diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f843feadc..67a03d272 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -14,4 +14,5 @@ charts/datadog/templates/container-system-probe.yaml @DataDog/ebpf-platform @Dat charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers charts/datadog/templates/system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers charts/synthetics-private-location/ @Datadog/synthetics -charts/observability-pipelines-worker @DataDog/observability-pipelines-worker +charts/observability-pipelines-worker @DataDog/observability-pipelines +charts/datadog/templates/_container-trace-agent.yaml @DataDog/agent-apm @DataDog/container-helm-chart-maintainers diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8898bd32d..39b8d714e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -11,6 +11,9 @@ We aim to follow high quality standards, thus your PR must follow some rules: - Make sure your changes are compatible (or protected) with older Kubernetes version (CI will validate this down to 1.14) - Make sure you updated documentation (after bumping `Chart.yaml`) by running `.github/helm-docs.sh` +Additionally, your commits need to be signed and marked as verified by Github. See [About commit signature verification +](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification). + Our team will then happily review and merge contributions! ## Go Tests @@ -113,4 +116,4 @@ In each chart, the `README.md` file is generated from the corresponding `README. [pulumi]:https://www.pulumi.com/ [test-infra-repo]:https://github.com/DataDog/test-infra-definitions [agent-e2e-source]:https://github.com/DataDog/datadog-agent/tree/main/test/new-e2e -[test-infra-quickstart]:https://github.com/DataDog/test-infra-definitions#quick-start-guide \ No newline at end of file +[test-infra-quickstart]:https://github.com/DataDog/test-infra-definitions#quick-start-guide diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 893f772e8..3e4c23ef8 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 1.3.0 +* Update CRDs from Datadog Operator v1.3.0 tag. + ## 1.2.0 * Update CRDs from Datadog Operator v1.2.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 39f824957..416ef901b 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.2.0 +version: 1.3.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 2d4ec3365..40d5ee6d0 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -25,6 +25,7 @@ But the recommended Kubernetes versions are `1.16+`. | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | +| crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | fullnameOverride | string | `""` | Override the fully qualified app name | | migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | | migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index 56ea30924..d54a9d840 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -6064,6 +6064,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6119,6 +6121,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6275,6 +6279,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6291,6 +6300,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7501,148 +7535,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml index f4f45b7df..fd1004c1e 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml @@ -6053,6 +6053,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6108,6 +6110,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6264,6 +6268,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6280,6 +6289,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7490,148 +7524,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml new file mode 100644 index 000000000..d95be534c --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml @@ -0,0 +1,205 @@ +{{- if and .Values.crds.datadogSLOs (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogslos.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogSLO + listKind: DatadogSLOList + plural: datadogslos + shortNames: + - ddslo + singular: datadogslo + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controllerOptions: + description: ControllerOptions are the optional parameters in the DatadogSLO controller + properties: + disableRequiredTags: + description: DisableRequiredTags disables the automatic addition of required tags to SLOs. + type: boolean + type: object + description: + description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + type: string + groups: + description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + items: + type: string + type: array + x-kubernetes-list-type: set + monitorIDs: + description: MonitorIDs is a list of monitor IDs that defines the scope of a monitor service level objective. Required if type is monitor. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: set + name: + description: Name is the name of the service level objective. + type: string + query: + description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + properties: + denominator: + description: Denominator is a Datadog metric query for total (valid) events. + type: string + numerator: + description: Numerator is a Datadog metric query for good events. + type: string + required: + - denominator + - numerator + type: object + tags: + description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + items: + type: string + type: array + x-kubernetes-list-type: set + targetThreshold: + anyOf: + - type: integer + - type: string + description: TargetThreshold is the target threshold such that when the service level indicator is above this threshold over the given timeframe, the objective is being met. