From 377b08593892d10e62d66a373bc7070425db5ae0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Wed, 6 Dec 2023 13:57:38 +0100 Subject: [PATCH 01/31] Get rid of the old GODEBUG=x509ignoreCN=0 hack (#1264) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_containers-common-env.yaml | 3 --- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index a3d9bf744..b3409dcc3 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.49.6 + +Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in lastest versions of the agent. + ## 3.49.5 Fix registry selection with GKE Autopilot until new registries are allowed. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 13418a8c4..0188ad861 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.49.5 +version: 3.49.6 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index aeba43e37..5ec0723ea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.49.5](https://img.shields.io/badge/Version-3.49.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.49.6](https://img.shields.io/badge/Version-3.49.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index 7307f1e45..50f70e8a8 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -1,9 +1,6 @@ # The purpose of this template is to define a minimal set of environment # variables required to operate dedicated containers in the daemonset {{- define "containers-common-env" -}} -# Needs to be removed when Agent N-2 is built with Golang 1.17 -- name: GODEBUG - value: x509ignoreCN=0 - name: DD_API_KEY valueFrom: secretKeyRef: From c9fdd3f759303f0b5f27f8a633a1a92e5e4509ad Mon Sep 17 00:00:00 2001 From: Liliya Belaus <59583867+liliyadd@users.noreply.github.com> Date: Wed, 6 Dec 2023 16:33:59 -0500 Subject: [PATCH 02/31] Fix NOTES for APM Instrumentation (#1261) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/NOTES.txt | 14 +++++++------- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index b3409dcc3..8cb8ef42f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.49.7 + +Fix NOTES warning for APM Instrumentation + ## 3.49.6 Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in lastest versions of the agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 0188ad861..6c0321472 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.49.6 +version: 3.49.7 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 5ec0723ea..285ab86a8 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.49.6](https://img.shields.io/badge/Version-3.49.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.49.7](https://img.shields.io/badge/Version-3.49.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 5a6041e24..c91017e0a 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -125,13 +125,13 @@ Trace Agent liveness probe port ({{ $liveness.port }}) is different from the con The Datadog Agent is listening on port {{ $apmPort }} for APM service. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled_namespaces .Values.datadog.apm.instrumentation.disabled_namespaces }} +{{- if and .Values.datadog.apm.instrumentation.enabledNamespaces .Values.datadog.apm.instrumentation.disabledNamespaces }} ################################################################################### #### ERROR: APM Single Step Instrumentation misconfiguration #### ################################################################################### -{{- fail "The options `datadog.apm.instrumentation.enabled_namespaces` and `datadog.apm.instrumentation.disabled_namespaces` cannot be set together." }} +{{- fail "The options `datadog.apm.instrumentation.enabledNamespaces` and `datadog.apm.instrumentation.disabledNamespaces` cannot be set together." }} {{- end }} @@ -161,28 +161,28 @@ The Datadog Agent is listening on port {{ $apmPort }} for APM service. #### WARNING: Configuration notice #### ################################################################# -You are using datadog.apm.instrumentation.enabled_namespaces but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. +You are using datadog.apm.instrumentation.enabledNamespaces but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. To enable it please set clusterAgent.enabled to 'true'. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.enabled_namespaces }} +{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.enabledNamespaces }} ################################################################# #### WARNING: Configuration notice #### ################################################################# -The options `datadog.apm.instrumentation.enabled` and `datadog.apm.instrumentation.enabled_namespaces` are set together. +The options `datadog.apm.instrumentation.enabled` and `datadog.apm.instrumentation.enabledNamespaces` are set together. APM Single Step Instrumentation will be enabled in the whole cluster. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.disabled_namespaces (not .Values.datadog.apm.instrumentation.enabled) }} +{{- if and .Values.datadog.apm.instrumentation.disabledNamespaces (not .Values.datadog.apm.instrumentation.enabled) }} ################################################################# #### WARNING: Configuration notice #### ################################################################# -The option `datadog.apm.instrumentation.disabled_namespaces` is set while `datadog.apm.instrumentation.enabled` is disabled. +The option `datadog.apm.instrumentation.disabledNamespaces` is set while `datadog.apm.instrumentation.enabled` is disabled. APM Single Step Instrumentation will be disabled in the whole cluster. {{- end }} From 6041a41cf671c30ead77b87e63a44687cdccd504 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Mon, 11 Dec 2023 14:38:03 -0500 Subject: [PATCH 03/31] CRD update from 1.3.0 (#1243) * CRD update from 1.3.0-rc.1 * Update changelog, version, doc --- charts/datadog-crds/CHANGELOG.md | 3 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 3 +- .../datadoghq.com_datadogagents_v1.yaml | 176 +++------------ .../datadoghq.com_datadogagents_v1beta1.yaml | 176 +++------------ .../datadoghq.com_datadogslos_v1.yaml | 205 ++++++++++++++++++ charts/datadog-crds/update-crds.sh | 1 + charts/datadog-crds/values.yaml | 2 + crds/datadoghq.com_datadogagents.yaml | 176 +++------------ crds/datadoghq.com_datadogslos.yaml | 198 +++++++++++++++++ 10 files changed, 514 insertions(+), 428 deletions(-) create mode 100644 charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml create mode 100644 crds/datadoghq.com_datadogslos.yaml diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 893f772e8..3e4c23ef8 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 1.3.0 +* Update CRDs from Datadog Operator v1.3.0 tag. + ## 1.2.0 * Update CRDs from Datadog Operator v1.2.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 39f824957..416ef901b 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.2.0 +version: 1.3.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 2d4ec3365..40d5ee6d0 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -25,6 +25,7 @@ But the recommended Kubernetes versions are `1.16+`. | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | +| crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | fullnameOverride | string | `""` | Override the fully qualified app name | | migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | | migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index 56ea30924..d54a9d840 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -6064,6 +6064,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6119,6 +6121,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6275,6 +6279,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6291,6 +6300,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7501,148 +7535,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml index f4f45b7df..fd1004c1e 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml @@ -6053,6 +6053,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6108,6 +6110,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6264,6 +6268,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6280,6 +6289,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7490,148 +7524,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml new file mode 100644 index 000000000..d95be534c --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml @@ -0,0 +1,205 @@ +{{- if and .Values.crds.datadogSLOs (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogslos.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogSLO + listKind: DatadogSLOList + plural: datadogslos + shortNames: + - ddslo + singular: datadogslo + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controllerOptions: + description: ControllerOptions are the optional parameters in the DatadogSLO controller + properties: + disableRequiredTags: + description: DisableRequiredTags disables the automatic addition of required tags to SLOs. + type: boolean + type: object + description: + description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + type: string + groups: + description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + items: + type: string + type: array + x-kubernetes-list-type: set + monitorIDs: + description: MonitorIDs is a list of monitor IDs that defines the scope of a monitor service level objective. Required if type is monitor. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: set + name: + description: Name is the name of the service level objective. + type: string + query: + description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + properties: + denominator: + description: Denominator is a Datadog metric query for total (valid) events. + type: string + numerator: + description: Numerator is a Datadog metric query for good events. + type: string + required: + - denominator + - numerator + type: object + tags: + description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + items: + type: string + type: array + x-kubernetes-list-type: set + targetThreshold: + anyOf: + - type: integer + - type: string + description: TargetThreshold is the target threshold such that when the service level indicator is above this threshold over the given timeframe, the objective is being met. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeframe: + description: The SLO time window options. + type: string + type: + description: Type is the type of the service level objective. + type: string + warningThreshold: + anyOf: + - type: integer + - type: string + description: WarningThreshold is a optional warning threshold such that when the service level indicator is below this value for the given threshold, but above the target threshold, the objective appears in a "warning" state. This value must be greater than the target threshold. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - targetThreshold + - timeframe + - type + type: object + status: + description: DatadogSLOStatus defines the observed state of a DatadogSLO. + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogSLO. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the SLO was created. + format: date-time + type: string + creator: + description: Creator is the identity of the SLO creator. + type: string + currentHash: + description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + type: string + id: + description: ID is the SLO ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API SLO was last force synced with the DatadogSLO resource. + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the SLO state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index 167d4015e..c1ff364ce 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -59,3 +59,4 @@ download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents data download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 4ac5922dc..696f33411 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -9,6 +9,8 @@ crds: datadogAgents: false # crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD datadogMonitors: false + # crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD + datadogSLOs: false migration: datadogAgents: diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index c0ce0fd2a..5e46ad034 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -6038,6 +6038,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6093,6 +6095,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6249,6 +6253,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6265,6 +6274,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7475,148 +7509,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/crds/datadoghq.com_datadogslos.yaml b/crds/datadoghq.com_datadogslos.yaml new file mode 100644 index 000000000..404c7c94b --- /dev/null +++ b/crds/datadoghq.com_datadogslos.yaml @@ -0,0 +1,198 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogslos.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogSLO + listKind: DatadogSLOList + plural: datadogslos + shortNames: + - ddslo + singular: datadogslo + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controllerOptions: + description: ControllerOptions are the optional parameters in the DatadogSLO controller + properties: + disableRequiredTags: + description: DisableRequiredTags disables the automatic addition of required tags to SLOs. + type: boolean + type: object + description: + description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + type: string + groups: + description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + items: + type: string + type: array + x-kubernetes-list-type: set + monitorIDs: + description: MonitorIDs is a list of monitor IDs that defines the scope of a monitor service level objective. Required if type is monitor. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: set + name: + description: Name is the name of the service level objective. + type: string + query: + description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + properties: + denominator: + description: Denominator is a Datadog metric query for total (valid) events. + type: string + numerator: + description: Numerator is a Datadog metric query for good events. + type: string + required: + - denominator + - numerator + type: object + tags: + description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + items: + type: string + type: array + x-kubernetes-list-type: set + targetThreshold: + anyOf: + - type: integer + - type: string + description: TargetThreshold is the target threshold such that when the service level indicator is above this threshold over the given timeframe, the objective is being met. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeframe: + description: The SLO time window options. + type: string + type: + description: Type is the type of the service level objective. + type: string + warningThreshold: + anyOf: + - type: integer + - type: string + description: WarningThreshold is a optional warning threshold such that when the service level indicator is below this value for the given threshold, but above the target threshold, the objective appears in a "warning" state. This value must be greater than the target threshold. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - targetThreshold + - timeframe + - type + type: object + status: + description: DatadogSLOStatus defines the observed state of a DatadogSLO. + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogSLO. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the SLO was created. + format: date-time + type: string + creator: + description: Creator is the identity of the SLO creator. + type: string + currentHash: + description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + type: string + id: + description: ID is the SLO ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API SLO was last force synced with the DatadogSLO resource. + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the SLO state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] From 896a355268ff6b3cfd33f945ae373912caa8b6e4 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Tue, 12 Dec 2023 10:46:51 -0500 Subject: [PATCH 04/31] Update Operator chart for 1.3.0 release (#1268) --- charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 13 +- charts/datadog-operator/README.md.gotmpl | 2 +- charts/datadog-operator/values.yaml | 10 +- .../baseline/DatadogAgent_CRD_default.yaml | 178 ++++-------------- .../DatadogAgent_CRD_with_certManager.yaml | 178 ++++-------------- .../baseline/Operator_Deployment_default.yaml | 6 +- .../Operator_Deployment_with_certManager.yaml | 6 +- .../operator_deployment_test.go | 2 +- 10 files changed, 97 insertions(+), 310 deletions(-) diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index 71be3d7ee..b6e053faf 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.2.0 -digest: sha256:f15e9cdbd781b18515ec93187be4b6e0b03ad5bdced752ab0fde493cf0b9ec5f -generated: "2023-10-04T10:24:15.813204-04:00" + version: 1.3.0 +digest: sha256:c0d897e7b5648db215c1c051fed5a3d431fadb1d92784ed0eb5b0f0f6574821e +generated: "2023-12-11T14:56:49.631017-05:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index bb9748999..f823dac9c 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 1.3.0 -appVersion: 1.2.0 +version: 1.4.0 +appVersion: 1.3.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.2.0" + version: "=1.3.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 6cbc08d96..3f62a9502 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) ## Values @@ -14,9 +14,10 @@ | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | -| datadogCRDs.crds.datadogAgents | bool | `true` | | -| datadogCRDs.crds.datadogMetrics | bool | `true` | | -| datadogCRDs.crds.datadogMonitors | bool | `true` | | +| datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | +| datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | +| datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | +| datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | datadogCRDs.migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | | datadogCRDs.migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | | datadogCRDs.migration.datadogAgents.conversionWebhook.namespace | string | `"default"` | | @@ -28,7 +29,7 @@ | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.2.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.3.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) | @@ -118,7 +119,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.2.0 \ + --set image.tag=1.3.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/README.md.gotmpl b/charts/datadog-operator/README.md.gotmpl index 15058b06d..c21bb39ed 100644 --- a/charts/datadog-operator/README.md.gotmpl +++ b/charts/datadog-operator/README.md.gotmpl @@ -68,7 +68,7 @@ You can update with the following: ``` helm upgrade \ datadog-operator datadog/datadog-operator \ - --set image.tag=1.2.0 \ + --set image.tag=1.3.0 \ --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ --set datadogCRDs.migration.datadogAgents.useCertManager=true \ --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index c49ac6f69..8adc5fa97 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -43,7 +43,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.2.0 + tag: 1.3.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) @@ -108,12 +108,14 @@ installCRDs: true datadogCRDs: crds: - # datadog-crds.crds.datadogAgents -- Set to true to deploy the DatadogAgents CRD + # datadogCRDs.crds.datadogAgents -- Set to true to deploy the DatadogAgents CRD datadogAgents: true - # datadog-crds.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD + # datadogCRDs.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD datadogMetrics: true - # datadog-crds.crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD + # datadogCRDs.crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD datadogMonitors: true + # datadogCRDs.crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD + datadogSLOs: false migration: datadogAgents: conversionWebhook: diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index e72b181c7..e1aefa046 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -8,7 +8,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.2.0' + helm.sh/chart: 'datadogCRDs-1.3.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -6043,6 +6043,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6098,6 +6100,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6254,6 +6258,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6270,6 +6279,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7480,148 +7514,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml index 9c893d51a..2130ebff3 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml @@ -9,7 +9,7 @@ metadata: creationTimestamp: null name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.2.0' + helm.sh/chart: 'datadogCRDs-1.3.