From 20dc50f43824701b50fcd0142952b85e1fcc024f Mon Sep 17 00:00:00 2001 From: aquiladayc <56868556+aquiladayc@users.noreply.github.com> Date: Mon, 21 Oct 2024 16:26:19 +0900 Subject: [PATCH 01/23] Fix system probe error message (#1562) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/NOTES.txt | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index c04e8897c..9cae1529d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.74.6 + +* Fix error message for when System Probe is enabled on GKE Autopilot + ## 3.74.5 * Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index f75eded9b..5a096396a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.5 +version: 3.74.6 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 1f3b3d35c..a0967d257 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.5](https://img.shields.io/badge/Version-3.74.5-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.74.6](https://img.shields.io/badge/Version-3.74.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 9201c6a04..0633779d3 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -338,7 +338,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes ##################################################################### #### WARNING: System Probe is not supported on GKE Autopilot #### ##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} +{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill' and 'datadog.serviceMonitoring.enabled' must be set 'false'" }} {{- end }} From 3f3ea752bc6ae4155854f9a20c39a257a8658881 Mon Sep 17 00:00:00 2001 From: Ethan Wood-Thomas Date: Mon, 21 Oct 2024 17:31:31 -0400 Subject: [PATCH 02/23] Update versions in helm chart (#1568) --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 +- charts/datadog/values.yaml | 6 +- ...gent-clusterchecks-deployment_default.yaml | 17 ++- .../cluster-agent-deployment_default.yaml | 23 +-- ...loyment_default_advanced_AC_injection.yaml | 23 +-- ...ployment_default_minimal_AC_injection.yaml | 25 ++-- test/datadog/baseline/daemonset_default.yaml | 36 +++-- test/datadog/baseline/other_default.yaml | 140 ++++++++++-------- 10 files changed, 160 insertions(+), 124 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 9cae1529d..cb8c9f4de 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.75.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.58.0`. + ## 3.74.6 * Fix error message for when System Probe is enabled on GKE Autopilot diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 5a096396a..0c77605bd 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.74.6 +version: 3.75.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index a0967d257..723ec5103 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.74.6](https://img.shields.io/badge/Version-3.74.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.75.0](https://img.shields.io/badge/Version-3.75.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.57.2"` | Define the Agent version to use | +| agents.image.tag | string | `"7.58.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.57.2"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.58.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -642,7 +642,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.57.2"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.58.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index bdea2d368..02f321c97 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1002,7 +1002,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.57.2 + tag: 7.58.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1495,7 +1495,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.57.2 + tag: 7.58.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2001,7 +2001,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.57.2 + tag: 7.58.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index a629e6ffe..b19661ebf 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: e95c3aa09253f021e31a1ac5c7ee014e6454d2d5fee0482b0f253e12dab68afd - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: e662bb8d6708ee7d2bd21ce95572b12e19152da58e6c1640fbd706d505af5199 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,19 +70,20 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: + + - name: KUBERNETES + value: "yes" - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog-secret" key: api-key - - name: KUBERNETES - value: "yes" - name: DD_LOG_LEVEL value: "INFO" - name: DD_EXTRA_CONFIG_PROVIDERS diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 57a30d06a..a65285c16 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d786ae722980a2b7f91d4be2bf9eebfb9997a1fd85c3a0368c360cb060ed54fc - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: 5d58162fbaf3dc86cb8e4ed4166bcc1442b62c8592072a72f4a041568bd5d921 + checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b + checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_REMOTE_CONFIGURATION_ENABLED @@ -130,6 +133,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index d6572693a..624ab7979 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 146a7a7f2e304ae7637352cb1ecd1fd9b92739626753086c8a562b3a848904fa - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: 4faaaae681309cfb4836e070a4b35e8a718a1b3c012ffb338d2ec7a3cf4036b1 + checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b + checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED @@ -144,6 +147,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index a461cb056..386531be8 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5df33a65f728b7353527940691335906c2e2a4837cf2545fc465c3ccbdecb7cd - checksum/clusteragent-configmap: a4b18a57220d8a10e808c1d1fb842d71eb6b72c99041c603784aecdd4d8003cc - checksum/api_key: fee83544b853e02ebb8f3fc57ab8c3a39bec4379bd187f18a27a58bbaca57208 + checksum/clusteragent_token: 7f6c7c85263dcfa577b2dd96600808784265f650c52ee13f4814274fdae02eb4 + checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b + checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent resources: {} @@ -86,12 +86,13 @@ spec: name: "datadog" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -108,6 +109,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED @@ -119,7 +122,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.57.2 + value: 7.58.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -140,6 +143,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 0661feb0b..998659536 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 6b801cdee7b458f8dc8cf101150135babecf647416c222dcf109ae6517afefc4 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: 83b5b1602b5e1169578e69dded647f78c781486cc5e8203a93bcd477148b6938 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -62,12 +62,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -202,7 +203,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -221,12 +222,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -308,7 +310,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -323,12 +325,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -405,7 +408,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -418,7 +421,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: - bash @@ -451,12 +454,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 202d88d15..07298dcf4 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.75.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.75.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "RmllNXRpbDNzWGNCeXpsVFpPOUU4ZXUzSVZncU1NeFA=" + token: "YjlvWkxFclduWHdiQVZJZzBSaGlXYnNVb084Y1BSdGY=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.73.0 + installer_version: datadog-3.75.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "eadedf6d-d365-4d8d-860f-93fcf8617956" - install_time: "1727279193" + install_id: "bad5d0c4-f169-4c57-9bf3-2fbf5aa4c599" + install_time: "1729541004" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -384,6 +384,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations resourceNames: - "datadog-webhook" @@ -391,6 +392,7 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations verbs: ["create"] - apiGroups: ["batch"] @@ -414,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -510,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -558,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -578,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -598,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -619,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -638,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -655,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -677,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -698,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -721,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -743,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.75.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -769,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.73.0" + chart: "datadog-3.75.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -798,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -822,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: a73a414b38d45377a23c51d2dc231cae02e9fcc4eb937bfe7d692f0f989e1391 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: ee1bf541a249cd52955bc91b1fae0050212fe2bfd3894a84f616781f81362f03 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -834,7 +836,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -854,12 +856,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -995,7 +998,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1014,12 +1017,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1101,7 +1105,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1116,12 +1120,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1198,7 +1203,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1211,7 +1216,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: - bash @@ -1244,12 +1249,13 @@ spec: value: "true" - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: @@ -1316,7 +1322,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1346,8 +1352,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 76253444996a0411d5a94059333082990230f8818371b4c7b8493c5147e20108 - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: d72fa1bb77003ed410a9aa8ac706024226cff72df58b070689341cad09172740 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1355,7 +1361,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1367,7 +1373,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1380,19 +1386,20 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.57.2" + image: "gcr.io/datadoghq/agent:7.58.0" command: ["bash", "-c"] args: - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: + + - name: KUBERNETES + value: "yes" - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog-secret" key: api-key - - name: KUBERNETES - value: "yes" - name: DD_LOG_LEVEL value: "INFO" - name: DD_EXTRA_CONFIG_PROVIDERS @@ -1507,7 +1514,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.73.0' + helm.sh/chart: 'datadog-3.75.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1537,15 +1544,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 8d93968cf1fcd7528edb7c1d0667c1e200602d1dbcc33fbf7c7274cabc757ee1 - checksum/clusteragent-configmap: 65496f49f667006695458d448536cabbf214be02a08201234f491c7a3b50e1bd - checksum/install_info: 4431ead135ce20065fbe40abb5a6e6324fb9e43978cfd3ef1857d9fcaa613aa8 + checksum/clusteragent_token: 14f9bef25f860ee586f3e986281b05b2a38d96ec8e9a42efbce111d7e2d168ec + checksum/clusteragent-configmap: 81e504b930c13adb4bd74da0422bfa0306dba563ef9161b91f84bfe15da77266 + checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent command: - cp @@ -1558,7 +1565,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.57.2" + image: "gcr.io/datadoghq/cluster-agent:7.58.0" imagePullPolicy: IfNotPresent resources: {} @@ -1585,12 +1592,13 @@ spec: name: "datadog-secret" key: api-key optional: true + + - name: KUBERNETES + value: "yes" - name: DD_LANGUAGE_DETECTION_ENABLED value: "false" - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED value: "false" - - name: KUBERNETES - value: "yes" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME @@ -1607,6 +1615,8 @@ spec: value: "Ignore" - name: DD_ADMISSION_CONTROLLER_PORT value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" - name: DD_REMOTE_CONFIGURATION_ENABLED @@ -1631,6 +1641,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: datadog-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN From 3dc5c377cd05744a512b147d72a0b25e8631fca1 Mon Sep 17 00:00:00 2001 From: Will Yardley Date: Tue, 22 Oct 2024 02:04:02 -0700 Subject: [PATCH 03/23] ci: update Kube and test workflows (#1486) - Update Kubernetes versions and standardize across test matrices - Update helm-docs to v1.14.2 - Update actions/checkout to v4 in two workflows - Update helm/chart-testing-action to v2.6.1 - Update setup-helm action to 4.x (4.x is just for node version update) - Update helm/kind-action to v1.10.0 - Update kubeconform to v0.6.7 Co-authored-by: Cedric Lamoriniere --- .github/helm-docs.sh | 2 +- .github/kubeconform.sh | 2 +- .github/workflows/ci.yaml | 36 ++++++++++++++++++++++------------ .github/workflows/go-test.yaml | 25 +++++++++++------------ 4 files changed, 38 insertions(+), 27 deletions(-) diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh index 04ad473d7..03d901387 100755 --- a/.github/helm-docs.sh +++ b/.github/helm-docs.sh @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -HELM_DOCS_VERSION="1.10.0" +HELM_DOCS_VERSION="1.14.2" OS=$(uname) ARCH=$(uname -m) diff --git a/.github/kubeconform.sh b/.github/kubeconform.sh index 872c011d3..749da9719 100755 --- a/.github/kubeconform.sh +++ b/.github/kubeconform.sh @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -KUBECONFORM_VERSION="v0.6.4" +KUBECONFORM_VERSION="v0.6.7" # https://github.com/yannh/kubeconform/issues/51 CRD_SPEC_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json" # Remove after v1.16 support / testing is dropped diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d6a4f786a..ed86783d7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -12,7 +12,7 @@ jobs: charts: ${{ steps.list-changed.outputs.changed }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Helm @@ -23,7 +23,7 @@ jobs: with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed env: @@ -47,14 +47,14 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/setup-python@v4 with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (lint) run: ct lint --config .github/ct.yaml @@ -64,7 +64,7 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Run helm-docs @@ -87,10 +87,15 @@ jobs: - v1.22.17 - v1.24.17 - v1.25.16 - - v1.26.13 + - v1.26.15 + - v1.27.16 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Add datadog helm repo @@ -114,17 +119,22 @@ jobs: matrix: k8s: - v1.18.20 - - v1.22.9 - - v1.24.2 + - v1.22.17 + - v1.24.17 - v1.25.16 - - v1.26.13 + - v1.26.15 + - v1.27.16 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Create kind ${{ matrix.k8s }} cluster - uses: helm/kind-action@v1.5.0 + uses: helm/kind-action@v1.10.0 with: node_image: kindest/node:${{ matrix.k8s }} config: .github/kind_config.yaml @@ -132,7 +142,7 @@ jobs: with: python-version: 3.7 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (install) run: ct install --config .github/ct.yaml diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 8b83c292b..d4792b6c8 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -21,9 +21,9 @@ jobs: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@v4.2.0 with: - version: v3.10.1 + version: v3.14.0 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory @@ -42,21 +42,22 @@ jobs: k8s: - v1.16.15 - v1.18.20 - - v1.22.9 - - v1.24.2 - - v1.25.2 - - v1.26.6 - - v1.27.3 - - v1.28.7 - - v1.29.2 - - v1.30.0 + - v1.22.17 + - v1.24.17 + - v1.25.16 + - v1.26.15 + - v1.27.16 + - v1.28.13 + - v1.29.9 + - v1.30.4 + - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Create kind ${{ matrix.k8s }} cluster - uses: helm/kind-action@v1.5.0 + uses: helm/kind-action@v1.10.0 with: node_image: kindest/node:${{ matrix.k8s }} cluster_name: operator-ci-${{ matrix.k8s }} From 0d8e6f64380a4692c488fbcca6ca51ccafcc95f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Wed, 23 Oct 2024 13:32:44 +0200 Subject: [PATCH 04/23] Remove k8s 1.18.20 from testing matrix to fix CI (#1576) --- .github/workflows/ci.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ed86783d7..04ed541b9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -118,7 +118,8 @@ jobs: strategy: matrix: k8s: - - v1.18.20 + # TODO: `kind create cluster --config .github/kind_config.yaml --name chart-testing --wait 60s --image kindest/node:v1.18.20` fails + # - v1.18.20 - v1.22.17 - v1.24.17 - v1.25.16 From 4b12bb177fb17cffc863c97f568a25204ff5c05c Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Wed, 23 Oct 2024 14:49:00 +0200 Subject: [PATCH 05/23] Enable support for uncompressed layers by default (#1573) Co-authored-by: tbavelier <97530782+tbavelier@users.noreply.github.com> --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/values.yaml | 4 +++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index cb8c9f4de..aea696be7 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.76.0 + +* Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. + ## 3.75.0 * Set default `Agent` and `Cluster-Agent` version to `7.58.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 0c77605bd..fd6a51a19 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.75.0 +version: 3.76.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 723ec5103..c8ad584a2 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.75.0](https://img.shields.io/badge/Version-3.75.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.76.0](https://img.shields.io/badge/Version-3.76.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -799,7 +799,7 @@ helm install \ | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. DEPRECATED: Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | -| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `false` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. | +| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `true` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | | datadog.secretAnnotations | object | `{}` | | | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 02f321c97..236d2eac4 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -821,7 +821,9 @@ datadog: # This should be set to true when using EKS, GKE or if containerd is configured to # discard uncompressed layers. # This feature will cause the SYS_ADMIN capability to be added to the Agent container. - uncompressedLayersSupport: false + # Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. + # See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers + uncompressedLayersSupport: true host: # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems From 799c9cd368e02293ca824d1d357414526c455fa2 Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Wed, 23 Oct 2024 23:44:17 +0200 Subject: [PATCH 06/23] fix: re-introduce k8s 1.18 CI testing (#1579) * fix: re-introduce k8s 1.18 CI testing * fix also go-test.yaml github workflow --- .github/workflows/ci.yaml | 38 +++++++++++++++++----------- .github/workflows/go-test.yaml | 46 +++++++++++++++++++++------------- 2 files changed, 53 insertions(+), 31 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 04ed541b9..1c2cd57d0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -117,27 +117,37 @@ jobs: - kubeconform-chart strategy: matrix: - k8s: - # TODO: `kind create cluster --config .github/kind_config.yaml --name chart-testing --wait 60s --image kindest/node:v1.18.20` fails - # - v1.18.20 - - v1.22.17 - - v1.24.17 - - v1.25.16 - - v1.26.15 - - v1.27.16 - - v1.28.13 - - v1.29.8 - - v1.30.4 - - v1.31.1 + versions: + - k8s: v1.18.20 + kind: v0.17.0 + - k8s: v1.22.17 + kind: v0.22.0 + - k8s: v1.24.17 + kind: v0.22.0 + - k8s: v1.25.16 + kind: v0.22.0 + - k8s: v1.26.15 + kind: v0.22.0 + - k8s: v1.27.16 + kind: v0.22.0 + - k8s: v1.28.13 + kind: v0.22.0 + - k8s: v1.29.8 + kind: v0.22.0 + - k8s: v1.30.4 + kind: v0.22.0 + - k8s: v1.31.1 + kind: v0.22.0 steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create kind ${{ matrix.k8s }} cluster + - name: Create kind ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} uses: helm/kind-action@v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s }} + version: ${{ matrix.versions.kind }} + node_image: kindest/node:${{ matrix.versions.k8s}} config: .github/kind_config.yaml - uses: actions/setup-python@v4 with: diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index d4792b6c8..3e8e2b1c5 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -39,28 +39,40 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - k8s: - - v1.16.15 - - v1.18.20 - - v1.22.17 - - v1.24.17 - - v1.25.16 - - v1.26.15 - - v1.27.16 - - v1.28.13 - - v1.29.9 - - v1.30.4 - - v1.31.1 + versions: + - k8s: v1.16.15 + kind: v0.15.0 + - k8s: v1.18.20 + kind: v0.17.0 + - k8s: v1.22.17 + kind: v0.22.0 + - k8s: v1.24.17 + kind: v0.22.0 + - k8s: v1.25.16 + kind: v0.22.0 + - k8s: v1.26.15 + kind: v0.22.0 + - k8s: v1.27.16 + kind: v0.22.0 + - k8s: v1.28.13 + kind: v0.22.0 + - k8s: v1.29.8 + kind: v0.22.0 + - k8s: v1.30.4 + kind: v0.22.0 + - k8s: v1.31.1 + kind: v0.22.0 steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create kind ${{ matrix.k8s }} cluster + - name: Create K8s ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} uses: helm/kind-action@v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s }} - cluster_name: operator-ci-${{ matrix.k8s }} + version: ${{ matrix.versions.kind }} + node_image: kindest/node:${{ matrix.versions.k8s }} + cluster_name: operator-ci-${{ matrix.versions.k8s }} config: .github/kind_config.yaml - name: Add Cert Manager Helm repo run: helm repo add jetstack https://charts.jetstack.io && helm repo update @@ -70,8 +82,8 @@ jobs: env: API_KEY: ${{ secrets.GO_INTEG_TEST_API_KEY }} APP_KEY: ${{ secrets.GO_INTEG_TEST_APP_KEY }} - CLUSTER_NAME: operator-ci-${{ matrix.k8s }} - K8S_VERSION: ${{ matrix.k8s }} + CLUSTER_NAME: operator-ci-${{ matrix.versions.k8s }} + K8S_VERSION: ${{ matrix.versions.k8s }} run: | kubectl cluster-info kubectl get nodes From 9a8a37675cd4b8f2d2e4f320f7b8aa092b73d060 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Bavelier?= <97530782+tbavelier@users.noreply.github.com> Date: Thu, 24 Oct 2024 16:14:12 +0200 Subject: [PATCH 07/23] Use uncompressedlayerssupport only if containerImage is enabled (#1585) * Use uncompressedlayerssupport only if containerImage is enabled * Simplify Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/_container-agent.yaml | 6 +++--- charts/datadog/templates/_daemonset-volumes-linux.yaml | 2 +- charts/datadog/templates/daemonset.yaml | 2 +- 6 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index aea696be7..024d83657 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.76.1 + +* Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. + ## 3.76.0 * Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index fd6a51a19..92fc85c75 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.76.0 +version: 3.76.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c8ad584a2..cc38a32e0 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.76.0](https://img.shields.io/badge/Version-3.76.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.76.1](https://img.shields.io/badge/Version-3.76.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 90200d49e..e3e6f136b 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" .Values.datadog.sbom.containerImage.uncompressedLayersSupport) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport)) | indent 2 }} resources: {{ toYaml .Values.agents.containers.agent.resources | indent 4 }} ports: @@ -177,7 +177,7 @@ - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} - {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT value: "true" {{- end }} @@ -276,7 +276,7 @@ readOnly: true {{- end }} {{- end }} - {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - name: host-containerd-dir mountPath: /host/var/lib/containerd readOnly: true diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 39ce80f63..0a114c0d5 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -147,7 +147,7 @@ path: / name: hostroot {{- end }} -{{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} +{{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - hostPath: path: /var/lib/containerd name: host-containerd-dir diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ba95268cf..36015b688 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -62,7 +62,7 @@ spec: container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} - {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} {{- if .Values.agents.podAnnotations }} From dcee9e6a25a47795c9a44fc342cc0c284560c8ac Mon Sep 17 00:00:00 2001 From: Dinesh Gurumurthy Date: Thu, 24 Oct 2024 11:12:32 -0400 Subject: [PATCH 08/23] Fix helm installation warnings (#1551) * Fix helm installation warnings * update Readme * Update Readme * Update Readme --- charts/datadog/CHANGELOG.md | 5 +++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 ++-- charts/datadog/templates/NOTES.txt | 2 +- charts/datadog/values.yaml | 33 +++++++++++++++--------------- 5 files changed, 26 insertions(+), 20 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 024d83657..0dc803fe6 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,10 @@ # Datadog changelog +## 3.76.2 + +* Fix warning message displayed when installing/upgrading the Agent with OTel collector. +* Add preview message in values.yaml file. + ## 3.76.1 * Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 92fc85c75..e2c60f4ef 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.76.1 +version: 3.76.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index cc38a32e0..177aba494 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.76.1](https://img.shields.io/badge/Version-3.76.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.76.2](https://img.shields.io/badge/Version-3.76.