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeframe: + description: The SLO time window options. + type: string + type: + description: Type is the type of the service level objective. + type: string + warningThreshold: + anyOf: + - type: integer + - type: string + description: WarningThreshold is a optional warning threshold such that when the service level indicator is below this value for the given threshold, but above the target threshold, the objective appears in a "warning" state. This value must be greater than the target threshold. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - targetThreshold + - timeframe + - type + type: object + status: + description: DatadogSLOStatus defines the observed state of a DatadogSLO. + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogSLO. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the SLO was created. + format: date-time + type: string + creator: + description: Creator is the identity of the SLO creator. + type: string + currentHash: + description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + type: string + id: + description: ID is the SLO ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API SLO was last force synced with the DatadogSLO resource. + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the SLO state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index 167d4015e..c1ff364ce 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -59,3 +59,4 @@ download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents data download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 4ac5922dc..696f33411 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -9,6 +9,8 @@ crds: datadogAgents: false # crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD datadogMonitors: false + # crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD + datadogSLOs: false migration: datadogAgents: diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index f53c3f4d7..06d1f6fd5 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 1.4.1 + +* Add configuration for Operator flag `datadogSLOEnabled` : this parameter is used to enable the Datadog SLO Controller. It is disabled by default. + +## 1.4.0 + +* Update Datadog Operator version to 1.3.0. + ## 1.3.0 * Add configuration to mount volumes (`volumes` and `volumeMounts`) in the container. Empty by default. @@ -38,7 +46,7 @@ ## 1.0.6 -* Fix conversionWebhook.enabled parameter to correctly set user-configured value when enabling the conversion webhook. +* Fix conversionWebhook.enabled parameter to correctly set user-configured value when enabling the conversion webhook. ## 1.0.5 diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index 71be3d7ee..b6e053faf 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.2.0 -digest: sha256:f15e9cdbd781b18515ec93187be4b6e0b03ad5bdced752ab0fde493cf0b9ec5f -generated: "2023-10-04T10:24:15.813204-04:00" + version: 1.3.0 +digest: sha256:c0d897e7b5648db215c1c051fed5a3d431fadb1d92784ed0eb5b0f0f6574821e +generated: "2023-12-11T14:56:49.631017-05:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index bb9748999..67efc918e 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 1.3.0 -appVersion: 1.2.0 +version: 1.4.1 +appVersion: 1.3.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.2.0" + version: "=1.3.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 6cbc08d96..0e9d28def 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 1.4.1](https://img.shields.io/badge/Version-1.4.1-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) ## Values @@ -14,21 +14,23 @@ | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | -| datadogCRDs.crds.datadogAgents | bool | `true` | | -| datadogCRDs.crds.datadogMetrics | bool | `true` | | -| datadogCRDs.crds.datadogMonitors | bool | `true` | | +| datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | +| datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | +| datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | +| datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | datadogCRDs.migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | | datadogCRDs.migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | | datadogCRDs.migration.datadogAgents.conversionWebhook.namespace | string | `"default"` | | | datadogCRDs.migration.datadogAgents.useCertManager | bool | `false` | | | datadogCRDs.migration.datadogAgents.version | string | `"v2alpha1"` | | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | +| datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | | env | list | `[]` | Define any environment variables to be passed to the operator. | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.2.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.3.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) | @@ -118,7 +120,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.2.0 \ + --set image.tag=1.3.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/README.md.gotmpl b/charts/datadog-operator/README.md.gotmpl index 15058b06d..c21bb39ed 100644 --- a/charts/datadog-operator/README.md.gotmpl +++ b/charts/datadog-operator/README.md.gotmpl @@ -68,7 +68,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.2.0 \ + --set image.tag=1.3.