From db5a4d701b2aeec294e799c03773e7566eaf94d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A8le=20Oul=C3=A8s?= Date: Wed, 21 Feb 2024 22:50:46 +0100 Subject: [PATCH 1/3] cluster-agent: Add network policy default permission (#1327) Co-authored-by: Cedric Lamoriniere --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/cluster-agent-rbac.yaml | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index d7a0dda5f..e8d4d029c 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.57.2 + +* Add `networkpolicies` default permission for the cluster agent. + ## 3.57.1 * Allow configuring CWS security profile based auto suppression feature and enable it by default. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 23f173e03..e997efad3 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.57.1 +version: 3.57.2 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index eee03e8cd..33fade3d5 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.57.1](https://img.shields.io/badge/Version-3.57.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.57.2](https://img.shields.io/badge/Version-3.57.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 975098c8e..a414f640f 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -171,6 +171,7 @@ rules: - networking.k8s.io resources: - ingresses + - networkpolicies verbs: - list - get From 130a504efd9857dc5d071b303bbcb12801bd081b Mon Sep 17 00:00:00 2001 From: Cedric Lamoriniere Date: Thu, 22 Feb 2024 18:20:59 +0100 Subject: [PATCH 2/3] Add labeler github action (#1326) --- .github/workflows/labeler/labels.yaml | 45 +++++++++++++++++++++++++++ .github/workflows/pr-labeler.yaml | 16 ++++++++++ 2 files changed, 61 insertions(+) create mode 100644 .github/workflows/labeler/labels.yaml create mode 100644 .github/workflows/pr-labeler.yaml diff --git a/.github/workflows/labeler/labels.yaml b/.github/workflows/labeler/labels.yaml new file mode 100644 index 000000000..e520ab3d1 --- /dev/null +++ b/.github/workflows/labeler/labels.yaml @@ -0,0 +1,45 @@ +chart/datadog: + - changed-files: + - any-glob-to-any-file: "charts/datadog/**" + +chart/datadog-crds: + - changed-files: + - any-glob-to-any-file: "charts/datadog-crds/**" + - any-glob-to-any-file: "crds/**" + +chart/datadog-operator: + - changed-files: + - any-glob-to-any-file: "charts/datadog-operator/**" + +chart/extended-daemon-set: + - changed-files: + - any-glob-to-any-file: "charts/extended-daemon-set/**" + +chart/watermarkpodautoscaler: + - changed-files: + - any-glob-to-any-file: "charts/watermarkpodautoscaler/**" + +chart/observability-pipelines-worker: + - changed-files: + - any-glob-to-any-file: "charts/observability-pipelines-worker/**" + +chart/synthetics-private-location: + - changed-files: + - any-glob-to-any-file: "charts/synthetics-private-location/**" + +tools/tests: + - changed-files: + - any-glob-to-any-file: "tests/**" + +tools/ci: + - changed-files: + - any-glob-to-any-file: ".github/**" + - any-glob-to-any-file: ".gitlab-ci.yml" + - any-glob-to-any-file: "Makefile" + +documentation: + - changed-files: + - any-glob-to-any-file: "README.md" + - any-glob-to-any-file: "examples/**" + - any-glob-to-any-file: "CONTRIBUTING.md" + - any-glob-to-any-file: "LICENSE" diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml new file mode 100644 index 000000000..f1d36ed3d --- /dev/null +++ b/.github/workflows/pr-labeler.yaml @@ -0,0 +1,16 @@ +name: Labeler +on: + pull_request: + branches: + - main + +jobs: + label: + name: Add label for PRs + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/labeler@v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + configuration-path: .github/workflows/labeler/labels.yaml From 0b71eb1f4903cadf13a9bad6cac0a027833ba0b6 Mon Sep 17 00:00:00 2001 From: Liliya Belaus <59583867+liliyadd@users.noreply.github.com> Date: Fri, 23 Feb 2024 07:19:33 -0500 Subject: [PATCH 3/3] Disable mutations on Datadog resources pods (#1330) --- charts/datadog/CHANGELOG.md | 4 ++++ charts/datadog/Chart.yaml | 2 +- charts/datadog/README.md | 2 +- charts/datadog/templates/agent-clusterchecks-deployment.yaml | 1 + charts/datadog/templates/cluster-agent-deployment.yaml | 1 + charts/datadog/templates/daemonset.yaml | 2 +- 6 files changed, 9 insertions(+), 3 deletions(-) diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index e8d4d029c..28cc6e271 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 3.57.3 + +* Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. + ## 3.57.2 * Add `networkpolicies` default permission for the cluster agent. diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index e997efad3..8818e551e 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: datadog -version: 3.57.2 +version: 3.57.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 33fade3d5..8a283120a 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.57.2](https://img.shields.io/badge/Version-3.57.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.57.3](https://img.shields.io/badge/Version-3.57.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index edcbfaf26..d845f4756 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -27,6 +27,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: clusterchecks-agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }}-clusterchecks {{- if .Values.clusterChecksRunner.additionalLabels }} {{ toYaml .Values.clusterChecksRunner.additionalLabels | indent 8 }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 636649ee1..d0bc7b0d3 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -38,6 +38,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }}-cluster-agent {{- if .Values.clusterAgent.podLabels }} {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 5aba67ff2..15c75d96b 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -9,7 +9,6 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" {{- if .Values.agents.additionalLabels }} {{ toYaml .Values.agents.additionalLabels | indent 4 }} {{- end }} @@ -30,6 +29,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }} {{- if .Values.agents.podLabels }} {{ toYaml .Values.agents.podLabels | indent 8 }}