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -774,7 +774,7 @@ helm install \ | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | | datadog.originDetectionUnified.enabled | bool | `false` | Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | -| datadog.otelCollector.config | object | `{}` | OTel collector configuration | +| datadog.otelCollector.config | string | `nil` | OTel collector configuration | | datadog.otelCollector.enabled | bool | `false` | Enable the OTel Collector | | datadog.otelCollector.ports | list | `[{"containerPort":"4317","name":"otel-grpc"},{"containerPort":"4318","name":"otel-http"}]` | Ports that OTel Collector is listening | | datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 0633779d3..e6002afba 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -605,5 +605,5 @@ OTel collector is not supported on GKE Autopilot. ################################################################# #### WARNING: Private Beta notice #### ################################################################# -OTel collector is in private beta. Please reach out to your Datadog representative for more information. +OTel collector is in preview. Please reach out to your Datadog representative for more information. {{- end }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 236d2eac4..8457d2e94 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -546,22 +546,6 @@ datadog: iast: # datadog.asm.iast.enabled -- Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster enabled: false - - ## OTel collector related configuration - otelCollector: - # datadog.otelCollector.enabled -- Enable the OTel Collector - enabled: false - # datadog.otelCollector.ports -- Ports that OTel Collector is listening - ports: - - # Default GRPC port of OTLP receiver - - containerPort: "4317" - name: otel-grpc - # Default HTTP port of OTLP receiver - - containerPort: "4318" - name: otel-http - # datadog.otelCollector.config -- OTel collector configuration - config: {} ## OTLP ingest related configuration otlp: receiver: @@ -586,6 +570,23 @@ datadog: logs: # datadog.otlp.logs.enabled -- Enable logs support in the OTLP ingest endpoint enabled: false + ## OTel collector is currently in preview. Please reach out to your Datadog representative for more information. + ## OTLP Ingest is the GA feature for sending OTLP data to Datadog Agent. + ## OTel collector related configuration + otelCollector: + # datadog.otelCollector.enabled -- Enable the OTel Collector + enabled: false + # datadog.otelCollector.ports -- Ports that OTel Collector is listening + ports: + + # Default GRPC port of OTLP receiver + - containerPort: "4317" + name: otel-grpc + # Default HTTP port of OTLP receiver + - containerPort: "4318" + name: otel-http + # datadog.otelCollector.config -- OTel collector configuration + config: null ## Continuous Profiler configuration ## From c3482252398b724673dfa6262a4ec63a1ed91fec Mon Sep 17 00:00:00 2001 From: Oliver Li Date: Fri, 25 Oct 2024 16:41:21 -0400 Subject: [PATCH 09/23] Bump runner version to v0.1.3-beta (#1587) * Bump runner version to v0.1.3-beta * retry with baseline update --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 2 +- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 11 insertions(+), 7 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 3549c9050..c6c097505 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.14.2 + +* Update private action image version to `v0.1.3-beta` + ## 0.14.1 * Update private action image version to `v0.1.2-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index 1e0232c5e..dc6d62015 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.1 +version: 0.14.2 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index ee6671058..a83db5d6b 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.1](https://img.shields.io/badge/Version-0.14.1-informational?style=flat-square) ![AppVersion: v0.1.2-beta](https://img.shields.io/badge/AppVersion-v0.1.2--beta-informational?style=flat-square) +![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![AppVersion: v0.1.3-beta](https://img.shields.io/badge/AppVersion-v0.1.3--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.2-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.3-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index 6fa83d3f3..afd53a117 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.1](https://img.shields.io/badge/Version-0.14.1-informational?style=flat-square) ![AppVersion: v0.1.2-beta](https://img.shields.io/badge/AppVersion-v0.1.2--beta-informational?style=flat-square) +![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![AppVersion: v0.1.3-beta](https://img.shields.io/badge/AppVersion-v0.1.3--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 231e783fd..aae01fe22 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.1.2-beta + tag: v0.1.3-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index bae87b7e3..ad3f808ed 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.2-beta" + image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.3-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 08a3b48c9..1ac8e21bf 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.2-beta" + image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.3-beta" imagePullPolicy: IfNotPresent ports: - name: http From e8333d514fc2f16d6c1beca73accf1a9ed1f9a11 Mon Sep 17 00:00:00 2001 From: Joachim Date: Tue, 29 Oct 2024 14:14:52 +0000 Subject: [PATCH 10/23] [dca] [rbac] Add RBAC rules allowing PDB collection (#1577) --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- .../datadog/templates/cluster-agent-rbac.yaml | 5 +- ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +-- ...loyment_default_advanced_AC_injection.yaml | 10 +-- ...ployment_default_minimal_AC_injection.yaml | 10 +-- test/datadog/baseline/daemonset_default.yaml | 6 +- test/datadog/baseline/other_default.yaml | 84 +++++++++---------- 10 files changed, 72 insertions(+), 67 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 0dc803fe6..33027597f 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.76.3 + +* Add `podisruptionbudgets` RBAC to the Cluster Agent. + ## 3.76.2 * Fix warning message displayed when installing/upgrading the Agent with OTel collector. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e2c60f4ef..326d8f105 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.76.2 +version: 3.76.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 177aba494..2de81418b 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.76.2](https://img.shields.io/badge/Version-3.76.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.76.3](https://img.shields.io/badge/Version-3.76.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index dd6c22cf3..e02be2434 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -272,16 +272,17 @@ rules: - namespaces verbs: - list -{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: - "policy" resources: + - poddisruptionbudgets + {{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - podsecuritypolicies + {{- end }} verbs: - get - list - watch -{{- end }} - apiGroups: - rbac.authorization.k8s.io resources: diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index b19661ebf..70f8ad537 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: e662bb8d6708ee7d2bd21ce95572b12e19152da58e6c1640fbd706d505af5199 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 46b1bd3e5501a2cfdd3d34f9f346042c26b3fcee8e32d95327c20a5101c1db66 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index a65285c16..adfcdf968 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 5d58162fbaf3dc86cb8e4ed4166bcc1442b62c8592072a72f4a041568bd5d921 - checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b - checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 + checksum/clusteragent_token: cca640a4dc199e529b846e953a6d37e8080ab2aeb4791125777661712c161032 + checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f + checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 624ab7979..7974728c2 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4faaaae681309cfb4836e070a4b35e8a718a1b3c012ffb338d2ec7a3cf4036b1 - checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b - checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 + checksum/clusteragent_token: 7761a2e69537a90814c4a56ca749333ab0c0a9c23ca77b27bd22d8c58ac75da2 + checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f + checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 386531be8..94bb3e583 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7f6c7c85263dcfa577b2dd96600808784265f650c52ee13f4814274fdae02eb4 - checksum/clusteragent-configmap: 0c1966cffe42a8ccb4671c256aa7db39c81c3dae6879d43317408155ad03110b - checksum/api_key: a65b0e9878ce3895aac0a8a39067aaceac970036603a52f6b4d3b8841fe562b9 + checksum/clusteragent_token: 33dc54d9eba52c54cc95d41ac63222d92496535dd9905c88cadef49b1c994273 + checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f + checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 998659536..6f081c160 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 83b5b1602b5e1169578e69dded647f78c781486cc5e8203a93bcd477148b6938 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 961ab185a6d0f5b70b0e18b9c259c1ba532a15755b92a76561d20d95aac3787c + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 07298dcf4..50fcce917 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.75.0" + chart: "datadog-3.75.1" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.75.0" + chart: "datadog-3.75.1" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "YjlvWkxFclduWHdiQVZJZzBSaGlXYnNVb084Y1BSdGY=" + token: "ZDFCOWlKUnBzU0pDdTBWd3Azd05jb0MyRmdFVmhLazc=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.75.0 + installer_version: datadog-3.75.1 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "bad5d0c4-f169-4c57-9bf3-2fbf5aa4c599" - install_time: "1729541004" + install_id: "cf6e5120-49d5-4b2f-be9d-c98048e12dd5" + install_time: "1729688107" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.0" + chart: "datadog-3.75.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.0" + chart: "datadog-3.75.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: ee1bf541a249cd52955bc91b1fae0050212fe2bfd3894a84f616781f81362f03 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 16f78b0857551ecbe0b56ecfeff09fd304028ca6bc7d85c76cd570c1e358a1e1 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1322,7 +1322,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1352,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: d72fa1bb77003ed410a9aa8ac706024226cff72df58b070689341cad09172740 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 0813165fbc88838d7f439a67c19f9763b02261cca6c1198511e016fb493693ef + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1514,7 +1514,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.0' + helm.sh/chart: 'datadog-3.75.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,9 +1544,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 14f9bef25f860ee586f3e986281b05b2a38d96ec8e9a42efbce111d7e2d168ec - checksum/clusteragent-configmap: 81e504b930c13adb4bd74da0422bfa0306dba563ef9161b91f84bfe15da77266 - checksum/install_info: 0f26ba698ed19cfca67b345f53ad633320db3f86502c811b4c44738df3ee25a4 + checksum/clusteragent_token: 052652147b1153e4103954253b1024b9dd07c6f3ab5701c830f23fbf9522642f + checksum/clusteragent-configmap: 44f5f79f4dc291597183d81712b6beb73c2975ab3607e49f6e31c3290e5bef82 + checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true From 6b2cbbcd144297048120f1fb295feb794cdf89c1 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Tue, 29 Oct 2024 21:02:03 +0100 Subject: [PATCH 11/23] Add support for overlayfs direct scan for SBOMs (#1540) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Use uncompressedlayerssupport only if containerImage is enabled * Add support for overlayfs direct scan for SBOMs * Mount docker directory to access container image mounts --------- Co-authored-by: Timothée Bavelier --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 ++- charts/datadog/templates/_container-agent.yaml | 17 +++++++++++++---- .../templates/_daemonset-volumes-linux.yaml | 3 +++ charts/datadog/templates/daemonset.yaml | 2 +- charts/datadog/values.yaml | 3 +++ 7 files changed, 27 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 33027597f..beda40817 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.77.0 + +* Add experimental support for overlayfs direct scan for SBOMs + ## 3.76.3 * Add `podisruptionbudgets` RBAC to the Cluster Agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 326d8f105..86efc78eb 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.76.3 +version: 3.77.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 2de81418b..b0d033ad9 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.76.3](https://img.shields.io/badge/Version-3.76.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.77.0](https://img.shields.io/badge/Version-3.77.