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 152ef288f..2699c37c7 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -498,6 +498,38 @@ rules: - get - list - watch +- apiGroups: + - datadoghq.com + resources: + - datadogslos + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datadoghq.com + resources: + - datadogslos/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datadoghq.com + resources: + - datadogslos/status + verbs: + - get + - patch + - update - apiGroups: - external.metrics.k8s.io resources: diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index a3398d4d9..a8de14218 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -112,6 +112,9 @@ spec: {{- if (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} - "-datadogAgentEnabled={{ .Values.datadogAgent.enabled }}" {{- end }} + {{- if (semverCompare ">=1.3.0" .Values.image.tag) }} + - "-datadogSLOEnabled={{ .Values.datadogSLO.enabled }}" + {{- end }} ports: - name: metrics containerPort: {{ .Values.metricsPort }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index c49ac6f69..59101aff9 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -43,7 +43,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.2.0 + tag: 1.3.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) @@ -73,6 +73,9 @@ datadogAgent: datadogMonitor: # datadogMonitor.enabled -- Enables the Datadog Monitor controller enabled: false +datadogSLO: + # datadogSLO.enabled -- Enables the Datadog SLO controller + enabled: false rbac: # rbac.create -- Specifies whether the RBAC resources should be created create: true @@ -108,12 +111,14 @@ installCRDs: true datadogCRDs: crds: - # datadog-crds.crds.datadogAgents -- Set to true to deploy the DatadogAgents CRD + # datadogCRDs.crds.datadogAgents -- Set to true to deploy the DatadogAgents CRD datadogAgents: true - # datadog-crds.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD + # datadogCRDs.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD datadogMetrics: true - # datadog-crds.crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD + # datadogCRDs.crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD datadogMonitors: true + # datadogCRDs.crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD + datadogSLOs: false migration: datadogAgents: conversionWebhook: diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index bd3f84420..9e71c6719 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,9 +1,81 @@ # Datadog changelog -## 3.49.6 +## 3.53.4 * Add default container resource values for GKE Autopilot +## 3.53.3 + +* Update `fips.image.tag` to `1.1.1` + +## 3.53.2 + +* Exclude agent pod from labels injection from the admission controller + +## 3.53.1 + +* Update `fips.image.tag` to `1.1.0` + +## 3.53.0 + +* Add `otlp.logs.enabled` option to datadog agent to set the `DD_OTLP_CONFIG_LOGS_ENABLED` env variable. + +## 3.52.0 + +* Allow configuring CWS security profile features and enable drift events by default + +## 3.51.2 + +* Use correct kpi-telemetry-configmap in Cluster Agent and Trace Agent. + +## 3.51.1 + +* Parametrize the name of kpi-telemetry-configmap. + +## 3.51.0 + +* Add `DD_INSTRUMENTATION_INSTALL_TIME`, `DD_INSTRUMENTATION_INSTALL_ID`, `DD_INSTRUMENTATION_INSTALL_TYPE` env variables to the Trace and Cluster agents to support APM Telemetry KPIs. + +## 3.50.5 + +* Add option to use containerd snapshotter to generate SBOMs. + +## 3.50.4 + +* Mount host files for proper OS detection in SBOMs. + +## 3.50.3 + +* Set default `Agent` and `Cluster-Agent` version to `7.50.3`. + +## 3.50.2 + +* Support automatic registry selection based on `datadog.site` on GKE Autopilot. + +## 3.50.1 + +* Set default `Agent` and `Cluster-Agent` version to `7.50.2`. + +## 3.50.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.50.1`. + +## 3.49.9 + +* Update `fips.image.tag` to `1.0.1` + +## 3.49.8 + +* Mount host package manager database when host SBOM is enabled. + +## 3.49.7 + +Fix NOTES warning for APM Instrumentation + +## 3.49.6 + +Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in lastest versions of the agent. + ## 3.49.5 * Fix registry selection with GKE Autopilot until new registries are allowed. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 0188ad861..b5938ecc5 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.49.6 +version: 3.53.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 345659ecd..0a375646d 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.49.6](https://img.shields.io/badge/Version-3.49.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.53.4](https://img.shields.io/badge/Version-3.53.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.49.1"` | Define the Agent version to use | +| agents.image.tag | string | `"7.50.3"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -575,7 +575,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.49.1"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.50.3"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -626,7 +626,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.49.1"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.50.3"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | @@ -744,6 +744,7 @@ helm install \ | datadog.orchestratorExplorer.customResources | list | `[]` | Defines custom resources for the orchestrator explorer to collect | | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | +| datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | | datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.endpoint | string | `"0.0.0.0:4317"` | OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.useHostPort | bool | `true` | Enable the Host Port for the OTLP/gRPC endpoint | @@ -762,6 +763,7 @@ helm install \ | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | +| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `false` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | | datadog.secretAnnotations | object | `{}` | | | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | @@ -783,7 +785,8 @@ helm install \ | datadog.securityAgent.runtime.fimEnabled | bool | `false` | Set to true to enable Cloud Workload Security (CWS) File Integrity Monitoring | | datadog.securityAgent.runtime.network.enabled | bool | `true` | Set to true to enable the collection of CWS network events | | datadog.securityAgent.runtime.policies.configMap | string | `nil` | Contains CWS policies that will be used | -| datadog.securityAgent.runtime.securityProfile.enabled | bool | `false` | Set to true to enable CWS runtime anomaly detection | +| datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled | bool | `true` | Set to true to enable CWS runtime drift events | +| datadog.securityAgent.runtime.securityProfile.enabled | bool | `true` | Set to true to enable CWS runtime security profiles | | datadog.securityAgent.runtime.syscallMonitor.enabled | bool | `false` | Set to true to enable the Syscall monitoring (recommended for troubleshooting only) | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | | datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring | @@ -817,7 +820,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.0.0"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.1"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/ci/agent-sbom-snapshotter.yaml b/charts/datadog/ci/agent-sbom-snapshotter.yaml new file mode 100644 index 000000000..8986d417f --- /dev/null +++ b/charts/datadog/ci/agent-sbom-snapshotter.yaml @@ -0,0 +1,8 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + site: datadoghq.eu + sbom: + containerImage: + enabled: true + uncompressedLayersSupport: true diff --git a/charts/datadog/ci/system-probe-activity-dump-values.yaml b/charts/datadog/ci/system-probe-activity-dump-values.yaml index 0534cf769..cc15afe1f 100644 --- a/charts/datadog/ci/system-probe-activity-dump-values.yaml +++ b/charts/datadog/ci/system-probe-activity-dump-values.yaml @@ -7,3 +7,5 @@ datadog: enabled: true activityDump: enabled: true + securityProfile: + enabled: true diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 5a6041e24..c91017e0a 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -125,13 +125,13 @@ Trace Agent liveness probe port ({{ $liveness.port }}) is different from the con The Datadog Agent is listening on port {{ $apmPort }} for APM service. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled_namespaces .Values.datadog.apm.instrumentation.disabled_namespaces }} +{{- if and .Values.datadog.apm.instrumentation.enabledNamespaces .Values.datadog.apm.instrumentation.disabledNamespaces }} ################################################################################### #### ERROR: APM Single Step Instrumentation misconfiguration #### ################################################################################### -{{- fail "The options `datadog.apm.instrumentation.enabled_namespaces` and `datadog.apm.instrumentation.disabled_namespaces` cannot be set together." }} +{{- fail "The options `datadog.apm.instrumentation.enabledNamespaces` and `datadog.apm.instrumentation.disabledNamespaces` cannot be set together." }} {{- end }} @@ -161,28 +161,28 @@ The Datadog Agent is listening on port {{ $apmPort }} for APM service. #### WARNING: Configuration notice #### ################################################################# -You are using datadog.apm.instrumentation.enabled_namespaces but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. +You are using datadog.apm.instrumentation.enabledNamespaces but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. To enable it please set clusterAgent.enabled to 'true'. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.enabled_namespaces }} +{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.enabledNamespaces }} ################################################################# #### WARNING: Configuration notice #### ################################################################# -The options `datadog.apm.instrumentation.enabled` and `datadog.apm.instrumentation.enabled_namespaces` are set together. +The options `datadog.apm.instrumentation.enabled` and `datadog.apm.instrumentation.enabledNamespaces` are set together. APM Single Step Instrumentation will be enabled in the whole cluster. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.disabled_namespaces (not .Values.datadog.apm.instrumentation.enabled) }} +{{- if and .Values.datadog.apm.instrumentation.disabledNamespaces (not .Values.datadog.apm.instrumentation.enabled) }} ################################################################# #### WARNING: Configuration notice #### ################################################################# -The option `datadog.apm.instrumentation.disabled_namespaces` is set while `datadog.apm.instrumentation.enabled` is disabled. +The option `datadog.apm.instrumentation.disabledNamespaces` is set while `datadog.apm.instrumentation.enabled` is disabled. APM Single Step Instrumentation will be disabled in the whole cluster. {{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 854874efe..d7da8c1db 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" .Values.datadog.sbom.containerImage.uncompressedLayersSupport) | indent 2 }} resources: {{- if and (empty .Values.agents.containers.agent.resources) .Values.providers.gke.autopilot -}} {{ include "default-agent-container-resources" . | indent 4 }} @@ -175,9 +175,15 @@ - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} + {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT + value: "true" + {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: DD_SBOM_HOST_ENABLED value: "true" + - name: HOST_ROOT + value: /host {{- end }} {{- end }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} @@ -256,6 +262,42 @@ readOnly: true {{- end }} {{- end }} + {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + - name: host-containerd-dir + mountPath: /host/var/lib/containerd + readOnly: true + {{- end }} + {{- if .Values.datadog.sbom.host.enabled }} + - name: host-apk-dir + mountPath: /host/var/lib/apk + readOnly: true + - name: host-dpkg-dir + mountPath: /host/var/lib/dpkg + readOnly: true + - name: host-rpm-dir + mountPath: /host/var/lib/rpm + readOnly: true + {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} + - name: etc-redhat-release + mountPath: /host/etc/redhat-release + readOnly: true + {{- end }} + {{- if ne .Values.datadog.osReleasePath "/etc/fedora-release" }} + - name: etc-fedora-release + mountPath: /host/etc/fedora-release + readOnly: true + {{- end }} + {{- if ne .Values.datadog.osReleasePath "/etc/lsb-release" }} + - name: etc-lsb-release + mountPath: /host/etc/lsb-release + readOnly: true + {{- end }} + {{- if ne .Values.datadog.osReleasePath "/etc/system-release" }} + - name: etc-system-release + mountPath: /host/etc/system-release + readOnly: true + {{- end }} + {{- end }} {{- end }} {{- if eq .Values.targetSystem "windows" }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index a560ee6e0..574ddb406 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -54,6 +54,21 @@ - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap + key: install_type {{- include "additional-env-entries" .Values.agents.containers.traceAgent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.traceAgent.envDict | indent 4 }} volumeMounts: diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index 7307f1e45..dfb27ea2d 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -1,9 +1,6 @@ # The purpose of this template is to define a minimal set of environment # variables required to operate dedicated containers in the daemonset {{- define "containers-common-env" -}} -# Needs to be removed when Agent N-2 is built with Golang 1.17 -- name: GODEBUG - value: x509ignoreCN=0 - name: DD_API_KEY valueFrom: secretKeyRef: @@ -73,6 +70,7 @@ value: {{ .Values.datadog.containerExcludeLogs | quote }} {{- end }} {{- if .Values.datadog.otlp }} + {{- if .Values.datadog.otlp.receiver }} {{- if .Values.datadog.otlp.receiver.protocols }} {{- with .Values.datadog.otlp.receiver.protocols }} @@ -90,6 +88,12 @@ {{- end }} {{- end }} {{- end }} + +{{- with .Values.datadog.otlp.logs }} +- name: DD_OTLP_CONFIG_LOGS_ENABLED + value: {{ .enabled | quote }} +{{- end }} + {{- end }} {{- if eq (include "agent-has-env-ad" .) "true" }} {{- if .Values.datadog.dockerSocketPath }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 8ddb9ee95..636503362 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -9,13 +9,12 @@ - hostPath: path: /sys/fs/cgroup name: cgroups -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath) }} +{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file {{- end }} -{{- if eq (include "should-enable-system-probe" .) "true" }} -{{- if .Values.datadog.systemProbe.enableDefaultOsReleasePaths }} +{{- if or (and (eq (include "should-enable-system-probe" .) "true") .Values.datadog.systemProbe.enableDefaultOsReleasePaths) .Values.datadog.sbom.host.enabled }} - hostPath: path: /etc/redhat-release name: etc-redhat-release @@ -25,7 +24,9 @@ - hostPath: path: /etc/lsb-release name: etc-lsb-release -{{- end }} +- hostPath: + path: /etc/system-release + name: etc-system-release {{- end -}} {{- if eq (include "should-enable-fips" . ) "true" }} {{ include "linux-container-fips-proxy-cfg-volume" . }} @@ -146,6 +147,22 @@ path: / name: hostroot {{- end }} +{{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} +- hostPath: + path: /var/lib/containerd + name: host-containerd-dir +{{- end }} +{{- if .Values.datadog.sbom.host.enabled }} +- hostPath: + path: /var/lib/apk + name: host-apk-dir +- hostPath: + path: /var/lib/dpkg + name: host-dpkg-dir +- hostPath: + path: /var/lib/rpm + name: host-rpm-dir +{{- end }} {{- if eq (include "should-enable-security-agent" .) "true" }} {{- if .Values.datadog.securityAgent.compliance.enabled }} - hostPath: diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index feac94143..a66fc4e10 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -267,8 +267,6 @@ Return the proper registry based on datadog.site (requires .Values to be passed {{- define "registry" -}} {{- if .registry -}} {{- .registry -}} -{{- else if .providers.gke.autopilot -}} -gcr.io/datadoghq {{- else if eq .datadog.site "datadoghq.eu" -}} eu.gcr.io/datadoghq {{- else if eq .datadog.site "ddog-gov.com" -}} @@ -757,7 +755,12 @@ securityContext: {{- end -}} {{- else }} securityContext: +{{- if .sysAdmin }} +{{- $capabilities := dict "capabilities" (dict "add" (list "SYS_ADMIN")) }} +{{ toYaml (merge $capabilities .securityContext) | indent 2 }} +{{- else }} {{ toYaml .securityContext | indent 2 }} +{{- end -}} {{- if and .seccomp .kubeversion (semverCompare ">=1.19.0" .kubeversion) }} seccompProfile: {{- if hasPrefix "localhost/" .seccomp }} @@ -772,6 +775,9 @@ securityContext: {{- end }} {{- end -}} {{- end -}} +{{- else if .sysAdmin }} +securityContext: +{{ toYaml (dict "capabilities" (dict "add" (list "SYS_ADMIN"))) | indent 2 }} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 73b3f6b81..3e3204209 