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -6054,6 +6054,8 @@ spec: type: object originDetectionEnabled: type: boolean + tagCardinality: + type: string unixDomainSocketConfig: properties: enabled: @@ -6109,6 +6111,8 @@ spec: port: format: int32 type: integer + registerAPIService: + type: boolean useDatadogMetrics: type: boolean wpaController: @@ -6265,6 +6269,11 @@ spec: type: object type: object type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object prometheusScrape: properties: additionalConfigs: @@ -6281,6 +6290,31 @@ spec: enabled: type: boolean type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object tcpQueueLength: properties: enabled: @@ -7491,148 +7525,6 @@ spec: type: string type: object type: object - securityContextConstraints: - properties: - create: - type: boolean - customConfiguration: - properties: - allowHostDirVolumePlugin: - type: boolean - allowHostIPC: - type: boolean - allowHostNetwork: - type: boolean - allowHostPID: - type: boolean - allowHostPorts: - type: boolean - allowPrivilegedContainer: - type: boolean - allowedCapabilities: - items: - type: string - type: array - allowedFlexVolumes: - items: - properties: - driver: - type: string - type: object - type: array - apiVersion: - type: string - defaultAddCapabilities: - items: - type: string - type: array - fsGroup: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - groups: - items: - type: string - type: array - kind: - type: string - metadata: - type: object - priority: - format: int32 - type: integer - readOnlyRootFilesystem: - type: boolean - requiredDropCapabilities: - items: - type: string - type: array - runAsUser: - properties: - type: - type: string - uid: - format: int64 - type: integer - uidRangeMax: - format: int64 - type: integer - uidRangeMin: - format: int64 - type: integer - type: object - seLinuxContext: - properties: - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - type: - type: string - type: object - seccompProfiles: - items: - type: string - type: array - supplementalGroups: - properties: - ranges: - items: - properties: - max: - format: int64 - type: integer - min: - format: int64 - type: integer - type: object - type: array - type: - type: string - type: object - users: - items: - type: string - type: array - volumes: - items: - type: string - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - allowedFlexVolumes - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - type: object serviceAccountName: type: string tolerations: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 1df383ea3..a11c498cd 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.3.0 + helm.sh/chart: datadog-operator-1.4.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.2.0" + image: "gcr.io/datadoghq/operator:1.3.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 11cd9f1ec..6bafc8ee9 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.3.0 + helm.sh/chart: datadog-operator-1.4.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.3.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.2.0" + image: "gcr.io/datadoghq/operator:1.3.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index fe3424121..45c3d3fa0 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -130,7 +130,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.2.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.3.0", operatorContainer.Image) assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") } From 9be773d2dc3e9efe0a3f1291a0ea9f6c82eb369a Mon Sep 17 00:00:00 2001 From: Jesse Szwedko Date: Fri, 15 Dec 2023 10:30:06 -0500 Subject: [PATCH 05/31] Release OPW 1.7.1 chart (#1271) Signed-off-by: Jesse Szwedko --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index f16dd70cd..8c1f63b2a 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.7.1 + +* Official image `1.7.1` + ## 1.7.0 * Official image `1.7.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 8a69de95c..a27ae2bcf 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "1.7.0" +version: "1.7.1" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "1.7.0" +appVersion: "1.7.1" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 86ffb2420..fe423708a 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 1.7.0](https://img.shields.io/badge/Version-1.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.1](https://img.shields.io/badge/AppVersion-1.7.1-informational?style=flat-square) ## How to use Datadog Helm repository From fbd293f7f327cc4027eb875d0f401b8bf6cc2f63 Mon Sep 17 00:00:00 2001 From: Volodymyr Linevych <4980689+vlinevych@users.noreply.github.com> Date: Mon, 18 Dec 2023 18:25:01 +0100 Subject: [PATCH 06/31] Parameter to enable SLO controller: rebase and sign (#1273) * Parameter to enable SLO controller: rebase and sign * Parameter to enable SLO controller: rebase and sign, pt2 --- charts/datadog-operator/CHANGELOG.md | 10 +++++- charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 +- .../templates/clusterrole.yaml | 32 +++++++++++++++++++ .../templates/deployment.yaml | 3 ++ charts/datadog-operator/values.yaml | 3 ++ .../baseline/Operator_Deployment_default.yaml | 3 +- .../Operator_Deployment_with_certManager.yaml | 3 +- 8 files changed, 54 insertions(+), 5 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index f53c3f4d7..06d1f6fd5 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 1.4.1 + +* Add configuration for Operator flag `datadogSLOEnabled` : this parameter is used to enable the Datadog SLO Controller. It is disabled by default. + +## 1.4.0 + +* Update Datadog Operator version to 1.3.0. + ## 1.3.0 * Add configuration to mount volumes (`volumes` and `volumeMounts`) in the container. Empty by default. @@ -38,7 +46,7 @@ ## 1.0.6 -* Fix conversionWebhook.enabled parameter to correctly set user-configured value when enabling the conversion webhook. +* Fix conversionWebhook.enabled parameter to correctly set user-configured value when enabling the conversion webhook. ## 1.0.5 diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index f823dac9c..67efc918e 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 1.4.0 +version: 1.4.1 appVersion: 1.3.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 3f62a9502..0e9d28def 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 1.4.1](https://img.shields.io/badge/Version-1.4.1-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) ## Values @@ -24,6 +24,7 @@ | datadogCRDs.migration.datadogAgents.useCertManager | bool | `false` | | | datadogCRDs.migration.datadogAgents.version | string | `"v2alpha1"` | | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | +| datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | | env | list | `[]` | Define any environment variables to be passed to the operator. | | fullnameOverride | string | `""` | | diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 152ef288f..2699c37c7 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -498,6 +498,38 @@ rules: - get - list - watch +- apiGroups: + - datadoghq.com + resources: + - datadogslos + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datadoghq.com + resources: + - datadogslos/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - datadoghq.com + resources: + - datadogslos/status + verbs: + - get + - patch + - update - apiGroups: - external.metrics.k8s.io resources: diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index a3398d4d9..a8de14218 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -112,6 +112,9 @@ spec: {{- if (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} - "-datadogAgentEnabled={{ .Values.datadogAgent.enabled }}" {{- end }} + {{- if (semverCompare ">=1.3.0" .Values.image.tag) }} + - "-datadogSLOEnabled={{ .Values.datadogSLO.enabled }}" + {{- end }} ports: - name: metrics containerPort: {{ .Values.metricsPort }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 8adc5fa97..59101aff9 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -73,6 +73,9 @@ datadogAgent: datadogMonitor: # datadogMonitor.enabled -- Enables the Datadog Monitor controller enabled: false +datadogSLO: + # datadogSLO.enabled -- Enables the Datadog SLO controller + enabled: false rbac: # rbac.create -- Specifies whether the RBAC resources should be created create: true diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index a11c498cd..3b4bc62ee 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.4.0 + helm.sh/chart: datadog-operator-1.4.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.3.0" app.kubernetes.io/managed-by: Helm @@ -55,6 +55,7 @@ spec: - "-webhookEnabled=false" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" + - "-datadogSLOEnabled=false" ports: - name: metrics containerPort: 8383 diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml index 6bafc8ee9..6684fe392 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.4.0 + helm.sh/chart: datadog-operator-1.4.1 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.3.0" app.kubernetes.io/managed-by: Helm @@ -55,6 +55,7 @@ spec: - "-webhookEnabled=true" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" + - "-datadogSLOEnabled=false" ports: - name: metrics containerPort: 8383 From 4de654052cbaa9acb13b63e972ebb4d3bb224b27 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Tue, 19 Dec 2023 19:31:01 +0100 Subject: [PATCH 07/31] Mount host package manager database when host SBOM is enabled (#1259) * Mount host filesystem when host SBOM is enabled * Only mount host package manager directories * Bump version to 3.49.8 --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 13 +++++++++++++ .../templates/_daemonset-volumes-linux.yaml | 17 +++++++++++++---- 5 files changed, 33 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 8cb8ef42f..2bc6aea58 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.49.8 + +* Mount host package manager database when host SBOM is enabled. + ## 3.49.7 Fix NOTES warning for APM Instrumentation @@ -10,7 +14,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.49.5 -Fix registry selection with GKE Autopilot until new registries are allowed. +* Fix registry selection with GKE Autopilot until new registries are allowed. ## 3.49.4 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 6c0321472..e720c20b6 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.49.7 +version: 3.49.8 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 285ab86a8..91038fbb7 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.49.7](https://img.shields.io/badge/Version-3.49.7-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.49.8](https://img.shields.io/badge/Version-3.49.8-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 4786b1516..249f9111c 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -174,6 +174,8 @@ {{- if .Values.datadog.sbom.host.enabled }} - name: DD_SBOM_HOST_ENABLED value: "true" + - name: HOST_ROOT + value: /host {{- end }} {{- end }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} @@ -252,6 +254,17 @@ readOnly: true {{- end }} {{- end }} + {{- if .Values.datadog.sbom.host.enabled }} + - name: host-apk-dir + mountPath: /host/var/lib/apk + readOnly: true + - name: host-dpkg-dir + mountPath: /host/var/lib/dpkg + readOnly: true + - name: host-rpm-dir + mountPath: /host/var/lib/rpm + readOnly: true + {{- end }} {{- end }} {{- if eq .Values.targetSystem "windows" }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 