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -799,6 +799,7 @@ helm install \ | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | | datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. DEPRECATED: Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | +| datadog.sbom.containerImage.overlayFSDirectScan | bool | `false` | Use experimental overlayFS direct scan | | datadog.sbom.containerImage.uncompressedLayersSupport | bool | `true` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | | datadog.secretAnnotations | object | `{}` | | diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index e3e6f136b..5288da809 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport)) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") (and .Values.datadog.sbom.containerImage.uncompressedLayersSupport (not .Values.datadog.sbom.containerImage.overlayFSDirectScan)))) | indent 2 }} resources: {{ toYaml .Values.agents.containers.agent.resources | indent 4 }} ports: @@ -177,11 +177,17 @@ - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} - {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if (eq (include "should-enable-sbom-container-image-collection" .) "true") }} + {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if .Values.datadog.sbom.containerImage.overlayFSDirectScan }} + - name: DD_SBOM_CONTAINER_IMAGE_OVERLAYFS_DIRECT_SCAN + value: "true" + {{- else }} - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT value: "true" {{- end }} - + {{- end }} + {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: DD_SBOM_HOST_ENABLED value: "true" @@ -276,10 +282,13 @@ readOnly: true {{- end }} {{- end }} - {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") (or .Values.datadog.sbom.containerImage.uncompressedLayersSupport .Values.datadog.sbom.containerImage.overlayFSDirectScan)}} - name: host-containerd-dir mountPath: /host/var/lib/containerd readOnly: true + - name: host-docker-dir + mountPath: /host/var/lib/docker + readOnly: true {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - name: host-apk-dir diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 0a114c0d5..fe07cdc45 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -151,6 +151,9 @@ - hostPath: path: /var/lib/containerd name: host-containerd-dir +- hostPath: + path: /var/lib/docker + name: host-docker-dir {{- end }} {{- if .Values.datadog.sbom.host.enabled }} - hostPath: diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 36015b688..ad4b959a2 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -73,7 +73,7 @@ spec: shareProcessNamespace: {{ .Values.agents.shareProcessNamespace }} {{- end }} {{- if .Values.datadog.securityContext -}} - {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version ) | nindent 6 }} + {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | nindent 6 }} {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} {{- if .Values.agents.podSecurity.securityContext }} {{- if .Values.agents.podSecurity.securityContext.seLinuxOptions }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 8457d2e94..34e158060 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -826,6 +826,9 @@ datadog: # See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers uncompressedLayersSupport: true + # datadog.sbom.containerImage.overlayFSDirectScan -- Use experimental overlayFS direct scan + overlayFSDirectScan: false + host: # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems enabled: false From 5b33ead6854309dae457819927f2034909da54f4 Mon Sep 17 00:00:00 2001 From: Celene Date: Thu, 31 Oct 2024 13:13:30 -0400 Subject: [PATCH 12/23] Delete default configuration files from cluster checks runner (#1594) * add shell cmds to persist specified check conf.d directories on ccr pods * alternate solution to delete only default yaml files * bump chart --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/agent-clusterchecks-deployment.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index beda40817..556e46746 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.77.1 + +* Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. + ## 3.77.0 * Add experimental support for overlayfs direct scan for SBOMs diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 86efc78eb..d304475d8 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.0 +version: 3.77.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index b0d033ad9..c7db99b0e 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.0](https://img.shields.io/badge/Version-3.77.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.77.1](https://img.shields.io/badge/Version-3.77.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index 07696c35b..d61c3237a 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -109,7 +109,7 @@ spec: image: "{{ include "image-path" (dict "root" .Values "image" .Values.clusterChecksRunner.image) }}" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} {{- if .Values.clusterChecksRunner.ports }} ports: From 9ffdecadff2bcb4ccd84d405a16b32b65f8e4389 Mon Sep 17 00:00:00 2001 From: ArunPiduguDD Date: Fri, 1 Nov 2024 10:20:53 -0400 Subject: [PATCH 13/23] Fix format of teams listed in github_team_restrictions (#1595) --- repository.datadog.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/repository.datadog.yml b/repository.datadog.yml index b49e10d17..814d38c3e 100644 --- a/repository.datadog.yml +++ b/repository.datadog.yml @@ -10,11 +10,11 @@ github_teams_restrictions: - container-helm-chart-maintainers - container-integrations - container-t2 - - Synthetics - - Documentation - - Observability Pipelines - - Telemetry and Analytics - - Vector + - synthetics + - documentation + - observability-pipelines + - telemetry-and-analytics + - vector github_users_restrictions: - cahillsf - clamoriniere From 66a31bc1edb51c9ed0c7c9fa7bd81fd3b1bb5bbf Mon Sep 17 00:00:00 2001 From: ArunPiduguDD Date: Fri, 1 Nov 2024 12:49:35 -0400 Subject: [PATCH 14/23] [observability-pipelines-worker] 2.2.1 release (#1593) --- charts/observability-pipelines-worker/CHANGELOG.md | 4 ++++ charts/observability-pipelines-worker/Chart.yaml | 4 ++-- charts/observability-pipelines-worker/README.md | 4 ++-- charts/observability-pipelines-worker/values.yaml | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 5b0a92a21..aac9b3464 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.2.1 + +* Official image `2.2.1` + ## 2.2.0 * Official image `2.2.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 0e4de305c..757f49855 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.2.0" +version: "2.2.1" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.2.0" +appVersion: "2.2.1" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 485509309..a9e50e99e 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.0](https://img.shields.io/badge/AppVersion-2.2.0-informational?style=flat-square) +![Version: 2.2.1](https://img.shields.io/badge/Version-2.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.1](https://img.shields.io/badge/AppVersion-2.2.1-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.2.0"` | Specify the image tag to use. | +| image.tag | string | `"2.2.1"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index e4f84ec44..566c7333e 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.2.0 + tag: 2.2.1 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: From fd50dbe9a6359690d5231792bb5a929bdfe0a7b7 Mon Sep 17 00:00:00 2001 From: Joshua Lineaweaver Date: Fri, 1 Nov 2024 14:07:24 -0600 Subject: [PATCH 15/23] [Orch] Add additional permissions for operator to view CRDs (#1583) Co-authored-by: levan-m <116471169+levan-m@users.noreply.github.com> --- charts/datadog-operator/CHANGELOG.md | 4 ++++ charts/datadog-operator/Chart.yaml | 2 +- charts/datadog-operator/README.md | 3 ++- charts/datadog-operator/templates/clusterrole.yaml | 10 +++++++++- charts/datadog-operator/values.yaml | 6 ++++++ 5 files changed, 22 insertions(+), 3 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 2f6ee332c..c2e35c443 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.2.0 + +* Add clusterRole.allowReadAllResources to allow viewing all resources. This is required for collecting custom resources in the Kubernetes Explorer + ## 2.1.0 * Update Datadog Operator version to 1.9.0. diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 6577418a7..307497bbd 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: datadog-operator -version: 2.1.0 +version: 2.2.0 appVersion: 1.9.0 description: Datadog Operator keywords: diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 0bf92862f..fe2b687ab 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) ## Values @@ -12,6 +12,7 @@ | appKey | string | `nil` | Your Datadog APP key | | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one | | clusterName | string | `nil` | Set a unique cluster name reporting from the Datadog Operator. | +| clusterRole | object | `{"allowReadAllResources":false}` | Set specific configuration for the cluster role | | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 1b90e330a..1032e2aba 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -794,5 +794,13 @@ rules: - patch - update {{- end }} +{{- if .Values.clusterRole.allowReadAllResources }} +- apiGroups: + - '*' + resources: + - '*' + verbs: + - list + - watch +{{- end }} {{- end }} - diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index fbd4339e9..d445f9f8c 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -190,3 +190,9 @@ livenessProbe: # timeoutSeconds: 1 # successThreshold: 1 # failureThreshold: 3 + +# clusterRole -- Set specific configuration for the cluster role +clusterRole: + # allowReadAllResources is required to allow the operator to view all custom resources. + # If collecting CRDs in the Kubernetes Explorer this is required + allowReadAllResources: false From d6f1eb63c5f83a2876d33bb44db60cbfc1ed5083 Mon Sep 17 00:00:00 2001 From: mrmcpat <109171317+mrdoggopat@users.noreply.github.com> Date: Tue, 5 Nov 2024 14:25:45 -0500 Subject: [PATCH 16/23] Add the ability to include security contexts in container level for cluster checks runners (#1598) * add security context in container level for cluster checks runners * small edit in changelog * move cluster check runner container security context to be adjactent to clusterChecksRunner.securityContext * Update charts/datadog/CHANGELOG.md Co-authored-by: Celene --------- Co-authored-by: Celene --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +++- .../templates/agent-clusterchecks-deployment.yaml | 12 ++++++++++++ charts/datadog/values.yaml | 8 ++++++++ 5 files changed, 28 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 556e46746..8ddfa63ab 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.77.2 + +* Add the ability to include Security Contexts at the container level for Cluster Checks Runners. + ## 3.77.1 * Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index d304475d8..79d9343fd 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.1 +version: 3.77.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index c7db99b0e..be23a59a7 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.1](https://img.shields.io/badge/Version-3.77.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.77.2](https://img.shields.io/badge/Version-3.77.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -629,6 +629,8 @@ helm install \ | clusterAgent.volumes | list | `[]` | Specify additional volumes to mount in the cluster-agent container | | clusterChecksRunner.additionalLabels | object | `{}` | Adds labels to the cluster checks runner deployment and pods | | clusterChecksRunner.affinity | object | `{}` | Allow the ClusterChecks Deployment to schedule using affinity rules. | +| clusterChecksRunner.containers.agent.securityContext | object | `{}` | Specify securityContext on the agent container | +| clusterChecksRunner.containers.initContainers.securityContext | object | `{}` | Specify securityContext on the init containers | | clusterChecksRunner.createPodDisruptionBudget | bool | `false` | Create the pod disruption budget to apply to the cluster checks agents | | clusterChecksRunner.deploymentAnnotations | object | `{}` | Annotations to add to the cluster-checks-runner's Deployment | | clusterChecksRunner.dnsConfig | object | `{}` | specify dns configuration options for datadog cluster agent containers e.g ndots | diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index d61c3237a..6ae0de1c5 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -78,6 +78,10 @@ spec: command: ["bash", "-c"] args: - cp -r /etc/datadog-agent /opt +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /opt/datadog-agent @@ -90,6 +94,10 @@ spec: command: ["bash", "-c"] args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -177,6 +185,10 @@ spec: {{- include "additional-env-dict-entries" .Values.clusterChecksRunner.envDict | indent 10 }} resources: {{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} +{{- if .Values.clusterChecksRunner.containers.agent.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.agent.