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -335,6 +335,21 @@ spec: value: {{ .Values.datadog.prometheusScrape.version | quote }} {{- end }} {{- end }} + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap + key: install_type {{- include "fips-envvar" . | nindent 10 }} {{- include "additional-env-entries" .Values.clusterAgent.env | indent 10 }} {{- include "additional-env-dict-entries" .Values.clusterAgent.envDict | indent 10 }} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 500f87fc0..5aba67ff2 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -9,6 +9,7 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" {{- if .Values.agents.additionalLabels }} {{ toYaml .Values.agents.additionalLabels | indent 4 }} {{- end }} @@ -58,6 +59,9 @@ spec: container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} + {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + container.apparmor.security.beta.kubernetes.io/agent: unconfined + {{- end }} {{- if .Values.agents.podAnnotations }} {{ tpl (toYaml .Values.agents.podAnnotations) . | indent 8 }} {{- end }} @@ -66,7 +70,7 @@ spec: shareProcessNamespace: {{ .Values.agents.shareProcessNamespace }} {{- end }} {{- if .Values.datadog.securityContext -}} - {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | nindent 6 }} + {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version ) | nindent 6 }} {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} {{- if .Values.agents.podSecurity.securityContext }} {{- if .Values.agents.podSecurity.securityContext.seLinuxOptions }} diff --git a/charts/datadog/templates/kpi-telemetry-configmap.yaml b/charts/datadog/templates/kpi-telemetry-configmap.yaml new file mode 100644 index 000000000..1ab531945 --- /dev/null +++ b/charts/datadog/templates/kpi-telemetry-configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap + namespace: {{ .Release.Namespace }} + labels: +{{ include "datadog.labels" . | indent 4 }} +data: + install_id: {{ uuidv4 | quote }} + install_type: k8s_manual + install_time: {{ now | unixEpoch | quote }} diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index c245ecc9e..233e18fda 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -70,6 +70,10 @@ data: {{ end }} security_profile: enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.enabled }} + anomaly_detection: + enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled }} + auto_suppression: + enabled: false {{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} --- diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 52a84adf0..af4973294 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -500,6 +500,9 @@ datadog: endpoint: "0.0.0.0:4318" # datadog.otlp.receiver.protocols.http.useHostPort -- Enable the Host Port for the OTLP/HTTP endpoint useHostPort: true + logs: + # datadog.otlp.logs.enabled -- Enable logs support in the OTLP ingest endpoint + enabled: false # datadog.envFrom -- Set environment variables for all Agents directly from configMaps and/or secrets @@ -706,6 +709,12 @@ datadog: # datadog.sbom.containerImage.enabled -- Enable SBOM collection for container images enabled: false + # datadog.sbom.containerImage.uncompressedLayersSupport -- Use container runtime snapshotter + # This should be set to true when using EKS, GKE or if containerd is configured to + # discard uncompressed layers. + # This feature will cause the SYS_ADMIN capability to be added to the Agent container. + uncompressedLayersSupport: false + host: # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems enabled: false @@ -767,8 +776,12 @@ datadog: enabled: false securityProfile: - # datadog.securityAgent.runtime.securityProfile.enabled -- Set to true to enable CWS runtime anomaly detection - enabled: false + # datadog.securityAgent.runtime.securityProfile.enabled -- Set to true to enable CWS runtime security profiles + enabled: true + + anomalyDetection: + # datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled -- Set to true to enable CWS runtime drift events + enabled: true ## Manage NetworkPolicy networkPolicy: @@ -874,7 +887,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.49.1 + tag: 7.50.3 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1267,7 +1280,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.0.0 + tag: 1.1.1 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent @@ -1310,7 +1323,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.49.1 + tag: 7.50.3 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1778,7 +1791,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.49.1 + tag: 7.50.3 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index f16dd70cd..6021faef1 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 1.8.0 + +* Official image `1.8.0` + +## 1.7.1 + +* Official image `1.7.1` + ## 1.7.0 * Official image `1.7.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 8a69de95c..fa6f7a36f 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "1.7.0" +version: "1.8.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "1.7.0" +appVersion: "1.8.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 86ffb2420..5b82ccaf1 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -111,7 +111,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"1.7.0"` | Specify the image tag to use. | +| image.tag | string | `"1.8.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 5405f6e26..b882888d1 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -44,7 +44,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 1.7.0 + tag: 1.8.