8ddb9ee95..8e6245960 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -9,13 +9,12 @@ - hostPath: path: /sys/fs/cgroup name: cgroups -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath) }} +{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file {{- end }} -{{- if eq (include "should-enable-system-probe" .) "true" }} -{{- if .Values.datadog.systemProbe.enableDefaultOsReleasePaths }} +{{- if or (and (eq (include "should-enable-system-probe" .) "true") .Values.datadog.systemProbe.enableDefaultOsReleasePaths) .Values.datadog.sbom.host.enabled }} - hostPath: path: /etc/redhat-release name: etc-redhat-release @@ -25,7 +24,6 @@ - hostPath: path: /etc/lsb-release name: etc-lsb-release -{{- end }} {{- end -}} {{- if eq (include "should-enable-fips" . ) "true" }} {{ include "linux-container-fips-proxy-cfg-volume" . }} @@ -146,6 +144,17 @@ path: / name: hostroot {{- end }} +{{- if .Values.datadog.sbom.host.enabled }} +- hostPath: + path: /var/lib/apk + name: host-apk-dir +- hostPath: + path: /var/lib/dpkg + name: host-dpkg-dir +- hostPath: + path: /var/lib/rpm + name: host-rpm-dir +{{- end }} {{- if eq (include "should-enable-security-agent" .) "true" }} {{- if .Values.datadog.securityAgent.compliance.enabled }} - hostPath: From 7b947d7993ed9f6b0afc6ade646ea1f27141abfc Mon Sep 17 00:00:00 2001 From: Nicolas Guerguadj <35628945+Kaderinho@users.noreply.github.com> Date: Wed, 20 Dec 2023 14:23:03 +0100 Subject: [PATCH 08/31] chore: update FIPS Proxy version to 1.0.1 (#1275) Signed-off-by: Nicolas Guerguadj --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 2bc6aea58..45e17a57d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.49.9 + +* Update `fips.image.tag` to `1.0.1` + ## 3.49.8 * Mount host package manager database when host SBOM is enabled. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e720c20b6..c5d9c0137 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.49.8 +version: 3.49.9 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 91038fbb7..4bf1e03ae 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.49.8](https://img.shields.io/badge/Version-3.49.8-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.49.9](https://img.shields.io/badge/Version-3.49.9-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -816,7 +816,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.0.0"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.0.1"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index ace54fbde..2b1edc00b 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1259,7 +1259,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.0.0 + tag: 1.0.1 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From f32cccf08c63899d9e2eec50bc0b2d121a06ff72 Mon Sep 17 00:00:00 2001 From: Jake Pruitt Date: Thu, 21 Dec 2023 16:05:51 +0100 Subject: [PATCH 09/31] [Synthetics] Bump private location version (#1255) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index cb41fa5d3..986541bc2 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.21 + +* Update private location image version to `1.42.0`. + ## 0.15.20 * Support `dnsPolicy` configuration. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 04c42a587..1d75a24d1 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.20 -appVersion: 1.41.0 +version: 0.15.21 +appVersion: 1.42.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 1aa7f2d15..0ca5db759 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.20](https://img.shields.io/badge/Version-0.15.20-informational?style=flat-square) ![AppVersion: 1.41.0](https://img.shields.io/badge/AppVersion-1.41.0-informational?style=flat-square) +![Version: 0.15.21](https://img.shields.io/badge/Version-0.15.21-informational?style=flat-square) ![AppVersion: 1.42.0](https://img.shields.io/badge/AppVersion-1.42.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -40,7 +40,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.41.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.42.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 7e5c89a08..21e408eab 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.41.0 + tag: 1.42.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 6d42ad79dac0750fc2cc3e01922486e20d00bac7 Mon Sep 17 00:00:00 2001 From: David Ortiz Date: Wed, 3 Jan 2024 15:47:26 +0100 Subject: [PATCH 10/31] [datadog] Update agents to 7.50.1 (#1279) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 45e17a57d..fab98de30 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.50.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.50.1`. + ## 3.49.9 * Update `fips.image.tag` to `1.0.1` diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index c5d9c0137..ac83a6cd6 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.49.9 +version: 3.50.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 4bf1e03ae..f15155cb1 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.49.9](https://img.shields.io/badge/Version-3.49.9-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.50.0](https://img.shields.io/badge/Version-3.50.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.49.1"` | Define the Agent version to use | +| agents.image.tag | string | `"7.50.1"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -574,7 +574,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.49.1"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.50.1"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -625,7 +625,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.49.1"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.50.1"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 2b1edc00b..a5dd46193 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -874,7 +874,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.49.1 + tag: 7.50.1 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1302,7 +1302,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.49.1 + tag: 7.50.1 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1770,7 +1770,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.49.1 + tag: 7.50.1 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 44140a92241926d72e2dcb6659ebcbfddff86c34 Mon Sep 17 00:00:00 2001 From: David Ortiz Date: Thu, 4 Jan 2024 17:12:16 +0100 Subject: [PATCH 11/31] [datadog] Update agents to 7.50.2 (#1283) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index fab98de30..29eb1936c 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.50.1 + +* Set default `Agent` and `Cluster-Agent` version to `7.50.2`. + ## 3.50.0 * Set default `Agent` and `Cluster-Agent` version to `7.50.1`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index ac83a6cd6..8c8130328 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.50.0 +version: 3.50.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index f15155cb1..6a5b32a16 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.50.0](https://img.shields.io/badge/Version-3.50.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.50.1](https://img.shields.io/badge/Version-3.50.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.50.1"` | Define the Agent version to use | +| agents.image.tag | string | `"7.50.2"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -574,7 +574,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.50.1"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.50.2"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -625,7 +625,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.50.1"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.50.2"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index a5dd46193..4ef3eae0b 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -874,7 +874,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.50.1 + tag: 7.50.2 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1302,7 +1302,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.50.1 + tag: 7.50.2 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1770,7 +1770,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.50.1 + tag: 7.50.2 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 756039787375b2c1cac50351f9b33d4bcf35dcaa Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 4 Jan 2024 14:13:12 -0500 Subject: [PATCH 12/31] Support new registries for GKE Autopilot (#1281) * Support new registries for GKE Autopilot * update readme --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_helpers.tpl | 2 -- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 29eb1936c..ce7b94af4 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +# 3.50.2 + +* Support automatic registry selection based on `datadog.site` on GKE Autopilot. + ## 3.50.1 * Set default `Agent` and `Cluster-Agent` version to `7.50.2`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 8c8130328..164b37896 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.50.1 +version: 3.50.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 6a5b32a16..b7f5e77e3 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.50.1](https://img.shields.io/badge/Version-3.50.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.50.2](https://img.shields.io/badge/Version-3.50.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index feac94143..79374a457 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -267,8 +267,6 @@ Return the proper registry based on datadog.site (requires .Values to be passed {{- define "registry" -}} {{- if .registry -}} {{- .registry -}} -{{- else if .providers.gke.autopilot -}} -gcr.io/datadoghq {{- else if eq .datadog.site "datadoghq.eu" -}} eu.gcr.io/datadoghq {{- else if eq .datadog.site "ddog-gov.com" -}} From 179dbc70c5158418fc2239eabde8b22d74e44bc2 Mon Sep 17 00:00:00 2001 From: Jake Pruitt Date: Fri, 5 Jan 2024 09:35:38 -0500 Subject: [PATCH 13/31] [Synthetics] Upgrade Private location to 1.43.0 (#1280) * [Synthetics] Upgrade Private location to 1.43.0 * Update readme link --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 986541bc2..8c1d00b4a 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.22 + +* Update private location image version to `1.43.0`. + ## 0.15.21 * Update private location image version to `1.42.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 1d75a24d1..5997c1978 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.21 -appVersion: 1.42.0 +version: 0.15.22 +appVersion: 1.43.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 0ca5db759..fb8261042 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.21](https://img.shields.io/badge/Version-0.15.21-informational?style=flat-square) ![AppVersion: 1.42.0](https://img.shields.io/badge/AppVersion-1.42.0-informational?style=flat-square) +![Version: 0.15.22](https://img.shields.io/badge/Version-0.15.22-informational?style=flat-square) ![AppVersion: 1.43.0](https://img.shields.io/badge/AppVersion-1.43.