From 6db36e96d98cc04096dfbcb30b4982155997c0c6 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 11 Nov 2024 17:53:26 -0500 Subject: [PATCH] Add providers.gke.gdc option to datadog chart (#1521) * wip * add providers.gke.gdc option to datadog chart * update test baselines * syntax fix * add back logs hostPaths * cleanup/wip * fixes, add test, update baselines * fix dd_nodename * fix test, bump version, update baselines * update readme, fix test * cleanup/refactor * apply review suggestions * bump chart version and update baselines/docs * remove redundant template --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 +- charts/datadog/ci/gke-gdc-values.yaml | 20 ++ .../templates/_components-common-env.yaml | 6 + .../datadog/templates/_container-agent.yaml | 10 +- .../_container-cri-volumemounts.yaml | 2 +- .../_container-host-release-volumemounts.yaml | 2 + .../templates/_container-trace-agent.yaml | 4 +- .../templates/_containers-common-env.yaml | 11 +- .../templates/_containers-init-linux.yaml | 12 +- .../templates/_daemonset-volumes-linux.yaml | 31 +- .../templates/_daemonset-volumes-windows.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 57 +++- .../templates/_processes-common-env.yaml | 4 +- charts/datadog/templates/daemonset.yaml | 2 +- charts/datadog/values.yaml | 3 + ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +- ...loyment_default_advanced_AC_injection.yaml | 10 +- ...ployment_default_minimal_AC_injection.yaml | 10 +- test/datadog/baseline/daemonset_default.yaml | 25 +- .../baseline/gdc_daemonset_default.yaml | 280 ++++++++++++++++ .../gdc_daemonset_logs_collection.yaml | 301 ++++++++++++++++++ test/datadog/baseline/other_default.yaml | 103 +++--- test/datadog/baseline_test.go | 36 +++ test/datadog/gdc_test.go | 90 ++++++ 27 files changed, 920 insertions(+), 126 deletions(-) create mode 100644 charts/datadog/ci/gke-gdc-values.yaml create mode 100644 test/datadog/baseline/gdc_daemonset_default.yaml create mode 100644 test/datadog/baseline/gdc_daemonset_logs_collection.yaml create mode 100644 test/datadog/gdc_test.go diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 9f81f85de..80dc04b8d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.79.0 + +* Add Logs Collection support for Google GKE on GDC + ## 3.78.0 * Set default `Agent` and `Cluster-Agent` version to `7.59.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a35ac09d1..5f4f70b25 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.78.0 +version: 3.79.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0e927ad0f..3ad8260ea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.78.0](https://img.shields.io/badge/Version-3.78.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.79.0](https://img.shields.io/badge/Version-3.79.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -879,6 +879,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | +| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/ci/gke-gdc-values.yaml b/charts/datadog/ci/gke-gdc-values.yaml new file mode 100644 index 000000000..1c6fcc087 --- /dev/null +++ b/charts/datadog/ci/gke-gdc-values.yaml @@ -0,0 +1,20 @@ +providers: + gke: + gdc: true + +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + + apm: + socketEnabled: false + portEnabled: false + + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true + + kubeStateMetricsCore: + enabled: true diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 0a58d9114..0ca7b0363 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -64,4 +64,10 @@ - name: DD_EXCLUDE_PAUSE_CONTAINER value: "false" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt +- name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key +{{- end }} {{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 5288da809..5219db7ed 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -121,7 +121,7 @@ - name: DD_HEALTH_PORT {{- $healthPort := .Values.agents.containers.agent.healthPort }} value: {{ $healthPort | quote }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} @@ -237,6 +237,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false @@ -262,6 +263,7 @@ mountPath: /etc/passwd readOnly: true {{- end }} + {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir mountPath: /opt/datadog-agent/run @@ -275,7 +277,7 @@ mountPath: /var/log/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if not .Values.datadog.criSocketPath }} + {{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - name: logdockercontainerpath mountPath: /var/lib/docker/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -338,6 +340,10 @@ {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} {{- end }} + {{- if .Values.providers.gke.gdc }} + - name: kubelet-cert-volume + mountPath: /certs + {{- end }} {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} diff --git a/charts/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/templates/_container-cri-volumemounts.yaml index fa85ce44e..af88ed5f3 100644 --- a/charts/datadog/templates/_container-cri-volumemounts.yaml +++ b/charts/datadog/templates/_container-cri-volumemounts.yaml @@ -1,5 +1,5 @@ {{- define "container-crisocket-volumemounts" -}} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if eq .Values.targetSystem "linux" }} - name: runtimesocketdir mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 7e3ad1ac4..b775b7953 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,4 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} +{{- if not .Values.providers.gke.gdc }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} @@ -9,3 +10,4 @@ readOnly: true {{- end }} {{- end }} +{{- end }} diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index c14094a09..66130e2f1 