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: installinfo subPath: install_info diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 34e158060..d90c27fe1 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -2218,6 +2218,14 @@ clusterChecksRunner: # clusterChecksRunner.securityContext -- Allows you to overwrite the default PodSecurityContext on the clusterchecks pods. securityContext: {} + containers: + agent: + # clusterChecksRunner.containers.agent.securityContext -- Specify securityContext on the agent container + securityContext: {} + initContainers: + # clusterChecksRunner.containers.initContainers.securityContext -- Specify securityContext on the init containers + securityContext: {} + # clusterChecksRunner.ports -- Allows to specify extra ports (hostPorts for instance) for this container ports: [] From 3ffc983dce224f77874c2c30d6099451cdd152f1 Mon Sep 17 00:00:00 2001 From: Merchrist <99204620+merchristK@users.noreply.github.com> Date: Thu, 7 Nov 2024 14:37:21 +0100 Subject: [PATCH 17/23] Bump runner version to v0.1.4-beta (#1597) * Bump runner version to v0.1.3-beta update changelog try with gcr lint test signed commit * update change log --- charts/private-action-runner/CHANGELOG.md | 4 ++++ charts/private-action-runner/Chart.yaml | 2 +- charts/private-action-runner/README.md | 4 ++-- charts/private-action-runner/README.md.gotmpl | 2 +- charts/private-action-runner/values.yaml | 4 ++-- test/private-action-runner/__snapshot__/default.yaml | 2 +- .../__snapshot__/enable-kubernetes-actions.yaml | 2 +- 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index c6c097505..89adc7088 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.14.3 + +* Add GitLab private actions and fix image repository link. + ## 0.14.2 * Update private action image version to `v0.1.3-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index dc6d62015..269eac221 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.14.2 +version: 0.14.3 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index a83db5d6b..af2b7bad5 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![AppVersion: v0.1.3-beta](https://img.shields.io/badge/AppVersion-v0.1.3--beta-informational?style=flat-square) +![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![AppVersion: v0.1.4-beta](https://img.shields.io/badge/AppVersion-v0.1.4--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.3-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.4-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index afd53a117..061bb5ec3 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.14.2](https://img.shields.io/badge/Version-0.14.2-informational?style=flat-square) ![AppVersion: v0.1.3-beta](https://img.shields.io/badge/AppVersion-v0.1.3--beta-informational?style=flat-square) +![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![AppVersion: v0.1.4-beta](https://img.shields.io/badge/AppVersion-v0.1.4--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index aae01fe22..b72ae56df 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -5,8 +5,8 @@ common: # -- Current Datadog Private Action Runner image image: - repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner - tag: v0.1.3-beta + repository: gcr.io/datadoghq/private-action-runner + tag: v0.1.4-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index ad3f808ed..0ff7ed363 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.3-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.4-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 1ac8e21bf..c4d5a2779 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.1.3-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.4-beta" imagePullPolicy: IfNotPresent ports: - name: http From 32f4d85016f60248f6d7f9933f14b8ae8785d040 Mon Sep 17 00:00:00 2001 From: Daniel Tafoya <63120739+daniel-taf@users.noreply.github.com> Date: Thu, 7 Nov 2024 21:06:09 -0500 Subject: [PATCH 18/23] Update version for datadog.processAgent.runInCoreAgent (#1591) --- charts/datadog/CHANGELOG.md | 4 ++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 4 +- charts/datadog/templates/_helpers.tpl | 4 +- charts/datadog/values.yaml | 2 +- test/datadog/process_agent_test.go | 80 ++++++++++++++++++++++++++- 6 files changed, 89 insertions(+), 7 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 8ddfa63ab..acaa9ee8e 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.77.3 + +* Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. + ## 3.77.2 * Add the ability to include Security Contexts at the container level for Cluster Checks Runners. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 79d9343fd..132c9a61a 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.2 +version: 3.77.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index be23a59a7..9c8483d80 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.2](https://img.shields.io/badge/Version-3.77.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.77.3](https://img.shields.io/badge/Version-3.77.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -792,7 +792,7 @@ helm install \ | datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | | datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection | | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | -| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. | +| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.57.0+ and Linux. | | datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | | datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 2060ada51..3b7b455a5 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -10,7 +10,7 @@ {{- $version = "6.55.1" -}} {{- end -}} {{- if and (eq $length 1) (or (eq $version "7") (eq $version "latest")) -}} -{{- $version = "7.55.1" -}} +{{- $version = "7.58.1" -}} {{- end -}} {{- $version -}} {{- end -}} @@ -971,7 +971,7 @@ Create RBACs for custom resources false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} {{- include "get-process-checks-in-core-agent-envvar" . -}} - {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.53.0-0" (include "get-agent-version" .)) -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.57.0-0" (include "get-agent-version" .)) -}} true {{- else -}} false diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index d90c27fe1..69a15bb47 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -685,7 +685,7 @@ datadog: processDiscovery: true # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. - ## This is an experimental feature requiring Agent 7.53.0+ and Linux. Currently not compatible with APM Single Step Instrumentation. + ## This requires Agent 7.57.0+ and Linux. runInCoreAgent: false # datadog.processAgent.containerCollection -- Set this to true to enable container collection diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index a9f16bc4d..09c042e2b 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -19,6 +19,7 @@ const ( DDSystemProbeEnabled = "DD_SYSTEM_PROBE_ENABLED" DDNetworkMonitoringEnabled = "DD_SYSTEM_PROBE_NETWORK_ENABLED" DDOrchestratorEnabled = "DD_ORCHESTRATOR_EXPLORER_ENABLED" + DDLanguageDetectionEnabled = "DD_LANGUAGE_DETECTION_ENABLED" ) func Test_processAgentConfigs(t *testing.T) { @@ -247,6 +248,44 @@ func Test_processAgentConfigs(t *testing.T) { }, assertions: verifyLinuxRunInCoreAgent, }, + { + name: "language detection on process agent", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.56", + "datadog.apm.instrumentation.language_detection.enabled": "true", + "datadog.apm.instrumentation.enabled": "true", + }, + }, + assertions: verifyLanguageDetectionInProcessAgent, + }, + { + name: "language detection on core agent", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.57", + "datadog.apm.instrumentation.language_detection.enabled": "true", + "datadog.apm.instrumentation.enabled": "true", + }, + }, + assertions: verifyLanguageDetectionInCoreAgent, + }, } for _, tt := range tests { @@ -272,7 +311,7 @@ func verifyDaemonsetMinimal(t *testing.T, manifest string) { assert.True(t, ok) processEnvs := getEnvVarMap(processAgentContainer.Env) assertDefaultCommonProcessEnvs(t, processEnvs) - assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled]) assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) } @@ -309,6 +348,45 @@ func verifyLinuxRunInCoreAgent(t *testing.T, manifest string) { assert.False(t, ok) } +func verifyLanguageDetectionInCoreAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "true", coreEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", coreEnvs[DDStripProcessArgs]) + assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", coreEnvs[DDLanguageDetectionEnabled]) + assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyLanguageDetectionInProcessAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assert.Equal(t, "true", processEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", processEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", processEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", processEnvs[DDStripProcessArgs]) + assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", processEnvs[DDLanguageDetectionEnabled]) + assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + func verifyChecksOff(t *testing.T, manifest string) { var deployment appsv1.DaemonSet common.Unmarshal(t, manifest, &deployment) From af0e75fad9327b30064a244061550f64ad2b986d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Fri, 8 Nov 2024 07:57:58 +0100 Subject: [PATCH 19/23] [datadog] Update agents to 7.59.0 (#1600) --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 8 +- charts/datadog/values.yaml | 6 +- .../baseline/Operator_Deployment_default.yaml | 2 +- ...gent-clusterchecks-deployment_default.yaml | 14 +-- .../cluster-agent-deployment_default.yaml | 14 +-- ...loyment_default_advanced_AC_injection.yaml | 14 +-- ...ployment_default_minimal_AC_injection.yaml | 16 +-- test/datadog/baseline/daemonset_default.yaml | 16 +-- test/datadog/baseline/other_default.yaml | 106 +++++++++--------- 11 files changed, 103 insertions(+), 99 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index acaa9ee8e..9f81f85de 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.78.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.59.0`. + ## 3.77.3 * Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 132c9a61a..a35ac09d1 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.77.3 +version: 3.78.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 9c8483d80..0e927ad0f 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.77.3](https://img.shields.io/badge/Version-3.77.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.78.0](https://img.shields.io/badge/Version-3.78.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -515,7 +515,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.58.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.59.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -590,7 +590,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.58.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.59.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -644,7 +644,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.58.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.59.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 69a15bb47..1c1c9baf8 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -1008,7 +1008,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.58.0 + tag: 7.59.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1501,7 +1501,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.58.0 + tag: 7.59.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2007,7 +2007,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.58.0 + tag: 7.59.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 48ea073c0..1c051983d 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,7 +7,7 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.1.0 + helm.sh/chart: datadog-operator-2.2.0 app.kubernetes.io/instance: datadog-operator app.kubernetes.io/version: "1.9.0" app.kubernetes.io/managed-by: Helm diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index 70f8ad537..f9bb6d560 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 46b1bd3e5501a2cfdd3d34f9f346042c26b3fcee8e32d95327c20a5101c1db66 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 12bf793564e44ccbda0cb741eff765654dd1f980807df8c9e1c48fa5843f977f + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,10 +70,10 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index adfcdf968..f7b464038 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: cca640a4dc199e529b846e953a6d37e8080ab2aeb4791125777661712c161032 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: 0bdd826ca5a082af0fb3b706904748841535d6e49e5c19fa1c1927e46e2be582 + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 7974728c2..f0b7b256b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7761a2e69537a90814c4a56ca749333ab0c0a9c23ca77b27bd22d8c58ac75da2 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: d767ed339a25dd96716bdb33b78df8bea9dea12ab0e51a9421565ffd7c52d4c0 + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 94bb3e583..08252684e 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 33dc54d9eba52c54cc95d41ac63222d92496535dd9905c88cadef49b1c994273 - checksum/clusteragent-configmap: dc9ca8f8ed971495c8f225fcc46f1d0df999b38747fe4731c5bdc627cff6438f - checksum/api_key: 9ad68ca2a67a78240053d1d2c1a94d9276a5a93d72973717bb69dcd353960099 + checksum/clusteragent_token: 4682112f5ddc3bb51df45fdecab40e75d8b78b7b0833a7ebddf16ab19ebd6c79 + checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 + checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} @@ -122,7 +122,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.58.0 + value: 7.59.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 6f081c160..38eef8f95 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 961ab185a6d0f5b70b0e18b9c259c1ba532a15755b92a76561d20d95aac3787c - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 762520458d6f8835baa01ed6151bb362d62ec396986f8d899953f5e024eee49f + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -203,7 +203,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -310,7 +310,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -408,7 +408,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -421,7 +421,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 50fcce917..2f9e7ad72 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.78.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.78.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "ZDFCOWlKUnBzU0pDdTBWd3Azd05jb0MyRmdFVmhLazc=" + token: "RzQyblZwc0FvQktmQWZ1Tjd0U2JOTXY2bjJLc2t3bDY=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.75.1 + installer_version: datadog-3.78.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "cf6e5120-49d5-4b2f-be9d-c98048e12dd5" - install_time: "1729688107" + install_id: "d92824a1-17ef-4aee-96a4-bf062385f9f0" + install_time: "1731003623" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.78.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.75.1" + chart: "datadog-3.78.