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -40,7 +40,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.42.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.43.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 21e408eab..f8ec2fb05 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.42.0 + tag: 1.43.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From b842ff457b184841dd140d9ab6726eb915b0d7ab Mon Sep 17 00:00:00 2001 From: Lout Philipps Date: Wed, 10 Jan 2024 15:29:55 +0100 Subject: [PATCH 14/31] Mention that public contribution commits need to be signed (#1287) --- CONTRIBUTING.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8898bd32d..39b8d714e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -11,6 +11,9 @@ We aim to follow high quality standards, thus your PR must follow some rules: - Make sure your changes are compatible (or protected) with older Kubernetes version (CI will validate this down to 1.14) - Make sure you updated documentation (after bumping `Chart.yaml`) by running `.github/helm-docs.sh` +Additionally, your commits need to be signed and marked as verified by Github. See [About commit signature verification +](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification). + Our team will then happily review and merge contributions! ## Go Tests @@ -113,4 +116,4 @@ In each chart, the `README.md` file is generated from the corresponding `README. [pulumi]:https://www.pulumi.com/ [test-infra-repo]:https://github.com/DataDog/test-infra-definitions [agent-e2e-source]:https://github.com/DataDog/datadog-agent/tree/main/test/new-e2e -[test-infra-quickstart]:https://github.com/DataDog/test-infra-definitions#quick-start-guide \ No newline at end of file +[test-infra-quickstart]:https://github.com/DataDog/test-infra-definitions#quick-start-guide From 99f91b24263dfb1979b784ff49f3b025acead867 Mon Sep 17 00:00:00 2001 From: Pavel Storozhenko Date: Wed, 10 Jan 2024 17:37:36 +0100 Subject: [PATCH 15/31] [Synthetics] Allow specifying PriorityClass for pods (#1278) Signed-off-by: Pavel Storozhenko --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 3 ++- charts/synthetics-private-location/templates/deployment.yaml | 3 +++ charts/synthetics-private-location/values.yaml | 4 ++++ 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 8c1d00b4a..88c9181ef 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.23 + +* Add `priorityClassName` value to specify PriorityClass for pods. + ## 0.15.22 * Update private location image version to `1.43.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 5997c1978..9c687f6b7 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.22 +version: 0.15.23 appVersion: 1.43.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index fb8261042..d786325ca 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.22](https://img.shields.io/badge/Version-0.15.22-informational?style=flat-square) ![AppVersion: 1.43.0](https://img.shields.io/badge/AppVersion-1.43.0-informational?style=flat-square) +![Version: 0.15.23](https://img.shields.io/badge/Version-0.15.23-informational?style=flat-square) ![AppVersion: 1.43.0](https://img.shields.io/badge/AppVersion-1.43.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -46,6 +46,7 @@ helm install datadog/synthetics-private-location --set-file confi | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | | podAnnotations | object | `{}` | Annotations to set to Datadog Synthetics Private Location PODs | | podSecurityContext | object | `{}` | Security context to set to Datadog Synthetics Private Location PODs | +| priorityClassName | string | `""` | Allows to specify PriorityClass for Datadog Synthetics Private Location PODs | | replicaCount | int | `1` | Number of instances of Datadog Synthetics Private Location | | resources | object | `{}` | Set resources requests/limits for Datadog Synthetics Private Location PODs | | securityContext | object | `{}` | Security context to set to the Datadog Synthetics Private Location container | diff --git a/charts/synthetics-private-location/templates/deployment.yaml b/charts/synthetics-private-location/templates/deployment.yaml index 14c5a6fb8..0926e953c 100644 --- a/charts/synthetics-private-location/templates/deployment.yaml +++ b/charts/synthetics-private-location/templates/deployment.yaml @@ -21,6 +21,9 @@ spec: {{ if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy}} {{ end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index f8ec2fb05..77b93cd5b 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -115,3 +115,7 @@ hostAliases: [] # enableStatusProbes -- Enable both liveness and readiness probes (minimal private location image version required: 1.12.0) enableStatusProbes: false # Requires to be in sync with `enableStatusProbes` in the configuration of the private location worker + + +# priorityClassName -- Allows to specify PriorityClass for Datadog Synthetics Private Location PODs +priorityClassName: "" From ebc14aa246b258e74e1ca0daa99790f103377e50 Mon Sep 17 00:00:00 2001 From: Lout Philipps Date: Wed, 10 Jan 2024 18:21:04 +0100 Subject: [PATCH 16/31] [synthetics] Add comments to clarify the usage of configSecret for public PL chart (#1288) * [synthetics] Add comments to clarify the usage of configSecret for public PL chart * [synthetics] Add comments to clarify the usage of configSecret for public PL chart --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 2 +- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 88c9181ef..38d3fa868 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.24 + +* Clarify the usage of `configSecret` + ## 0.15.23 * Add `priorityClassName` value to specify PriorityClass for pods. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 9c687f6b7..e5661f261 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.23 +version: 0.15.24 appVersion: 1.43.0 description: Datadog Synthetics Private Location keywords: diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index d786325ca..5ea8a0502 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.23](https://img.shields.io/badge/Version-0.15.23-informational?style=flat-square) ![AppVersion: 1.43.0](https://img.shields.io/badge/AppVersion-1.43.0-informational?style=flat-square) +![Version: 0.15.24](https://img.shields.io/badge/Version-0.15.24-informational?style=flat-square) ![AppVersion: 1.43.0](https://img.shields.io/badge/AppVersion-1.43.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -29,7 +29,7 @@ helm install datadog/synthetics-private-location --set-file confi | commonLabels | object | `{}` | Labels to apply to all resources | | configConfigMap | string | `""` | Config Map that stores the configuration of the private location worker for the deployment | | configFile | string | `"{}"` | JSON string containing the configuration of the private location worker | -| configSecret | string | `""` | Secret that stores the configuration of the private location worker for the deployment | +| configSecret | string | `""` | Name of the secret that stores the configuration of the private location worker for the deployment. Use it only if you want to manage the secret outside of the Helm chart as using `configFile` will create a secret. The `data` inside the secret needs to have the key `synthetics-check-runner.json`. | | dnsPolicy | string | `"ClusterFirst"` | DNS Policy to set to the Datadog Synthetics Private Location PODs | | enableStatusProbes | bool | `false` | Enable both liveness and readiness probes (minimal private location image version required: 1.12.0) | | env | list | `[]` | Set environment variables | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 77b93cd5b..15399d8ea 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -91,7 +91,7 @@ configFile: "{}" # configConfigMap -- Config Map that stores the configuration of the private location worker for the deployment configConfigMap: "" -# configSecret -- Secret that stores the configuration of the private location worker for the deployment +# configSecret -- Name of the secret that stores the configuration of the private location worker for the deployment. Use it only if you want to manage the secret outside of the Helm chart as using `configFile` will create a secret. The `data` inside the secret needs to have the key `synthetics-check-runner.json`. configSecret: "" # envFrom -- Set environment variables from configMaps and/or secrets From 50c5f3ffb8ec6d2aa6905aabfe1db6bef3716691 Mon Sep 17 00:00:00 2001 From: David Ortiz Date: Thu, 11 Jan 2024 12:34:42 +0100 Subject: [PATCH 17/31] [datadog] Update agents to 7.50.3 (#1291) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 ++++---- charts/datadog/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index ce7b94af4..70f5592ae 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.50.3 + +* Set default `Agent` and `Cluster-Agent` version to `7.50.3`. + # 3.50.2 * Support automatic registry selection based on `datadog.site` on GKE Autopilot. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 164b37896..30a811976 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.50.2 +version: 3.50.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index b7f5e77e3..c4d2715e4 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.50.2](https://img.shields.io/badge/Version-3.50.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.50.3](https://img.shields.io/badge/Version-3.50.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -508,7 +508,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.50.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.50.3"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -574,7 +574,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.50.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.50.3"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -625,7 +625,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.50.