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -86,7 +86,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{- if not .Values.providers.gke.autopilot }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -99,6 +99,7 @@ - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket @@ -109,6 +110,7 @@ {{- end }} {{- end }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index faa496348..84428aeb1 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -30,6 +30,15 @@ - name: DD_KUBERNETES_HTTPS_KUBELET_PORT value: "0" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName +- name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" +{{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} - name: DD_HOSTNAME_FILE @@ -116,7 +125,7 @@ {{- end }} {{- end }} {{- else }} # No support for env AD -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }} - name: DD_CRI_SOCKET_PATH value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index 089555505..fd0636250 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,7 +1,7 @@ {{- define "containers-init-linux" -}} - name: init-volume {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -16,7 +16,7 @@ {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -26,9 +26,6 @@ args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: {{ template "datadog.logDirectoryPath" . }} - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path @@ -42,11 +39,16 @@ mountPath: /checks.d readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config mountPath: /etc/datadog-agent/system-probe.yaml diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index fe07cdc45..de1e13924 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -3,6 +3,14 @@ emptyDir: {} - name: tmpdir emptyDir: {} +- name: s6-run + emptyDir: {} +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +- name: confd + configMap: + name: {{ include "agents.confd-configmap-name" . }} +{{- end }} +{{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc name: procdir @@ -58,13 +66,6 @@ type: DirectoryOrCreate name: apmsocket {{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ include "agents.confd-configmap-name" . }} -{{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config configMap: @@ -183,6 +184,12 @@ name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} {{- end }} {{- end }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} +- hostPath: + path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} + name: runtimesocketdir +{{- end }} +{{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - hostPath: path: {{ template "datadog.hostMountRoot" . }}/logs @@ -193,15 +200,15 @@ - hostPath: path: /var/log/containers name: logscontainerspath -{{- if not .Values.datadog.criSocketPath }} +{{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - hostPath: path: /var/lib/docker/containers name: logdockercontainerpath {{- end }} {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} -- hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir +{{- if .Values.providers.gke.gdc }} +- secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume {{- end }} {{- end -}} diff --git a/charts/datadog/templates/_daemonset-volumes-windows.yaml b/charts/datadog/templates/_daemonset-volumes-windows.yaml index 39598e91b..55a606065 100644 --- a/charts/datadog/templates/_daemonset-volumes-windows.yaml +++ b/charts/datadog/templates/_daemonset-volumes-windows.yaml @@ -21,7 +21,7 @@ path: C:/ProgramData name: logdockercontainerpath {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} - hostPath: path: {{ template "datadog.dockerOrCriSocketPath" . }} name: runtimesocket diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 3b7b455a5..3a3eeced0 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -110,7 +110,7 @@ Create chart name and version as used by the chart label. Return true if the OTelAgent needs to be deployed */}} {{- define "should-enable-otel-agent" -}} -{{- if and .Values.datadog.otelCollector.enabled -}} +{{- if and .Values.datadog.otelCollector.enabled (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -237,6 +237,8 @@ Return agent host mount root {{- define "datadog.hostMountRoot" -}} {{- if .Values.providers.gke.autopilot -}} /var/autopilot/addon/datadog +{{- else if .Values.providers.gke.gdc -}} +/var/datadog {{- else -}} /var/lib/datadog-agent {{- end -}} @@ -340,7 +342,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -363,7 +365,7 @@ false Return true if the fips side car container should be created. */}} {{- define "should-enable-fips" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} true {{- else -}} false @@ -385,7 +387,7 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} true {{- else -}} false @@ -396,7 +398,7 @@ false Return true if the compliance features should be enabled. */}} {{- define "should-enable-compliance" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} true {{- else -}} false @@ -407,7 +409,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -420,7 +422,7 @@ Return true if the hostPid features should be enabled for the Agent pod. {{- define "should-enable-host-pid" -}} {{- if eq .Values.targetSystem "windows" -}} false -{{- else if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} +{{- else if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} true {{- else -}} false @@ -474,10 +476,10 @@ false {{- end -}} {{/* -Return true hostPath should be use for DSD socket. Return always false on GKE autopilot. +Return true hostPath should be use for DSD socket. Return always false on GKE autopilot or GDC. */}} {{- define "should-mount-hostPath-for-dsd-socket" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} {{- if .Values.datadog.dogstatsd.useSocketVolume -}} @@ -488,13 +490,13 @@ false {{- end -}} {{/* -Return true if a APM over UDS is configured. Return always false on GKE autopilot. +Return true if a APM over UDS is configured. Return always false on GKE Autopilot or Google Distributed Cloud. */}} {{- define "trace-agent-use-uds" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} -{{- if or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume -}} +{{- if and (or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -542,6 +544,9 @@ Returns provider kind {{- if .Values.providers.gke.autopilot -}} gke-autopilot {{- end -}} +{{- if .Values.providers.gke.gdc -}} +gke-gdc +{{- end -}} {{- end -}} {{/* @@ -854,7 +859,7 @@ In 7.36, `--config` was deprecated and `--cfgpath` should be used instead. {{/* Returns whether or not the underlying OS is Google Container-Optimized-OS -Note: GKE Autopilot clusters only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) +Note: GKE Autopilot only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) */}} {{- define "can-mount-host-usr-src" -}} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.cos -}} @@ -868,7 +873,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -879,7 +884,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) -}} +{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -902,11 +907,22 @@ Create RBACs for custom resources {{- end }} {{- end }} +{{/* + Return true if Container Runtime Support is enabled +*/}} +{{- define "container-runtime-support-enabled" -}} + {{- if and .Values.datadog.containerRuntimeSupport.enabled (not .Values.providers.gke.gdc) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if container image collection is enabled */}} {{- define "should-enable-container-image-collection" -}} - {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} + {{- if and (not (include "container-runtime-support-enabled" .)) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}} @@ -945,6 +961,9 @@ Create RBACs for custom resources Return true if any process-related check is enabled */}} {{- define "process-checks-enabled" -}} + {{- if .Values.providers.gke.gdc }} + false + {{- end -}} {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} true {{- else -}} @@ -967,6 +986,9 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if ne .Values.targetSystem "linux" -}} false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} @@ -982,6 +1004,9 @@ Create RBACs for custom resources Returns true if the process-agent container should be created. */}} {{- define "should-enable-process-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} true {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml index 41f723d26..65fcd07f8 100644 --- a/charts/datadog/templates/_processes-common-env.yaml +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -1,5 +1,6 @@ # Defines set of environment variables for Processes-related checks. {{- define "processes-common-envs" -}} +{{- if not .Values.providers.gke.gdc }} - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: {{ .Values.datadog.processAgent.processCollection | quote }} - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -11,5 +12,6 @@ {{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }} - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }} -{{- end }} +{{- end }} +{{- end }} {{- end -}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ad4b959a2..45dc64663 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: {{ include "containers-init-windows" . | nindent 6 }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} + {{- include "containers-init-linux" . | nindent 6 -}} {{- end }} {{- if and (eq (include "should-enable-system-probe" .) "true") (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} {{ include "system-probe-init" . | nindent 6 }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 1c1c9baf8..f7d49a2e4 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -2275,6 +2275,9 @@ providers: # providers.gke.cos -- Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) cos: false + # providers.gke.gdc -- Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) + gdc: false + eks: ec2: # providers.eks.ec2.useHostnameFromFile -- Use hostname from EC2 filesystem instead of fetching from metadata endpoint. diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index d920f7a94..f0d675e83 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 469c53bc0541e25237e65b1972c755bf51ba2a3faff0db4200a5e616c1a85ae6 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 7252ac95e9b7a2be76a893f29be97ba3ddfa93e988f208d18a1e4e410b6b9b7a + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 6319408cb..20f97b46b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 050ab49a451e1238668b8df86b20941fe655e87b3a55aa57497dea39ac9163c5 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: 789eaddd8ebf97ad196c8ccbad93bdfa98bebad0d60672807686f6587b30fe99 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 772799b96..567fca801 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 6723707eea64584b2ca85a11cd177a99c2fe52117542bffbdf61a38592a0b2a5 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: e3466aa95772fd657b731896232e59a2386ac6c1a38b0ab18cbdeb09156544e8 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 5edd494e5..6421f7579 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7d36a45b80acd6890bafa74cae91697ea7b85a2561cc27f38148d00607a734b4 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: 153bf4c7a1851a4a2b03bcb46a026255dda1d786c6a5b95827e5364391602e55 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index fcc8a00b5..15abb4696 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 36783249a1a56e6ad7e24b5b38037b6fa09535bcbf5d09bfa9ae9d87be97990e - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 36d1e9094d3cb200659405983a1c3aa58982bd20ea30a71974a01965e0df5ddf + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -77,6 +77,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -349,6 +350,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -405,9 +407,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -419,8 +419,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: @@ -429,12 +428,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -483,6 +482,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -500,8 +501,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml new file mode 100644 index 000000000..829e5c79f --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -0,0 +1,280 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.79.