD_HOSTNAME
+  value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)"
+{{- end }}
 {{- if eq .Values.targetSystem "linux" }}
 {{- if .Values.providers.eks.ec2.useHostnameFromFile }}
 - name: DD_HOSTNAME_FILE
@@ -116,7 +125,7 @@
 {{- end }}
 {{- end }}
 {{- else }} # No support for env AD
-{{- if .Values.datadog.containerRuntimeSupport.enabled }}
+{{- if (eq (include  "container-runtime-support-enabled" .) "true") }}
 {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }}
 - name: DD_CRI_SOCKET_PATH
   value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }}

diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml
@@ -1,7 +1,7 @@
 {{- define "containers-init-linux" -}}
 - name: init-volume
 {{- if not .Values.providers.gke.autopilot }}
-{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }}
+{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }}
 {{- end }}
   image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}"
   imagePullPolicy: {{ .Values.agents.image.pullPolicy }}
@@ -16,7 +16,7 @@
 {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }}
 - name: init-config
 {{- if not .Values.providers.gke.autopilot }}
-{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }}
+{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }}
 {{- end }}
   image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}"
   imagePullPolicy: {{ .Values.agents.image.pullPolicy }}
@@ -26,9 +26,6 @@
   args:
     - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done
   volumeMounts:
-    - name: logdatadog
-      mountPath: {{ template "datadog.logDirectoryPath" . }}
-      readOnly: false # Need RW to write logs
     - name: config
       mountPath: /etc/datadog-agent
       readOnly: false # Need RW for config path
@@ -42,11 +39,16 @@
       mountPath: /checks.d
       readOnly: true
     {{- end }}
+    {{- if not .Values.providers.gke.gdc }}
+    - name: logdatadog
+      mountPath: {{ template "datadog.logDirectoryPath" . }}
+      readOnly: false # Need RW to write logs
     - name: procdir
       mountPath: /host/proc
       mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }}
       readOnly: true
     {{- include "container-crisocket-volumemounts" . | nindent 4 }}
+    {{- end }}
     {{- if eq (include "should-enable-system-probe" .) "true" }}
     - name: sysprobe-config
       mountPath: /etc/datadog-agent/system-probe.yaml

diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml
@@ -3,6 +3,14 @@
   emptyDir: {}
 - name: tmpdir
   emptyDir: {}
+- name: s6-run
+  emptyDir: {}
+{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }}
+- name: confd
+  configMap:
+    name: {{ include "agents.confd-configmap-name" . }}
+{{- end }}
+{{- if not .Values.providers.gke.gdc }}
 - hostPath:
     path: /proc
   name: procdir
@@ -58,13 +66,6 @@
     type: DirectoryOrCreate
   name: apmsocket
 {{- end }}
-- name: s6-run
-  emptyDir: {}
-{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }}
-- name: confd
-  configMap:
-    name: {{ include "agents.confd-configmap-name" . }}
-{{- end }}
 {{- if eq (include "should-enable-system-probe" .) "true" }}
 - name: sysprobe-config
   configMap:
@@ -183,6 +184,12 @@
     name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }}
 {{- end }}
 {{- end }}
+{{- if (eq (include  "container-runtime-support-enabled" .) "true") }}
+- hostPath:
+    path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }}
+  name: runtimesocketdir
+{{- end }}
+{{- end }}
 {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }}
 - hostPath:
     path: {{ template "datadog.hostMountRoot" . }}/logs
@@ -193,15 +200,15 @@
 - hostPath:
     path: /var/log/containers
   name: logscontainerspath
-{{- if not .Values.datadog.criSocketPath }}
+{{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }}
 - hostPath:
     path: /var/lib/docker/containers
   name: logdockercontainerpath
 {{- end }}
 {{- end }}
-{{- if .Values.datadog.containerRuntimeSupport.enabled }}
-- hostPath:
-    path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }}
-  name: runtimesocketdir
+{{- if .Values.providers.gke.gdc }}
+- secret:
+    secretName: datadog-kubelet-cert
+  name: kubelet-cert-volume
 {{- end }}
 {{- end -}}
diff --git a/charts/datadog/templates/_daemonset-volumes-windows.yaml b/charts/datadog/templates/_daemonset-volumes-windows.yaml
@@ -21,7 +21,7 @@
     path: C:/ProgramData
   name: logdockercontainerpath
 {{- end }}
-{{- if .Values.datadog.containerRuntimeSupport.enabled }}
+{{- if (eq (include  "container-runtime-support-enabled" .) "true") }}
 - hostPath:
     path: {{ template "datadog.dockerOrCriSocketPath" . }}
   name: runtimesocket