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.50.3"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 4ef3eae0b..577357159 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -874,7 +874,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.50.2 + tag: 7.50.3 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1302,7 +1302,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.50.2 + tag: 7.50.3 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1770,7 +1770,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.50.2 + tag: 7.50.3 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" From 3a041890799b4f394b7312304c2264b9b972e841 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Fri, 12 Jan 2024 12:08:09 +0100 Subject: [PATCH 18/31] Fix host OS detection for SBOMs (#1292) * Mount host files for proper os detection in SBOMs * Bump datadog chart version --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../datadog/templates/_container-agent.yaml | 20 +++++++++++++++++++ .../templates/_daemonset-volumes-linux.yaml | 3 +++ 5 files changed, 29 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 70f5592ae..c43744048 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.50.4 + +* Mount host files for proper OS detection in SBOMs. + ## 3.50.3 * Set default `Agent` and `Cluster-Agent` version to `7.50.3`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 30a811976..068153b3f 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.50.3 +version: 3.50.4 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c4d2715e4..6da5483cf 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.50.3](https://img.shields.io/badge/Version-3.50.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.50.4](https://img.shields.io/badge/Version-3.50.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 249f9111c..b0888f0d0 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -264,6 +264,26 @@ - name: host-rpm-dir mountPath: /host/var/lib/rpm readOnly: true + {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} + - name: etc-redhat-release + mountPath: /host/etc/redhat-release + readOnly: true + {{- end }} + {{- if ne .Values.datadog.osReleasePath "/etc/fedora-release" }} + - name: etc-fedora-release + mountPath: /host/etc/fedora-release + readOnly: true + {{- end }} + {{- if ne .Values.datadog.osReleasePath "/etc/lsb-release" }} + - name: etc-lsb-release + mountPath: /host/etc/lsb-release + readOnly: true + {{- end }} + {{- if ne .Values.datadog.osReleasePath "/etc/system-release" }} + - name: etc-system-release + mountPath: /host/etc/system-release + readOnly: true + {{- end }} {{- end }} {{- end }} {{- if eq .Values.targetSystem "windows" }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 8e6245960..7d7c4fb6f 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -24,6 +24,9 @@ - hostPath: path: /etc/lsb-release name: etc-lsb-release +- hostPath: + path: /etc/system-release + name: etc-system-release {{- end -}} {{- if eq (include "should-enable-fips" . ) "true" }} {{ include "linux-container-fips-proxy-cfg-volume" . }} From 71ccb3cd0cd9a0b3e5b172b842c6d629c175c559 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Fri, 12 Jan 2024 13:19:01 +0100 Subject: [PATCH 19/31] Add option to use containerd snapshotter to generate SBOMs (#1290) --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/ci/agent-sbom-snapshotter.yaml | 8 ++++++++ charts/datadog/templates/_container-agent.yaml | 11 ++++++++++- .../datadog/templates/_daemonset-volumes-linux.yaml | 5 +++++ charts/datadog/templates/_helpers.tpl | 8 ++++++++ charts/datadog/templates/daemonset.yaml | 5 ++++- charts/datadog/values.yaml | 6 ++++++ 9 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 charts/datadog/ci/agent-sbom-snapshotter.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index c43744048..720bab9a5 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.50.5 + +* Add option to use containerd snapshotter to generate SBOMs. + ## 3.50.4 * Mount host files for proper OS detection in SBOMs. @@ -8,7 +12,7 @@ * Set default `Agent` and `Cluster-Agent` version to `7.50.3`. -# 3.50.2 +## 3.50.2 * Support automatic registry selection based on `datadog.site` on GKE Autopilot. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 068153b3f..30b16013c 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.50.4 +version: 3.50.5 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 6da5483cf..0dee0b41d 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.50.4](https://img.shields.io/badge/Version-3.50.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.50.5](https://img.shields.io/badge/Version-3.50.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -761,6 +761,7 @@ helm install \ | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | +| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `false` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | | datadog.secretAnnotations | object | `{}` | | | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | diff --git a/charts/datadog/ci/agent-sbom-snapshotter.yaml b/charts/datadog/ci/agent-sbom-snapshotter.yaml new file mode 100644 index 000000000..8986d417f --- /dev/null +++ b/charts/datadog/ci/agent-sbom-snapshotter.yaml @@ -0,0 +1,8 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + site: datadoghq.eu + sbom: + containerImage: + enabled: true + uncompressedLayersSupport: true diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index b0888f0d0..cc71feddd 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" .Values.datadog.sbom.containerImage.uncompressedLayersSupport) | indent 2 }} resources: {{ toYaml .Values.agents.containers.agent.resources | indent 4 }} ports: @@ -171,6 +171,10 @@ - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} + {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT + value: "true" + {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: DD_SBOM_HOST_ENABLED value: "true" @@ -254,6 +258,11 @@ readOnly: true {{- end }} {{- end }} + {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + - name: host-containerd-dir + mountPath: /host/var/lib/containerd + readOnly: true + {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: host-apk-dir mountPath: /host/var/lib/apk diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 7d7c4fb6f..636503362 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -147,6 +147,11 @@ path: / name: hostroot {{- end }} +{{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} +- hostPath: + path: /var/lib/containerd + name: host-containerd-dir +{{- end }} {{- if .Values.datadog.sbom.host.enabled }} - hostPath: path: /var/lib/apk diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 79374a457..a66fc4e10 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -755,7 +755,12 @@ securityContext: {{- end -}} {{- else }} securityContext: +{{- if .sysAdmin }} +{{- $capabilities := dict "capabilities" (dict "add" (list "SYS_ADMIN")) }} +{{ toYaml (merge $capabilities .securityContext) | indent 2 }} +{{- else }} {{ toYaml .securityContext | indent 2 }} +{{- end -}} {{- if and .seccomp .kubeversion (semverCompare ">=1.19.0" .kubeversion) }} seccompProfile: {{- if hasPrefix "localhost/" .seccomp }} @@ -770,6 +775,9 @@ securityContext: {{- end }} {{- end -}} {{- end -}} +{{- else if .sysAdmin }} +securityContext: +{{ toYaml (dict "capabilities" (dict "add" (list "SYS_ADMIN"))) | indent 2 }} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 500f87fc0..4eced384e 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -58,6 +58,9 @@ spec: container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} + {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + container.apparmor.security.beta.kubernetes.io/agent: unconfined + {{- end }} {{- if .Values.agents.podAnnotations }} {{ tpl (toYaml .Values.agents.podAnnotations) . | indent 8 }} {{- end }} @@ -66,7 +69,7 @@ spec: shareProcessNamespace: {{ .Values.agents.shareProcessNamespace }} {{- end }} {{- if .Values.datadog.securityContext -}} - {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | nindent 6 }} + {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version ) | nindent 6 }} {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} {{- if .Values.agents.podSecurity.securityContext }} {{- if .Values.agents.podSecurity.securityContext.seLinuxOptions }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 577357159..b6b636f57 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -706,6 +706,12 @@ datadog: # datadog.sbom.containerImage.enabled -- Enable SBOM collection for container images enabled: false + # datadog.sbom.containerImage.uncompressedLayersSupport -- Use container runtime snapshotter + # This should be set to true when using EKS, GKE or if containerd is configured to + # discard uncompressed layers. + # This feature will cause the SYS_ADMIN capability to be added to the Agent container. + uncompressedLayersSupport: false + host: # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems enabled: false From eafa471c43a17a3d393ffcf7f3752876d83fed56 Mon Sep 17 00:00:00 2001 From: Liliya Belaus <59583867+liliyadd@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:09:39 -0500 Subject: [PATCH 20/31] [AIT-8952] Generate DD_INSTRUMENTATION_INSTALL_TIME and DD_INSTRUMENTATION_INSTALL_ID (#1263) * [APM Onboarding] Generate DD_INSTRUMENTATION_INSTALL_TIME and DD_INSTRUMENTATION_INSTALL_ID * Set KPI env variables on tracer agent * Fix chart version in changelog * Set KPI env variables on Cluster Agent * Store install variables in configmap * Support parametrized name for configmap * Use correct configmap name * Fix merge * Update changelog message * Remove empty line --------- Co-authored-by: Charly Fontaine --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../datadog/templates/_container-trace-agent.yaml | 15 +++++++++++++++ .../templates/cluster-agent-deployment.yaml | 15 +++++++++++++++ .../templates/kpi-telemetry-configmap.yaml | 11 +++++++++++ 6 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 charts/datadog/templates/kpi-telemetry-configmap.yaml diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 720bab9a5..0c6b7aa5b 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.51.0 + +* Add `DD_INSTRUMENTATION_INSTALL_TIME`, `DD_INSTRUMENTATION_INSTALL_ID`, `DD_INSTRUMENTATION_INSTALL_TYPE` env variables to the Trace and Cluster agents to support APM Telemetry KPIs. + ## 3.50.5 * Add option to use containerd snapshotter to generate SBOMs. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 30b16013c..ca5710f74 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.50.5 +version: 3.51.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0dee0b41d..17eb90252 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.50.5](https://img.shields.io/badge/Version-3.50.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.51.0](https://img.shields.io/badge/Version-3.51.