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: ac6f3df32a82b47f1cec6be0a9dce0cc1978c1f64fd5b75177734090bacf54da + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..46d33c986 --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,301 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.79.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: 009553ab18468f5e3c937f34ded921a712214a78b4cbd82f8233e4512e20390d + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: pointerdir + mountPath: /opt/datadog-agent/run + mountPropagation: None + readOnly: false # Need RW for logs pointer + - name: logpodpath + mountPath: /var/log/pods + mountPropagation: None + readOnly: true + - name: logscontainerspath + mountPath: /var/log/containers + mountPropagation: None + readOnly: true + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 151d23cce..b203ba643 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "b0pkcDdBWU9DZENhcDU1T2ZEbnRXMkxjbW9LT3phdEE=" + token: "VUhXVVpZMDVTb1Bnd2VxODM1bTRDcU43SFc0UEhTSng=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.78.0 + installer_version: datadog-3.79.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "417924d1-f1c7-4c44-b681-a4b82f54d07d" - install_time: "1731094912" + install_id: "3111252e-d253-4641-b8b3-30b9c6be6466" + install_time: "1731360232" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: dbcee8ba14e360a887c9426f7a91014cf4c59f37e317f7084bb28729aedcfb38 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: f00581a69706d733ac0c8e932c003a67a287dff70bc15af0030fff5a1e66e0cd + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -871,6 +871,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1144,6 +1145,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1200,9 +1202,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -1214,8 +1214,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: @@ -1224,12 +1223,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -1278,6 +1277,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -1295,8 +1296,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd @@ -1322,7 +1321,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1351,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: cc7c556be49df89c9540b1769bcc9af7f787d18b2770ccf885920cd3c3867fd2 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 0f3c4653bf6f20423353df3b2c09b545f377c8943c78e038a764c08ee01e7cec + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1514,7 +1513,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,9 +1543,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 982bf49be535679f1005e6648f369a19b8525b1f802f5874952fcf32b5b56bfe - checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: dc1e3efaa7c41119e5e666c61d458d5dd5b608c3f5be3e7044f14e087aadeca2 + checksum/clusteragent-configmap: 01caadfa4eb3983f3938c37d3a44a51e3ca2969b2d5ffff36f24d025f3246067 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 8118d5128..baf66fe53 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -113,6 +113,42 @@ func Test_baseline_manifests(t *testing.T) { baselineManifestPath: "./baseline/other_default.yaml", assertions: verifyUntypedResources, }, + { + name: "GDC DaemonSet default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "GDC DaemonSet logs collection enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", + assertions: verifyDaemonset, + }, } for _, tt := range tests { diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go new file mode 100644 index 000000000..b8b2ecf98 --- /dev/null +++ b/test/datadog/gdc_test.go @@ -0,0 +1,90 @@ +package datadog + +import ( + "fmt" + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "testing" +) + +var allowedHostPaths = map[string]interface{}{ + "/var/datadog/logs": nil, + "/var/log/pods": nil, + "/var/log/containers": nil, +} + +func Test_gdcConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "agents.image.doNotCheckTag": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + assertions: verifyDaemonsetGDCMinimal, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { + var ds appsv1.DaemonSet + common.Unmarshal(t, manifest, &ds) + agentContainer := &corev1.Container{} + + assert.Equal(t, 1, len(ds.Spec.Template.Spec.Containers)) + + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Name == "agent" { + agentContainer = &container + } + } + + assert.NotNil(t, agentContainer) + + var validHostPath = true + for _, volume := range ds.Spec.Template.Spec.Volumes { + if volume.HostPath != nil { + _, validHostPath = allowedHostPaths[volume.HostPath.Path] + assert.True(t, validHostPath, fmt.Sprintf("DaemonSet has restricted hostPath mounted: %s ", volume.HostPath.Path)) + } + } + + validPorts := true + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Ports != nil { + for _, port := range container.Ports { + if port.HostPort > 0 { + validPorts = false + break + } + } + } + } + assert.True(t, validPorts, "Daemonset has restricted hostPort mounted.") +}