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 16f78b0857551ecbe0b56ecfeff09fd304028ca6bc7d85c76cd570c1e358a1e1 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 281e9c642e38fdc87dbb9adff6e16d22ee1f00ce74199251d8238b75887d1b5e + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -836,7 +836,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -998,7 +998,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1105,7 +1105,7 @@ spec: port: 8126 timeoutSeconds: 5 - name: process-agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] resources: @@ -1203,7 +1203,7 @@ spec: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1216,7 +1216,7 @@ spec: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: - bash @@ -1322,7 +1322,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1352,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 0813165fbc88838d7f439a67c19f9763b02261cca6c1198511e016fb493693ef - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 9dc1bb1f1d2debb518a000d9d7c0ffd146eb8c0253808aba90baa2dc19ba4bd7 + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1361,7 +1361,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1373,7 +1373,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1386,10 +1386,10 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.58.0" + image: "gcr.io/datadoghq/agent:7.59.0" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: IfNotPresent env: @@ -1514,7 +1514,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.75.1' + helm.sh/chart: 'datadog-3.78.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,15 +1544,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 052652147b1153e4103954253b1024b9dd07c6f3ab5701c830f23fbf9522642f - checksum/clusteragent-configmap: 44f5f79f4dc291597183d81712b6beb73c2975ab3607e49f6e31c3290e5bef82 - checksum/install_info: 87589acc73e699de4d2ee4e2f2f47d1d08905e9467bb0e4fe318f79aa3947f3b + checksum/clusteragent_token: 471db296e9108084aa91ff95cf06232bd3ee8b371310b338d8ba217d4e50ff15 + checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e + checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent command: - cp @@ -1565,7 +1565,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.58.0" + image: "gcr.io/datadoghq/cluster-agent:7.59.0" imagePullPolicy: IfNotPresent resources: {} From b6f5372ea830365d5024503ec640b7c6f7ed7425 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Fri, 8 Nov 2024 12:14:28 -0500 Subject: [PATCH 20/23] [datadog-crds] Update CRDs from Datadog Operator v1.10.0 tag (#1601) --- charts/datadog-crds/CHANGELOG.md | 4 + charts/datadog-crds/Chart.yaml | 2 +- charts/datadog-crds/README.md | 2 +- .../datadoghq.com_datadogagents_v1.yaml | 163 ++++++++++++++++++ crds/datadoghq.com_datadogagents.yaml | 163 ++++++++++++++++++ 5 files changed, 332 insertions(+), 2 deletions(-) diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index ff96a6ce4..39f9e8402 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +# 2.2.0 + +* Update CRDs from Datadog Operator v1.10.0 tag. + ## 2.1.0 * Update CRDs from Datadog Operator v1.9.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index e84be10f4..f4e6c9763 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.1.0 +version: 2.2.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 7c6f76e88..851d16f49 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index a0c10a59a..5359f9b03 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -701,6 +701,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -708,6 +716,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -851,6 +867,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1006,6 +1089,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1076,6 +1171,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1975,6 +2095,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2137,6 +2280,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3723,6 +3870,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3730,6 +3885,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index d3c0cf280..b8a5b538c 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -695,6 +695,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -702,6 +710,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -845,6 +861,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1000,6 +1083,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1070,6 +1165,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1969,6 +2089,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2131,6 +2274,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3717,6 +3864,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3724,6 +3879,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object From 4e19b9111f4672fc1cb0c90d4b131cf876156948 Mon Sep 17 00:00:00 2001 From: levan-m <116471169+levan-m@users.noreply.github.com> Date: Fri, 8 Nov 2024 12:28:13 -0500 Subject: [PATCH 21/23] Configure Github workflow and job level permissions (#1602) * Configure Github workflow and job level permissions * force CI run * Revert "force CI run" This reverts commit ab704769402a4f95d671b659a2e9a5a55c9861dc. --- .github/workflows/ci.yaml | 5 +++++ .github/workflows/go-test-private-action-runner.yaml | 6 ++++++ .github/workflows/go-test.yaml | 6 ++++++ .github/workflows/pr-labeler.yaml | 7 +++++++ .github/workflows/release.yaml | 5 +++++ 5 files changed, 29 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1c2cd57d0..bbce00ed9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,11 @@ on: paths: - "charts/**" +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: changed: runs-on: ubuntu-latest diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml index a42811bde..dc26fd575 100644 --- a/.github/workflows/go-test-private-action-runner.yaml +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -8,6 +8,12 @@ on: paths: - 'test/private-action-runner/**' - 'charts/private-action-runner/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 3e8e2b1c5..739a20b1b 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -8,6 +8,12 @@ on: paths: - 'test/datadog-operator/**' - 'charts/datadog-operator/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml index f1d36ed3d..ff711a73d 100644 --- a/.github/workflows/pr-labeler.yaml +++ b/.github/workflows/pr-labeler.yaml @@ -4,10 +4,17 @@ on: branches: - main +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: label: name: Add label for PRs runs-on: ubuntu-latest + permissions: + pull-requests: write timeout-minutes: 5 steps: - uses: actions/labeler@v5 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bb531756f..e33b3d11f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,9 +7,14 @@ on: paths: - 'charts/**' +permissions: {} + jobs: release: runs-on: ubuntu-latest + permissions: + # https://github.com/helm/chart-releaser-action + contents: write steps: - name: Checkout uses: actions/checkout@v3 From db5854c7ae065a6caf451709f914e8a2a7fce09a Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Fri, 8 Nov 2024 14:58:28 -0500 Subject: [PATCH 22/23] update operator version to 1.10.0 (#1603) --- charts/datadog-operator/CHANGELOG.md | 4 + charts/datadog-operator/Chart.lock | 6 +- charts/datadog-operator/Chart.yaml | 6 +- charts/datadog-operator/README.md | 4 +- .../datadog-operator/templates/_helpers.tpl | 2 +- charts/datadog-operator/values.yaml | 2 +- .../baseline/DatadogAgent_CRD_default.yaml | 165 +++++++++++++++++- .../baseline/Operator_Deployment_default.yaml | 6 +- .../operator_deployment_test.go | 2 +- ...gent-clusterchecks-deployment_default.yaml | 2 +- .../cluster-agent-deployment_default.yaml | 2 +- ...loyment_default_advanced_AC_injection.yaml | 2 +- ...ployment_default_minimal_AC_injection.yaml | 2 +- test/datadog/baseline/daemonset_default.yaml | 2 +- test/datadog/baseline/other_default.yaml | 12 +- 15 files changed, 193 insertions(+), 26 deletions(-) diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index c2e35c443..773a75e11 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 2.3.0 + +* Update Datadog Operator version to 1.10.0. + ## 2.2.0 * Add clusterRole.allowReadAllResources to allow viewing all resources. This is required for collecting custom resources in the Kubernetes Explorer diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index b5c089010..41fd2ccbd 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 2.1.0 -digest: sha256:8f24ab33303f20421688b071b9fb028c0662795952298300ed4b9a060a4332ac -generated: "2024-10-10T12:48:27.526346-04:00" + version: 2.2.0 +digest: sha256:42b9b7296f565f17f11adea26fa8cb003c0f01551a84793873a3ae6c73efedc2 +generated: "2024-11-08T14:03:54.721912-05:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 307497bbd..c9e85b586 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.2.0 -appVersion: 1.9.0 +version: 2.3.0 +appVersion: 1.10.0 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=2.1.0" + version: "=2.2.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index fe2b687ab..532eb73ce 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square) +![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square) ## Values @@ -33,7 +33,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.9.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.10.0"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 2ec94580f..afc48dc57 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.9.0" }} +{{ "1.10.0" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index d445f9f8c..3558679f4 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.9.0 + tag: 1.10.0 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 22931c5af..2b46bb5d6 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -7,7 +7,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-2.1.0' + helm.sh/chart: 'datadogCRDs-2.2.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -701,6 +701,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -708,6 +716,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object @@ -851,6 +867,73 @@ spec: url: type: string type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map fips: properties: customFIPSConfig: @@ -1006,6 +1089,18 @@ spec: tlsVerify: type: boolean type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: string + type: object + type: object localService: properties: forceEnableLocalService: @@ -1076,6 +1171,31 @@ spec: type: object registry: type: string + secretBackend: + properties: + args: + type: string + command: + type: string + enableGlobalPermissions: + type: boolean + roles: + items: + properties: + namespace: + type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + type: array + x-kubernetes-list-type: atomic + timeout: + format: int32 + type: integer + type: object site: type: string tags: @@ -1975,6 +2095,29 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array extraChecksd: properties: configDataMap: @@ -2137,6 +2280,10 @@ spec: type: string type: object type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object serviceAccountName: type: string tolerations: @@ -3723,6 +3870,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object http: properties: @@ -3730,6 +3885,14 @@ spec: type: boolean endpoint: type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object type: object type: object type: object diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 1c051983d..cd52a9683 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.2.0 + helm.sh/chart: datadog-operator-2.3.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.9.0" + app.kubernetes.io/version: "1.10.0" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.9.0" + image: "gcr.io/datadoghq/operator:1.10.0" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 1bfa22777..d97cad2a5 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -104,7 +104,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.9.