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index af5e5d38d..a55e16cd5 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -50,6 +50,21 @@ - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-kpi-telemetry-configmap + key: install_type {{- include "additional-env-entries" .Values.agents.containers.traceAgent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.traceAgent.envDict | indent 4 }} volumeMounts: diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index b2ab539ff..cb10072c9 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -328,6 +328,21 @@ spec: value: {{ .Values.datadog.prometheusScrape.version | quote }} {{- end }} {{- end }} + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: {{ .Release.Name }}-kpi-telemetry-configmap + key: install_type {{- include "fips-envvar" . | nindent 10 }} {{- include "additional-env-entries" .Values.clusterAgent.env | indent 10 }} {{- include "additional-env-dict-entries" .Values.clusterAgent.envDict | indent 10 }} diff --git a/charts/datadog/templates/kpi-telemetry-configmap.yaml b/charts/datadog/templates/kpi-telemetry-configmap.yaml new file mode 100644 index 000000000..6f7b80a18 --- /dev/null +++ b/charts/datadog/templates/kpi-telemetry-configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-kpi-telemetry-configmap + namespace: {{ .Release.Namespace }} + labels: +{{ include "datadog.labels" . | indent 4 }} +data: + install_id: {{ uuidv4 | quote }} + install_type: k8s_manual + install_time: {{ now | unixEpoch | quote }} From cb13eedd4ce0c139e32c5d6f8c7de514f6dee2fd Mon Sep 17 00:00:00 2001 From: Liliya Belaus <59583867+liliyadd@users.noreply.github.com> Date: Tue, 16 Jan 2024 12:25:10 -0500 Subject: [PATCH 21/31] [Bug fix] Use datadog.fullname to parametrize KPI configmap (#1294) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/kpi-telemetry-configmap.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 0c6b7aa5b..fe6001a66 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.51.1 + +* Parametrize the name of kpi-telemetry-configmap + ## 3.51.0 * Add `DD_INSTRUMENTATION_INSTALL_TIME`, `DD_INSTRUMENTATION_INSTALL_ID`, `DD_INSTRUMENTATION_INSTALL_TYPE` env variables to the Trace and Cluster agents to support APM Telemetry KPIs. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index ca5710f74..bcd6200f8 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.51.0 +version: 3.51.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 17eb90252..89e6e1e44 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.51.0](https://img.shields.io/badge/Version-3.51.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.51.1](https://img.shields.io/badge/Version-3.51.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/kpi-telemetry-configmap.yaml b/charts/datadog/templates/kpi-telemetry-configmap.yaml index 6f7b80a18..1ab531945 100644 --- a/charts/datadog/templates/kpi-telemetry-configmap.yaml +++ b/charts/datadog/templates/kpi-telemetry-configmap.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-kpi-telemetry-configmap + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap namespace: {{ .Release.Namespace }} labels: {{ include "datadog.labels" . | indent 4 }} From aea9592496e2df69cf1aee9019ed1b05900e73cb Mon Sep 17 00:00:00 2001 From: Liliya Belaus <59583867+liliyadd@users.noreply.github.com> Date: Tue, 16 Jan 2024 16:01:52 -0500 Subject: [PATCH 22/31] [Bug fix] Use correct KPI configmap in Cluster and Trace Agents (#1295) --- charts/datadog/CHANGELOG.md | 6 +++++- charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-trace-agent.yaml | 6 +++--- charts/datadog/templates/cluster-agent-deployment.yaml | 6 +++--- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index fe6001a66..bb257e652 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,8 +1,12 @@ # Datadog changelog +## 3.51.2 + +* Use correct kpi-telemetry-configmap in Cluster Agent and Trace Agent. + ## 3.51.1 -* Parametrize the name of kpi-telemetry-configmap +* Parametrize the name of kpi-telemetry-configmap. ## 3.51.0 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index bcd6200f8..19c9eebf0 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.51.1 +version: 3.51.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 89e6e1e44..d1be8e6e1 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.51.1](https://img.shields.io/badge/Version-3.51.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.51.2](https://img.shields.io/badge/Version-3.51.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index a55e16cd5..c14094a09 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -53,17 +53,17 @@ - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-kpi-telemetry-configmap + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap key: install_time - name: DD_INSTRUMENTATION_INSTALL_ID valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-kpi-telemetry-configmap + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap key: install_id - name: DD_INSTRUMENTATION_INSTALL_TYPE valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-kpi-telemetry-configmap + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap key: install_type {{- include "additional-env-entries" .Values.agents.containers.traceAgent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.traceAgent.envDict | indent 4 }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index cb10072c9..636649ee1 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -331,17 +331,17 @@ spec: - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-kpi-telemetry-configmap + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap key: install_time - name: DD_INSTRUMENTATION_INSTALL_ID valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-kpi-telemetry-configmap + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap key: install_id - name: DD_INSTRUMENTATION_INSTALL_TYPE valueFrom: configMapKeyRef: - name: {{ .Release.Name }}-kpi-telemetry-configmap + name: {{ template "datadog.fullname" . }}-kpi-telemetry-configmap key: install_type {{- include "fips-envvar" . | nindent 10 }} {{- include "additional-env-entries" .Values.clusterAgent.env | indent 10 }} From 716fc5c56344d64ddf9a1841e9d70d96a7a8fd94 Mon Sep 17 00:00:00 2001 From: Sylvain Afchain Date: Thu, 18 Jan 2024 16:19:49 +0100 Subject: [PATCH 23/31] [CWS] add auto suppression parameters (#1232) * [CWS] add securiy-profile parameters and enable it by default --------- Co-authored-by: Sylvain Baubeau --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 5 +++-- charts/datadog/ci/system-probe-activity-dump-values.yaml | 2 ++ charts/datadog/templates/system-probe-configmap.yaml | 4 ++++ charts/datadog/values.yaml | 8 ++++++-- 6 files changed, 20 insertions(+), 5 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index bb257e652..3adfbaffb 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.52.0 + +* Allow configuring CWS security profile features and enable drift events by default + ## 3.51.2 * Use correct kpi-telemetry-configmap in Cluster Agent and Trace Agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 19c9eebf0..f3d6a7a49 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.51.2 +version: 3.52.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index d1be8e6e1..c2076ce60 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.51.2](https://img.shields.io/badge/Version-3.51.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.52.0](https://img.shields.io/badge/Version-3.52.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -783,7 +783,8 @@ helm install \ | datadog.securityAgent.runtime.fimEnabled | bool | `false` | Set to true to enable Cloud Workload Security (CWS) File Integrity Monitoring | | datadog.securityAgent.runtime.network.enabled | bool | `true` | Set to true to enable the collection of CWS network events | | datadog.securityAgent.runtime.policies.configMap | string | `nil` | Contains CWS policies that will be used | -| datadog.securityAgent.runtime.securityProfile.enabled | bool | `false` | Set to true to enable CWS runtime anomaly detection | +| datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled | bool | `true` | Set to true to enable CWS runtime drift events | +| datadog.securityAgent.runtime.securityProfile.enabled | bool | `true` | Set to true to enable CWS runtime security profiles | | datadog.securityAgent.runtime.syscallMonitor.enabled | bool | `false` | Set to true to enable the Syscall monitoring (recommended for troubleshooting only) | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | | datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring | diff --git a/charts/datadog/ci/system-probe-activity-dump-values.yaml b/charts/datadog/ci/system-probe-activity-dump-values.yaml index 0534cf769..cc15afe1f 100644 --- a/charts/datadog/ci/system-probe-activity-dump-values.yaml +++ b/charts/datadog/ci/system-probe-activity-dump-values.yaml @@ -7,3 +7,5 @@ datadog: enabled: true activityDump: enabled: true + securityProfile: + enabled: true diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index c245ecc9e..233e18fda 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -70,6 +70,10 @@ data: {{ end }} security_profile: enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.enabled }} + anomaly_detection: + enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled }} + auto_suppression: + enabled: false {{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} --- diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index b6b636f57..40b116eda 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -773,8 +773,12 @@ datadog: enabled: false securityProfile: - # datadog.securityAgent.runtime.securityProfile.enabled -- Set to true to enable CWS runtime anomaly detection - enabled: false + # datadog.securityAgent.runtime.securityProfile.enabled -- Set to true to enable CWS runtime security profiles + enabled: true + + anomalyDetection: + # datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled -- Set to true to enable CWS runtime drift events + enabled: true ## Manage NetworkPolicy networkPolicy: From db2772987cf5cebbdb747fb2ed9923f636e5ed81 Mon Sep 17 00:00:00 2001 From: Doug Smith Date: Thu, 25 Jan 2024 12:51:10 -0500 Subject: [PATCH 24/31] [observability-pipelines-worker] 1.8.0 release (#1304) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 8c1f63b2a..6021faef1 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 1.8.0 + +* Official image `1.8.0` + ## 1.7.1 * Official image `1.7.1` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index a27ae2bcf..fa6f7a36f 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "1.7.1" +version: "1.8.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "1.7.1" +appVersion: "1.8.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index fe423708a..5b82ccaf1 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.1](https://img.shields.io/badge/AppVersion-1.7.1-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -111,7 +111,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"1.7.0"` | Specify the image tag to use. | +| image.tag | string | `"1.8.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 5405f6e26..b882888d1 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -44,7 +44,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 1.7.0 + tag: 1.8.