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index cb41fa5d3..49cb64fc2 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,25 @@ # Datadog changelog +## 0.15.25 + +* Update private location image version to `1.44.0`. + +## 0.15.24 + +* Clarify the usage of `configSecret` + +## 0.15.23 + +* Add `priorityClassName` value to specify PriorityClass for pods. + +## 0.15.22 + +* Update private location image version to `1.43.0`. + +## 0.15.21 + +* Update private location image version to `1.42.0`. + ## 0.15.20 * Support `dnsPolicy` configuration. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 04c42a587..467126e38 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.20 -appVersion: 1.41.0 +version: 0.15.25 +appVersion: 1.44.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 1aa7f2d15..098c16bc2 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.20](https://img.shields.io/badge/Version-0.15.20-informational?style=flat-square) ![AppVersion: 1.41.0](https://img.shields.io/badge/AppVersion-1.41.0-informational?style=flat-square) +![Version: 0.15.25](https://img.shields.io/badge/Version-0.15.25-informational?style=flat-square) ![AppVersion: 1.44.0](https://img.shields.io/badge/AppVersion-1.44.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -29,7 +29,7 @@ helm install datadog/synthetics-private-location --set-file confi | commonLabels | object | `{}` | Labels to apply to all resources | | configConfigMap | string | `""` | Config Map that stores the configuration of the private location worker for the deployment | | configFile | string | `"{}"` | JSON string containing the configuration of the private location worker | -| configSecret | string | `""` | Secret that stores the configuration of the private location worker for the deployment | +| configSecret | string | `""` | Name of the secret that stores the configuration of the private location worker for the deployment. Use it only if you want to manage the secret outside of the Helm chart as using `configFile` will create a secret. The `data` inside the secret needs to have the key `synthetics-check-runner.json`. | | dnsPolicy | string | `"ClusterFirst"` | DNS Policy to set to the Datadog Synthetics Private Location PODs | | enableStatusProbes | bool | `false` | Enable both liveness and readiness probes (minimal private location image version required: 1.12.0) | | env | list | `[]` | Set environment variables | @@ -40,12 +40,13 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.41.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.44.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | | podAnnotations | object | `{}` | Annotations to set to Datadog Synthetics Private Location PODs | | podSecurityContext | object | `{}` | Security context to set to Datadog Synthetics Private Location PODs | +| priorityClassName | string | `""` | Allows to specify PriorityClass for Datadog Synthetics Private Location PODs | | replicaCount | int | `1` | Number of instances of Datadog Synthetics Private Location | | resources | object | `{}` | Set resources requests/limits for Datadog Synthetics Private Location PODs | | securityContext | object | `{}` | Security context to set to the Datadog Synthetics Private Location container | diff --git a/charts/synthetics-private-location/templates/deployment.yaml b/charts/synthetics-private-location/templates/deployment.yaml index 14c5a6fb8..0926e953c 100644 --- a/charts/synthetics-private-location/templates/deployment.yaml +++ b/charts/synthetics-private-location/templates/deployment.yaml @@ -21,6 +21,9 @@ spec: {{ if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy}} {{ end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 7e5c89a08..ac7c9705b 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.41.0 + tag: 1.44.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst @@ -91,7 +91,7 @@ configFile: "{}" # configConfigMap -- Config Map that stores the configuration of the private location worker for the deployment configConfigMap: "" -# configSecret -- Secret that stores the configuration of the private location worker for the deployment +# configSecret -- Name of the secret that stores the configuration of the private location worker for the deployment. Use it only if you want to manage the secret outside of the Helm chart as using `configFile` will create a secret. The `data` inside the secret needs to have the key `synthetics-check-runner.json`. configSecret: "" # envFrom -- Set environment variables from configMaps and/or secrets @@ -115,3 +115,7 @@ hostAliases: [] # enableStatusProbes -- Enable both liveness and readiness probes (minimal private location image version required: 1.12.0) enableStatusProbes: false # Requires to be in sync with `enableStatusProbes` in the configuration of the private location worker + + +# priorityClassName -- Allows to specify PriorityClass for Datadog Synthetics Private Location PODs +priorityClassName: "" diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index c0ce0fd2a..5e46ad034 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -6038,6 +6038,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6093,6 +6095,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6249,6 +6253,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6265,6 +6274,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7475,148 +7509,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/crds/datadoghq.com_datadogslos.yaml b/crds/datadoghq.com_datadogslos.yaml new file mode 100644 index 000000000..404c7c94b --- /dev/null +++ b/crds/datadoghq.com_datadogslos.yaml @@ -0,0 +1,198 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogslos.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogSLO + listKind: DatadogSLOList + plural: datadogslos + shortNames: + - ddslo + singular: datadogslo + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controllerOptions: + description: ControllerOptions are the optional parameters in the DatadogSLO controller + properties: + disableRequiredTags: + description: DisableRequiredTags disables the automatic addition of required tags to SLOs. + type: boolean + type: object + description: + description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + type: string + groups: + description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + items: + type: string + type: array + x-kubernetes-list-type: set + monitorIDs: + description: MonitorIDs is a list of monitor IDs that defines the scope of a monitor service level objective. Required if type is monitor. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: set + name: + description: Name is the name of the service level objective. + type: string + query: + description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + properties: + denominator: + description: Denominator is a Datadog metric query for total (valid) events. + type: string + numerator: + description: Numerator is a Datadog metric query for good events. + type: string + required: + - denominator + - numerator + type: object + tags: + description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + items: + type: string + type: array + x-kubernetes-list-type: set + targetThreshold: + anyOf: + - type: integer + - type: string + description: TargetThreshold is the target threshold such that when the service level indicator is above this threshold over the given timeframe, the objective is being met. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeframe: + description: The SLO time window options. + type: string + type: + description: Type is the type of the service level objective. + type: string + warningThreshold: + anyOf: + - type: integer + - type: string + description: WarningThreshold is a optional warning threshold such that when the service level indicator is below this value for the given threshold, but above the target threshold, the objective appears in a "warning" state. This value must be greater than the target threshold. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - targetThreshold + - timeframe + - type + type: object + status: + description: DatadogSLOStatus defines the observed state of a DatadogSLO. + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogSLO. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the SLO was created. + format: date-time + type: string + creator: + description: Creator is the identity of the SLO creator. + type: string + currentHash: + description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + type: string + id: + description: ID is the SLO ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API SLO was last force synced with the DatadogSLO resource. + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the SLO state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index e72b181c7..e1aefa046 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -8,7 +8,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.2.0' + helm.sh/chart: 'datadogCRDs-1.3.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -6043,6 +6043,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6098,6 +6100,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6254,6 +6258,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6270,6 +6279,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7480,148 +7514,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml index 9c893d51a..2130ebff3 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml @@ -9,7 +9,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.2.0' + helm.sh/chart: 'datadogCRDs-1.3.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -6054,6 +6054,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6109,6 +6111,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6265,6 +6269,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6281,6 +6290,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7491,148 +7525,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 1df383ea3..3b4bc62ee 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.3.0 + helm.sh/chart: datadog-operator-1.4.1 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.2.0" + image: "gcr.io/datadoghq/operator:1.3.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -55,6 +55,7 @@ spec: - "-webhookEnabled=false" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" + - "-datadogSLOEnabled=false" ports: - name: metrics containerPort: 8383 diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 11cd9f1ec..6684fe392 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.3.0 + helm.sh/chart: datadog-operator-1.4.1 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.2.0" + image: "gcr.io/datadoghq/operator:1.3.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -55,6 +55,7 @@ spec: - "-webhookEnabled=true" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" + - "-datadogSLOEnabled=false" ports: - name: metrics containerPort: 8383 diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index fe3424121..45c3d3fa0 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -130,7 +130,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.2.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.3.0", operatorContainer.Image) assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") }