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.10.0", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index f9bb6d560..d920f7a94 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 12bf793564e44ccbda0cb741eff765654dd1f980807df8c9e1c48fa5843f977f + checksum/clusteragent_token: 469c53bc0541e25237e65b1972c755bf51ba2a3faff0db4200a5e616c1a85ae6 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index f7b464038..6319408cb 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 0bdd826ca5a082af0fb3b706904748841535d6e49e5c19fa1c1927e46e2be582 + checksum/clusteragent_token: 050ab49a451e1238668b8df86b20941fe655e87b3a55aa57497dea39ac9163c5 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index f0b7b256b..772799b96 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: d767ed339a25dd96716bdb33b78df8bea9dea12ab0e51a9421565ffd7c52d4c0 + checksum/clusteragent_token: 6723707eea64584b2ca85a11cd177a99c2fe52117542bffbdf61a38592a0b2a5 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 08252684e..5edd494e5 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -36,7 +36,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 4682112f5ddc3bb51df45fdecab40e75d8b78b7b0833a7ebddf16ab19ebd6c79 + checksum/clusteragent_token: 7d36a45b80acd6890bafa74cae91697ea7b85a2561cc27f38148d00607a734b4 checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 38eef8f95..fcc8a00b5 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -30,7 +30,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 762520458d6f8835baa01ed6151bb362d62ec396986f8d899953f5e024eee49f + checksum/clusteragent_token: 36783249a1a56e6ad7e24b5b38037b6fa09535bcbf5d09bfa9ae9d87be97990e checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 2f9e7ad72..151d23cce 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -99,7 +99,7 @@ metadata: app.kubernetes.io/version: "7" type: Opaque data: - token: "RzQyblZwc0FvQktmQWZ1Tjd0U2JOTXY2bjJLc2t3bDY=" + token: "b0pkcDdBWU9DZENhcDU1T2ZEbnRXMkxjbW9LT3phdEE=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -191,8 +191,8 @@ metadata: app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "d92824a1-17ef-4aee-96a4-bf062385f9f0" - install_time: "1731003623" + install_id: "417924d1-f1c7-4c44-b681-a4b82f54d07d" + install_time: "1731094912" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" @@ -824,7 +824,7 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 281e9c642e38fdc87dbb9adff6e16d22ee1f00ce74199251d8238b75887d1b5e + checksum/clusteragent_token: dbcee8ba14e360a887c9426f7a91014cf4c59f37e317f7084bb28729aedcfb38 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -1352,7 +1352,7 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 9dc1bb1f1d2debb518a000d9d7c0ffd146eb8c0253808aba90baa2dc19ba4bd7 + checksum/clusteragent_token: cc7c556be49df89c9540b1769bcc9af7f787d18b2770ccf885920cd3c3867fd2 checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: serviceAccountName: datadog-cluster-checks @@ -1544,7 +1544,7 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 471db296e9108084aa91ff95cf06232bd3ee8b371310b338d8ba217d4e50ff15 + checksum/clusteragent_token: 982bf49be535679f1005e6648f369a19b8525b1f802f5874952fcf32b5b56bfe checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e spec: From 6db36e96d98cc04096dfbcb30b4982155997c0c6 Mon Sep 17 00:00:00 2001 From: Fanny Jiang Date: Mon, 11 Nov 2024 17:53:26 -0500 Subject: [PATCH 23/23] Add providers.gke.gdc option to datadog chart (#1521) * wip * add providers.gke.gdc option to datadog chart * update test baselines * syntax fix * add back logs hostPaths * cleanup/wip * fixes, add test, update baselines * fix dd_nodename * fix test, bump version, update baselines * update readme, fix test * cleanup/refactor * apply review suggestions * bump chart version and update baselines/docs * remove redundant template --- charts/datadog/CHANGELOG.md | 4 + charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 3 +- charts/datadog/ci/gke-gdc-values.yaml | 20 ++ .../templates/_components-common-env.yaml | 6 + .../datadog/templates/_container-agent.yaml | 10 +- .../_container-cri-volumemounts.yaml | 2 +- .../_container-host-release-volumemounts.yaml | 2 + .../templates/_container-trace-agent.yaml | 4 +- .../templates/_containers-common-env.yaml | 11 +- .../templates/_containers-init-linux.yaml | 12 +- .../templates/_daemonset-volumes-linux.yaml | 31 +- .../templates/_daemonset-volumes-windows.yaml | 2 +- charts/datadog/templates/_helpers.tpl | 57 +++- .../templates/_processes-common-env.yaml | 4 +- charts/datadog/templates/daemonset.yaml | 2 +- charts/datadog/values.yaml | 3 + ...gent-clusterchecks-deployment_default.yaml | 6 +- .../cluster-agent-deployment_default.yaml | 10 +- ...loyment_default_advanced_AC_injection.yaml | 10 +- ...ployment_default_minimal_AC_injection.yaml | 10 +- test/datadog/baseline/daemonset_default.yaml | 25 +- .../baseline/gdc_daemonset_default.yaml | 280 ++++++++++++++++ .../gdc_daemonset_logs_collection.yaml | 301 ++++++++++++++++++ test/datadog/baseline/other_default.yaml | 103 +++--- test/datadog/baseline_test.go | 36 +++ test/datadog/gdc_test.go | 90 ++++++ 27 files changed, 920 insertions(+), 126 deletions(-) create mode 100644 charts/datadog/ci/gke-gdc-values.yaml create mode 100644 test/datadog/baseline/gdc_daemonset_default.yaml create mode 100644 test/datadog/baseline/gdc_daemonset_logs_collection.yaml create mode 100644 test/datadog/gdc_test.go diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 9f81f85de..80dc04b8d 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.79.0 + +* Add Logs Collection support for Google GKE on GDC + ## 3.78.0 * Set default `Agent` and `Cluster-Agent` version to `7.59.0`. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index a35ac09d1..5f4f70b25 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.78.0 +version: 3.79.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0e927ad0f..3ad8260ea 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.78.0](https://img.shields.io/badge/Version-3.78.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.79.0](https://img.shields.io/badge/Version-3.79.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -879,6 +879,7 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | +| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | | registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | | remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | diff --git a/charts/datadog/ci/gke-gdc-values.yaml b/charts/datadog/ci/gke-gdc-values.yaml new file mode 100644 index 000000000..1c6fcc087 --- /dev/null +++ b/charts/datadog/ci/gke-gdc-values.yaml @@ -0,0 +1,20 @@ +providers: + gke: + gdc: true + +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + + apm: + socketEnabled: false + portEnabled: false + + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true + + kubeStateMetricsCore: + enabled: true diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 0a58d9114..0ca7b0363 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -64,4 +64,10 @@ - name: DD_EXCLUDE_PAUSE_CONTAINER value: "false" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt +- name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key +{{- end }} {{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 5288da809..5219db7ed 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -121,7 +121,7 @@ - name: DD_HEALTH_PORT {{- $healthPort := .Values.agents.containers.agent.healthPort }} value: {{ $healthPort | quote }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} @@ -237,6 +237,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false @@ -262,6 +263,7 @@ mountPath: /etc/passwd readOnly: true {{- end }} + {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir mountPath: /opt/datadog-agent/run @@ -275,7 +277,7 @@ mountPath: /var/log/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if not .Values.datadog.criSocketPath }} + {{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - name: logdockercontainerpath mountPath: /var/lib/docker/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -338,6 +340,10 @@ {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} {{- end }} + {{- if .Values.providers.gke.gdc }} + - name: kubelet-cert-volume + mountPath: /certs + {{- end }} {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} diff --git a/charts/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/templates/_container-cri-volumemounts.yaml index fa85ce44e..af88ed5f3 100644 --- a/charts/datadog/templates/_container-cri-volumemounts.yaml +++ b/charts/datadog/templates/_container-cri-volumemounts.yaml @@ -1,5 +1,5 @@ {{- define "container-crisocket-volumemounts" -}} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if eq .Values.targetSystem "linux" }} - name: runtimesocketdir mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 7e3ad1ac4..b775b7953 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,4 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} +{{- if not .Values.providers.gke.gdc }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} @@ -9,3 +10,4 @@ readOnly: true {{- end }} {{- end }} +{{- end }} diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index c14094a09..66130e2f1 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -86,7 +86,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{- if not .Values.providers.gke.autopilot }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -99,6 +99,7 @@ - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket @@ -109,6 +110,7 @@ {{- end }} {{- end }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index faa496348..84428aeb1 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -30,6 +30,15 @@ - name: DD_KUBERNETES_HTTPS_KUBELET_PORT value: "0" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName +- name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" +{{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} - name: DD_HOSTNAME_FILE @@ -116,7 +125,7 @@ {{- end }} {{- end }} {{- else }} # No support for env AD -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }} - name: DD_CRI_SOCKET_PATH value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index 089555505..fd0636250 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,7 +1,7 @@ {{- define "containers-init-linux" -}} - name: init-volume {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -16,7 +16,7 @@ {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} - name: init-config {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -26,9 +26,6 @@ args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: {{ template "datadog.logDirectoryPath" . }} - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path @@ -42,11 +39,16 @@ mountPath: /checks.d readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config mountPath: /etc/datadog-agent/system-probe.yaml diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index fe07cdc45..de1e13924 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -3,6 +3,14 @@ emptyDir: {} - name: tmpdir emptyDir: {} +- name: s6-run + emptyDir: {} +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +- name: confd + configMap: + name: {{ include "agents.confd-configmap-name" . }} +{{- end }} +{{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc name: procdir @@ -58,13 +66,6 @@ type: DirectoryOrCreate name: apmsocket {{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ include "agents.confd-configmap-name" . }} -{{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config configMap: @@ -183,6 +184,12 @@ name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} {{- end }} {{- end }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} +- hostPath: + path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} + name: runtimesocketdir +{{- end }} +{{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - hostPath: path: {{ template "datadog.hostMountRoot" . }}/logs @@ -193,15 +200,15 @@ - hostPath: path: /var/log/containers name: logscontainerspath -{{- if not .Values.datadog.criSocketPath }} +{{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - hostPath: path: /var/lib/docker/containers name: logdockercontainerpath {{- end }} {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} -- hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir +{{- if .Values.providers.gke.gdc }} +- secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume {{- end }} {{- end -}} diff --git a/charts/datadog/templates/_daemonset-volumes-windows.yaml b/charts/datadog/templates/_daemonset-volumes-windows.yaml index 39598e91b..55a606065 100644 --- a/charts/datadog/templates/_daemonset-volumes-windows.yaml +++ b/charts/datadog/templates/_daemonset-volumes-windows.yaml @@ -21,7 +21,7 @@ path: C:/ProgramData name: logdockercontainerpath {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} - hostPath: path: {{ template "datadog.dockerOrCriSocketPath" . }} name: runtimesocket diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 3b7b455a5..3a3eeced0 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -110,7 +110,7 @@ Create chart name and version as used by the chart label. Return true if the OTelAgent needs to be deployed */}} {{- define "should-enable-otel-agent" -}} -{{- if and .Values.datadog.otelCollector.enabled -}} +{{- if and .Values.datadog.otelCollector.enabled (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -237,6 +237,8 @@ Return agent host mount root {{- define "datadog.hostMountRoot" -}} {{- if .Values.providers.gke.autopilot -}} /var/autopilot/addon/datadog +{{- else if .Values.providers.gke.gdc -}} +/var/datadog {{- else -}} /var/lib/datadog-agent {{- end -}} @@ -340,7 +342,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -363,7 +365,7 @@ false Return true if the fips side car container should be created. */}} {{- define "should-enable-fips" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} true {{- else -}} false @@ -385,7 +387,7 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} true {{- else -}} false @@ -396,7 +398,7 @@ false Return true if the compliance features should be enabled. */}} {{- define "should-enable-compliance" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} true {{- else -}} false @@ -407,7 +409,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -420,7 +422,7 @@ Return true if the hostPid features should be enabled for the Agent pod. {{- define "should-enable-host-pid" -}} {{- if eq .Values.targetSystem "windows" -}} false -{{- else if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} +{{- else if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} true {{- else -}} false @@ -474,10 +476,10 @@ false {{- end -}} {{/* -Return true hostPath should be use for DSD socket. Return always false on GKE autopilot. +Return true hostPath should be use for DSD socket. Return always false on GKE autopilot or GDC. */}} {{- define "should-mount-hostPath-for-dsd-socket" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} {{- if .Values.datadog.dogstatsd.useSocketVolume -}} @@ -488,13 +490,13 @@ false {{- end -}} {{/* -Return true if a APM over UDS is configured. Return always false on GKE autopilot. +Return true if a APM over UDS is configured. Return always false on GKE Autopilot or Google Distributed Cloud. */}} {{- define "trace-agent-use-uds" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} -{{- if or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume -}} +{{- if and (or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -542,6 +544,9 @@ Returns provider kind {{- if .Values.providers.gke.autopilot -}} gke-autopilot {{- end -}} +{{- if .Values.providers.gke.gdc -}} +gke-gdc +{{- end -}} {{- end -}} {{/* @@ -854,7 +859,7 @@ In 7.36, `--config` was deprecated and `--cfgpath` should be used instead. {{/* Returns whether or not the underlying OS is Google Container-Optimized-OS -Note: GKE Autopilot clusters only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) +Note: GKE Autopilot only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) */}} {{- define "can-mount-host-usr-src" -}} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.cos -}} @@ -868,7 +873,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -879,7 +884,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) -}} +{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -902,11 +907,22 @@ Create RBACs for custom resources {{- end }} {{- end }} +{{/* + Return true if Container Runtime Support is enabled +*/}} +{{- define "container-runtime-support-enabled" -}} + {{- if and .Values.datadog.containerRuntimeSupport.enabled (not .Values.providers.gke.gdc) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if container image collection is enabled */}} {{- define "should-enable-container-image-collection" -}} - {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} + {{- if and (not (include "container-runtime-support-enabled" .)) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}} @@ -945,6 +961,9 @@ Create RBACs for custom resources Return true if any process-related check is enabled */}} {{- define "process-checks-enabled" -}} + {{- if .Values.providers.gke.gdc }} + false + {{- end -}} {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} true {{- else -}} @@ -967,6 +986,9 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if ne .Values.targetSystem "linux" -}} false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} @@ -982,6 +1004,9 @@ Create RBACs for custom resources Returns true if the process-agent container should be created. */}} {{- define "should-enable-process-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} true {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml index 41f723d26..65fcd07f8 100644 --- a/charts/datadog/templates/_processes-common-env.yaml +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -1,5 +1,6 @@ # Defines set of environment variables for Processes-related checks. {{- define "processes-common-envs" -}} +{{- if not .Values.providers.gke.gdc }} - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: {{ .Values.datadog.processAgent.processCollection | quote }} - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -11,5 +12,6 @@ {{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }} - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }} -{{- end }} +{{- end }} +{{- end }} {{- end -}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index ad4b959a2..45dc64663 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -139,7 +139,7 @@ spec: {{ include "containers-init-windows" . | nindent 6 }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} + {{- include "containers-init-linux" . | nindent 6 -}} {{- end }} {{- if and (eq (include "should-enable-system-probe" .) "true") (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} {{ include "system-probe-init" . | nindent 6 }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 1c1c9baf8..f7d49a2e4 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -2275,6 +2275,9 @@ providers: # providers.gke.cos -- Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) cos: false + # providers.gke.gdc -- Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) + gdc: false + eks: ec2: # providers.eks.ec2.useHostnameFromFile -- Use hostname from EC2 filesystem instead of fetching from metadata endpoint. diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index d920f7a94..f0d675e83 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 469c53bc0541e25237e65b1972c755bf51ba2a3faff0db4200a5e616c1a85ae6 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 7252ac95e9b7a2be76a893f29be97ba3ddfa93e988f208d18a1e4e410b6b9b7a + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 6319408cb..20f97b46b 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 050ab49a451e1238668b8df86b20941fe655e87b3a55aa57497dea39ac9163c5 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: 789eaddd8ebf97ad196c8ccbad93bdfa98bebad0d60672807686f6587b30fe99 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 772799b96..567fca801 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 6723707eea64584b2ca85a11cd177a99c2fe52117542bffbdf61a38592a0b2a5 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: e3466aa95772fd657b731896232e59a2386ac6c1a38b0ab18cbdeb09156544e8 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 5edd494e5..6421f7579 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,11 +36,11 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 7d36a45b80acd6890bafa74cae91697ea7b85a2561cc27f38148d00607a734b4 - checksum/clusteragent-configmap: 6fea41ac9179f9a526bbb2b5c3f168fd232111ff2c4bdf1cd922c31e45038c31 - checksum/api_key: 5aa9dfe916543cbcf1014dfa812cc46d36156564f56704b12c5f9e9c77afd266 + checksum/clusteragent_token: 153bf4c7a1851a4a2b03bcb46a026255dda1d786c6a5b95827e5364391602e55 + checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d + checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index fcc8a00b5..15abb4696 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 36783249a1a56e6ad7e24b5b38037b6fa09535bcbf5d09bfa9ae9d87be97990e - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 36d1e9094d3cb200659405983a1c3aa58982bd20ea30a71974a01965e0df5ddf + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -77,6 +77,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -349,6 +350,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -405,9 +407,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -419,8 +419,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: @@ -429,12 +428,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -483,6 +482,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -500,8 +501,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml new file mode 100644 index 000000000..829e5c79f --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -0,0 +1,280 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.79.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: ac6f3df32a82b47f1cec6be0a9dce0cc1978c1f64fd5b75177734090bacf54da + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..46d33c986 --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,301 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.79.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: 009553ab18468f5e3c937f34ded921a712214a78b4cbd82f8233e4512e20390d + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: pointerdir + mountPath: /opt/datadog-agent/run + mountPropagation: None + readOnly: false # Need RW for logs pointer + - name: logpodpath + mountPath: /var/log/pods + mountPropagation: None + readOnly: true + - name: logscontainerspath + mountPath: /var/log/containers + mountPropagation: None + readOnly: true + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.59.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index 151d23cce..b203ba643 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "b0pkcDdBWU9DZENhcDU1T2ZEbnRXMkxjbW9LT3phdEE=" + token: "VUhXVVpZMDVTb1Bnd2VxODM1bTRDcU43SFc0UEhTSng=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -162,20 +162,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.78.0 + installer_version: datadog-3.79.0 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +184,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "417924d1-f1c7-4c44-b681-a4b82f54d07d" - install_time: "1731094912" + install_id: "3111252e-d253-4641-b8b3-30b9c6be6466" + install_time: "1731360232" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -416,7 +416,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +512,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -560,7 +560,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +580,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +600,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +621,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +640,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +679,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +700,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +723,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +745,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +771,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.78.0" + chart: "datadog-3.79.0" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +800,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +824,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: dbcee8ba14e360a887c9426f7a91014cf4c59f37e317f7084bb28729aedcfb38 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: f00581a69706d733ac0c8e932c003a67a287dff70bc15af0030fff5a1e66e0cd + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -871,6 +871,7 @@ spec: value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1144,6 +1145,7 @@ spec: name: datadog-cluster-agent key: token + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED value: "false" - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED @@ -1200,9 +1202,7 @@ spec: mountPropagation: None readOnly: true initContainers: - - - name: init-volume - + - name: init-volume image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] @@ -1214,8 +1214,7 @@ spec: readOnly: false # Need RW for config path resources: {} - - name: init-config - + - name: init-config image: "gcr.io/datadoghq/agent:7.59.0" imagePullPolicy: IfNotPresent command: @@ -1224,12 +1223,12 @@ spec: args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: None @@ -1278,6 +1277,8 @@ spec: emptyDir: {} - name: tmpdir emptyDir: {} + - name: s6-run + emptyDir: {} - hostPath: path: /proc name: procdir @@ -1295,8 +1296,6 @@ spec: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - - name: s6-run - emptyDir: {} - hostPath: path: /etc/passwd name: passwd @@ -1322,7 +1321,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1352,8 +1351,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: cc7c556be49df89c9540b1769bcc9af7f787d18b2770ccf885920cd3c3867fd2 - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: 0f3c4653bf6f20423353df3b2c09b545f377c8943c78e038a764c08ee01e7cec + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1514,7 +1513,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.78.0' + helm.sh/chart: 'datadog-3.79.0' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1544,9 +1543,9 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 982bf49be535679f1005e6648f369a19b8525b1f802f5874952fcf32b5b56bfe - checksum/clusteragent-configmap: 18b94379f076d60b9b9aaa9bd8ebbc2fdc70563de1beae32de2018cacf2a237e - checksum/install_info: 8e66003a020dd0b648cc0ee91a46e96257f348938a3e1a58fd54ea6f86adbd5e + checksum/clusteragent_token: dc1e3efaa7c41119e5e666c61d458d5dd5b608c3f5be3e7044f14e087aadeca2 + checksum/clusteragent-configmap: 01caadfa4eb3983f3938c37d3a44a51e3ca2969b2d5ffff36f24d025f3246067 + checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index 8118d5128..baf66fe53 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -113,6 +113,42 @@ func Test_baseline_manifests(t *testing.T) { baselineManifestPath: "./baseline/other_default.yaml", assertions: verifyUntypedResources, }, + { + name: "GDC DaemonSet default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "GDC DaemonSet logs collection enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", + assertions: verifyDaemonset, + }, } for _, tt := range tests { diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go new file mode 100644 index 000000000..b8b2ecf98 --- /dev/null +++ b/test/datadog/gdc_test.go @@ -0,0 +1,90 @@ +package datadog + +import ( + "fmt" + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "testing" +) + +var allowedHostPaths = map[string]interface{}{ + "/var/datadog/logs": nil, + "/var/log/pods": nil, + "/var/log/containers": nil, +} + +func Test_gdcConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "agents.image.doNotCheckTag": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + assertions: verifyDaemonsetGDCMinimal, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { + var ds appsv1.DaemonSet + common.Unmarshal(t, manifest, &ds) + agentContainer := &corev1.Container{} + + assert.Equal(t, 1, len(ds.Spec.Template.Spec.Containers)) + + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Name == "agent" { + agentContainer = &container + } + } + + assert.NotNil(t, agentContainer) + + var validHostPath = true + for _, volume := range ds.Spec.Template.Spec.Volumes { + if volume.HostPath != nil { + _, validHostPath = allowedHostPaths[volume.HostPath.Path] + assert.True(t, validHostPath, fmt.Sprintf("DaemonSet has restricted hostPath mounted: %s ", volume.HostPath.Path)) + } + } + + validPorts := true + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Ports != nil { + for _, port := range container.Ports { + if port.HostPort > 0 { + validPorts = false + break + } + } + } + } + assert.True(t, validPorts, "Daemonset has restricted hostPort mounted.") +}