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From 72a7ca95da2097943fa35fcd7692a6873b341003 Mon Sep 17 00:00:00 2001 From: Marley <55280588+marleypowell@users.noreply.github.com> Date: Fri, 26 Jan 2024 11:03:59 +0000 Subject: [PATCH 25/31] added `otlp.logs.enabled` option to datadog agent to set `DD_OTLP_CONFIG_LOGS_ENABLED` (#1299) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_containers-common-env.yaml | 7 +++++++ charts/datadog/values.yaml | 3 +++ 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 3adfbaffb..9a6b2b9c0 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.53.0 + +* Add `otlp.logs.enabled` option to datadog agent to set the `DD_OTLP_CONFIG_LOGS_ENABLED` env variable. + ## 3.52.0 * Allow configuring CWS security profile features and enable drift events by default diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index f3d6a7a49..75c4053e0 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.52.0 +version: 3.53.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c2076ce60..0510b6592 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.52.0](https://img.shields.io/badge/Version-3.52.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.53.0](https://img.shields.io/badge/Version-3.53.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -743,6 +743,7 @@ helm install \ | datadog.orchestratorExplorer.customResources | list | `[]` | Defines custom resources for the orchestrator explorer to collect | | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | +| datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | | datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.endpoint | string | `"0.0.0.0:4317"` | OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.useHostPort | bool | `true` | Enable the Host Port for the OTLP/gRPC endpoint | diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index 50f70e8a8..dfb27ea2d 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -70,6 +70,7 @@ value: {{ .Values.datadog.containerExcludeLogs | quote }} {{- end }} {{- if .Values.datadog.otlp }} + {{- if .Values.datadog.otlp.receiver }} {{- if .Values.datadog.otlp.receiver.protocols }} {{- with .Values.datadog.otlp.receiver.protocols }} @@ -87,6 +88,12 @@ {{- end }} {{- end }} {{- end }} + +{{- with .Values.datadog.otlp.logs }} +- name: DD_OTLP_CONFIG_LOGS_ENABLED + value: {{ .enabled | quote }} +{{- end }} + {{- end }} {{- if eq (include "agent-has-env-ad" .) "true" }} {{- if .Values.datadog.dockerSocketPath }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 40b116eda..1b2a42baf 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -500,6 +500,9 @@ datadog: endpoint: "0.0.0.0:4318" # datadog.otlp.receiver.protocols.http.useHostPort -- Enable the Host Port for the OTLP/HTTP endpoint useHostPort: true + logs: + # datadog.otlp.logs.enabled -- Enable logs support in the OTLP ingest endpoint + enabled: false # datadog.envFrom -- Set environment variables for all Agents directly from configMaps and/or secrets From 4b058e3f827538e7f399de0b45e34dbf43b91301 Mon Sep 17 00:00:00 2001 From: Doug Smith Date: Fri, 26 Jan 2024 15:13:28 -0500 Subject: [PATCH 26/31] [observability-pipelines-worker] update codeowners (#1306) --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f843feadc..718fa8984 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -14,4 +14,4 @@ charts/datadog/templates/container-system-probe.yaml @DataDog/ebpf-platform @Dat charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers charts/datadog/templates/system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers charts/synthetics-private-location/ @Datadog/synthetics -charts/observability-pipelines-worker @DataDog/observability-pipelines-worker +charts/observability-pipelines-worker @DataDog/observability-pipelines From 19f9e5586d524c8dba32bae6998140e2b96202f1 Mon Sep 17 00:00:00 2001 From: Nicolas Guerguadj <35628945+Kaderinho@users.noreply.github.com> Date: Tue, 30 Jan 2024 21:16:42 +0100 Subject: [PATCH 27/31] Update FIPS Proxy version to 1.1.0 (#1305) Signed-off-by: Nicolas Guerguadj --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 9a6b2b9c0..ebda07328 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.53.1 + +* Update `fips.image.tag` to `1.1.0` + ## 3.53.0 * Add `otlp.logs.enabled` option to datadog agent to set the `DD_OTLP_CONFIG_LOGS_ENABLED` env variable. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 75c4053e0..e2d0fadb4 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.53.0 +version: 3.53.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0510b6592..faf37b142 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.53.0](https://img.shields.io/badge/Version-3.53.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.53.1](https://img.shields.io/badge/Version-3.53.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -819,7 +819,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.0.1"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.0"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 1b2a42baf..46bbb53e6 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1272,7 +1272,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.0.1 + tag: 1.1.0 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From 3c6bc62d8682ead4c789081e45edebf4264c82a6 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Thu, 1 Feb 2024 14:03:10 -0500 Subject: [PATCH 28/31] Exclude agent pod from admission controller library injection (#1309) * Exclude agent container from being labeled by admission controller * remove if * Update charts/datadog/templates/daemonset.yaml Co-authored-by: Cedric Lamoriniere --------- Co-authored-by: Cedric Lamoriniere --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/daemonset.yaml | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index ebda07328..5bf76cc30 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.53.2 + +* Exclude agent pod from labels injection from the admission controller + ## 3.53.1 * Update `fips.image.tag` to `1.1.0` diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e2d0fadb4..d5cf390cb 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.53.1 +version: 3.53.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index faf37b142..273e8c09b 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.53.1](https://img.shields.io/badge/Version-3.53.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.53.2](https://img.shields.io/badge/Version-3.53.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 4eced384e..5aba67ff2 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -9,6 +9,7 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" {{- if .Values.agents.additionalLabels }} {{ toYaml .Values.agents.additionalLabels | indent 4 }} {{- end }} From 0e6401a01c732fa303f212f208f3a9289da26ffb Mon Sep 17 00:00:00 2001 From: Etienne Lefebvre Date: Fri, 2 Feb 2024 16:22:51 +0100 Subject: [PATCH 29/31] [s8s] Bump PL chart for 1.44.0 release (#1311) --- charts/synthetics-private-location/CHANGELOG.md | 4 ++++ charts/synthetics-private-location/Chart.yaml | 4 ++-- charts/synthetics-private-location/README.md | 4 ++-- charts/synthetics-private-location/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 38d3fa868..49cb64fc2 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.15.25 + +* Update private location image version to `1.44.0`. + ## 0.15.24 * Clarify the usage of `configSecret` diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index e5661f261..467126e38 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.24 -appVersion: 1.43.0 +version: 0.15.25 +appVersion: 1.44.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 5ea8a0502..098c16bc2 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.15.24](https://img.shields.io/badge/Version-0.15.24-informational?style=flat-square) ![AppVersion: 1.43.0](https://img.shields.io/badge/AppVersion-1.43.0-informational?style=flat-square) +![Version: 0.15.25](https://img.shields.io/badge/Version-0.15.25-informational?style=flat-square) ![AppVersion: 1.44.0](https://img.shields.io/badge/AppVersion-1.44.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). @@ -40,7 +40,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.43.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.44.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index 15399d8ea..ac7c9705b 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.43.0 + tag: 1.44.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst From 46447c7a401b14f5f7f3494a41db2c555d7ad394 Mon Sep 17 00:00:00 2001 From: Nicolas Guerguadj <35628945+Kaderinho@users.noreply.github.com> Date: Tue, 6 Feb 2024 18:09:47 +0100 Subject: [PATCH 30/31] Update FIPS Proxy version to 1.1.1 (#1313) Signed-off-by: Nicolas Guerguadj --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 2 +- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 5bf76cc30..b3d4fa869 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.53.3 + +* Update `fips.image.tag` to `1.1.1` + ## 3.53.2 * Exclude agent pod from labels injection from the admission controller diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d5cf390cb..61ed41284 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.53.2 +version: 3.53.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 273e8c09b..450c918b1 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.53.2](https://img.shields.io/badge/Version-3.53.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.53.3](https://img.shields.io/badge/Version-3.53.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -819,7 +819,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.0"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.1"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 46bbb53e6..dc79456f2 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1272,7 +1272,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.0 + tag: 1.1.1 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent From 7d8e76ce5cc406541c4d96cc6c2a2ea29bc788d6 Mon Sep 17 00:00:00 2001 From: Ahmed Mezghani <38987709+ahmed-mez@users.noreply.github.com> Date: Wed, 7 Feb 2024 13:07:13 +0100 Subject: [PATCH 31/31] add agent-apm as co-owner of _container-trace-agent.yaml (#1314) --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 718fa8984..67a03d272 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -15,3 +15,4 @@ charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @Dat charts/datadog/templates/system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers charts/synthetics-private-location/ @Datadog/synthetics charts/observability-pipelines-worker @DataDog/observability-pipelines +charts/datadog/templates/_container-trace-agent.yaml @DataDog/agent-apm @DataDog/container-helm-chart-maintainers