diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 67a03d272..57dbce109 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -6,13 +6,16 @@ *.md @DataDog/documentation @DataDog/container-helm-chart-maintainers # Charts -charts/datadog-crds @DataDog/container-ecosystems -charts/datadog-operator @DataDog/container-ecosystems -charts/extended-daemon-set @DataDog/container-ecosystems -charts/datadog @DataDog/container-helm-chart-maintainers -charts/datadog/templates/container-system-probe.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers -charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers -charts/datadog/templates/system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers -charts/synthetics-private-location/ @Datadog/synthetics -charts/observability-pipelines-worker @DataDog/observability-pipelines -charts/datadog/templates/_container-trace-agent.yaml @DataDog/agent-apm @DataDog/container-helm-chart-maintainers +charts/datadog-crds @DataDog/container-ecosystems +charts/datadog-operator @DataDog/container-ecosystems +charts/extended-daemon-set @DataDog/container-ecosystems +charts/datadog @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_container-process-agent.yaml @DataDog/container-intake @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_container-system-probe.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_container-trace-agent.yaml @DataDog/agent-apm @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers +charts/datadog/templates/system-probe-configmap.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers +charts/synthetics-private-location/ @Datadog/synthetics +charts/observability-pipelines-worker @DataDog/observability-pipelines +charts/private-action-runner @DataDog/action-platform +test/private-action-runner @DataDog/action-platform diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh index 04ad473d7..03d901387 100755 --- a/.github/helm-docs.sh +++ b/.github/helm-docs.sh @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -HELM_DOCS_VERSION="1.10.0" +HELM_DOCS_VERSION="1.14.2" OS=$(uname) ARCH=$(uname -m) diff --git a/.github/kind_config.yaml b/.github/kind_config.yaml index 752e993cd..fc38ce068 100644 --- a/.github/kind_config.yaml +++ b/.github/kind_config.yaml @@ -1,6 +1,10 @@ +--- kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: -- role: control-plane -- role: worker -- role: worker + - role: control-plane + labels: + disktype: ssd + - role: worker + labels: + disktype: ssd diff --git a/.github/kubeconform.sh b/.github/kubeconform.sh new file mode 100755 index 000000000..749da9719 --- /dev/null +++ b/.github/kubeconform.sh @@ -0,0 +1,38 @@ +#!/bin/bash +set -euo pipefail + +KUBECONFORM_VERSION="v0.6.7" +# https://github.com/yannh/kubeconform/issues/51 +CRD_SPEC_URL="https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json" +# Remove after v1.16 support / testing is dropped +LEGACY_SCHEMA_URL="https://github.com/instrumenta/kubernetes-json-schema" +OS=$(uname) + +CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} +if [ -n "$CHANGED_CHARTS" ]; +then + CHART_DIRS=$CHANGED_CHARTS +else + CHART_DIRS=$(ls -d charts/*) +fi + +# install kubeconform +curl --silent --show-error --fail --location --output /tmp/kubeconform.tar.gz "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-${OS}-amd64.tar.gz" +tar -xf /tmp/kubeconform.tar.gz kubeconform + +# validate charts +for CHART_DIR in ${CHART_DIRS}; do + echo "Running kubeconform for folder: '$CHART_DIR'" + + # Note: -ignore-missing-schemas could be added if needed, but not currently + # needed since we have the schema necessary to validate the CRDs themselves. + # + # Also, if at some point we needed to validate things _using_ these CRDs, + # they're available via + # https://github.com/datreeio/CRDs-catalog/tree/main/datadoghq.com + helm dep up "${CHART_DIR}" && helm template --kube-version "${KUBERNETES_VERSION#v}" \ + --values "${CHART_DIR}/ci/kubeconform-values.yaml" "${CHART_DIR}" \ + | ./kubeconform -strict -schema-location default -schema-location "$CRD_SPEC_URL" \ + -schema-location $LEGACY_SCHEMA_URL -output pretty \ + -verbose -kubernetes-version "${KUBERNETES_VERSION#v}" - +done diff --git a/.github/kubeval.sh b/.github/kubeval.sh deleted file mode 100755 index 181f7c84c..000000000 --- a/.github/kubeval.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -set -euo pipefail - -KUBEVAL_VERSION="v0.16.1" -SCHEMA_LOCATION="https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master" -OS=$(uname) - -CHANGED_CHARTS=${CHANGED_CHARTS:-${1:-}} -if [ -n "$CHANGED_CHARTS" ]; -then - CHART_DIRS=$CHANGED_CHARTS -else - CHART_DIRS=$(ls -d charts/*) -fi - -# install kubeval -curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz "https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-${OS}-amd64.tar.gz" -tar -xf /tmp/kubeval.tar.gz kubeval - -# validate charts -for CHART_DIR in ${CHART_DIRS}; do - echo "Running kubeval for folder: '$CHART_DIR'" - helm dep up "${CHART_DIR}" && helm template --kube-version "${KUBERNETES_VERSION#v}" --values "${CHART_DIR}"/ci/kubeval-values.yaml "${CHART_DIR}" | ./kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}" -done diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c842ec95e..1276ef2ed 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,11 @@ on: paths: - "charts/**" +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + jobs: changed: runs-on: ubuntu-latest @@ -12,7 +17,7 @@ jobs: charts: ${{ steps.list-changed.outputs.changed }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Helm @@ -21,9 +26,9 @@ jobs: version: v3.6.3 - uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed env: @@ -33,7 +38,9 @@ jobs: if [[ -n "$changed" ]]; then echo -n "Charts changed:" echo "$changed" - echo "::set-output name=changed::$changed" + echo "changed<> $GITHUB_OUTPUT + echo "$changed" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT else echo "PR without any chart changes - failing" exit 1 @@ -45,14 +52,14 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (lint) run: ct lint --config .github/ct.yaml @@ -62,13 +69,13 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Run helm-docs run: .github/helm-docs.sh - kubeval-chart: + kubeconform-chart: runs-on: ubuntu-latest needs: - changed @@ -80,55 +87,78 @@ jobs: # https://github.com/instrumenta/kubernetes-json-schema is no # longer updated k8s: - # - v1.14.10 (deprecated with kind 1.16) - - v1.16.15 + - v1.16.4 - v1.18.20 - - v1.22.9 - - v1.24.2 - # v1.25.2 (when agent 7.40 is out) + - v1.22.17 + - v1.24.17 + - v1.25.16 + - v1.26.15 + - v1.27.16 + - v1.28.13 + - v1.29.8 + - v1.30.4 + - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Add datadog helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Add KSM helm repo run: helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts - - name: Run kubeval + - name: Run kubeconform env: KUBERNETES_VERSION: ${{ matrix.k8s }} CHANGED_CHARTS: ${{needs.changed.outputs.charts}} - run: .github/kubeval.sh + run: .github/kubeconform.sh install-chart: name: install-chart runs-on: ubuntu-20.04 + timeout-minutes: 60 needs: - lint-chart - - kubeval-chart + - kubeconform-chart strategy: matrix: - k8s: - - v1.16.15 - - v1.18.20 - - v1.22.9 - - v1.24.2 - - v1.25.2 + versions: + - k8s: v1.18.20 + kind: v0.17.0 + - k8s: v1.22.17 + kind: v0.22.0 + - k8s: v1.24.17 + kind: v0.22.0 + - k8s: v1.25.16 + kind: v0.22.0 + - k8s: v1.26.15 + kind: v0.22.0 + - k8s: v1.27.16 + kind: v0.22.0 + - k8s: v1.28.13 + kind: v0.22.0 + - k8s: v1.29.8 + kind: v0.22.0 + - k8s: v1.30.4 + kind: v0.22.0 + - k8s: v1.31.1 + kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create kind ${{ matrix.k8s }} cluster - uses: helm/kind-action@v1.5.0 + - name: Create kind ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} + uses: helm/kind-action@v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s }} + version: ${{ matrix.versions.kind }} + node_image: kindest/node:${{ matrix.versions.k8s}} + config: .github/kind_config.yaml - uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (install) run: ct install --config .github/ct.yaml diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml new file mode 100644 index 000000000..dc26fd575 --- /dev/null +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -0,0 +1,40 @@ +name: Go Test Private Action Runner +on: + push: + paths: + - 'test/private-action-runner/**' + - 'charts/private-action-runner/**' + pull_request: + paths: + - 'test/private-action-runner/**' + - 'charts/private-action-runner/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + +env: + GO111MODULE: "on" + PROJECTNAME: "helm-charts" +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Set up Go + uses: actions/setup-go@v1 + with: + go-version: 1.21 + id: go + - name: Set up Helm + uses: azure/setup-helm@v3.5 + with: + version: v3.10.1 + - name: Add Datadog Helm repo + run: helm repo add datadog https://helm.datadoghq.com && helm repo update + - name: Check out code into the Go module directory + uses: actions/checkout@v1 + - name: run Go tests + run: | + helm dependency build ./charts/private-action-runner + make unit-test-private-action-runner diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 1b1760931..739a20b1b 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -2,12 +2,18 @@ name: Go Test on: push: paths: - - 'test/**' + - 'test/datadog-operator/**' - 'charts/datadog-operator/**' pull_request: paths: - - 'test/**' + - 'test/datadog-operator/**' - 'charts/datadog-operator/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + env: GO111MODULE: "on" PROJECTNAME: "helm-charts" @@ -18,12 +24,12 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: 1.20 + go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@v4.2.0 with: - version: v3.10.1 + version: v3.14.0 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory @@ -31,7 +37,7 @@ jobs: - name: run Go tests run: | helm dependency build ./charts/datadog-operator - make unit-test + make unit-test-operator integ-tests: if: ${{github.event.pull_request.head.repo.full_name == github.repository }} @@ -39,24 +45,40 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - k8s: - - v1.16.15 - - v1.18.20 - - v1.22.9 - - v1.24.2 - - v1.25.2 - - v1.26.6 - - v1.27.3 + versions: + - k8s: v1.16.15 + kind: v0.15.0 + - k8s: v1.18.20 + kind: v0.17.0 + - k8s: v1.22.17 + kind: v0.22.0 + - k8s: v1.24.17 + kind: v0.22.0 + - k8s: v1.25.16 + kind: v0.22.0 + - k8s: v1.26.15 + kind: v0.22.0 + - k8s: v1.27.16 + kind: v0.22.0 + - k8s: v1.28.13 + kind: v0.22.0 + - k8s: v1.29.8 + kind: v0.22.0 + - k8s: v1.30.4 + kind: v0.22.0 + - k8s: v1.31.1 + kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create kind ${{ matrix.k8s }} cluster - uses: helm/kind-action@v1.5.0 + - name: Create K8s ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} + uses: helm/kind-action@v1.10.0 with: - node_image: kindest/node:${{ matrix.k8s }} - cluster_name: operator-ci-${{ matrix.k8s }} + version: ${{ matrix.versions.kind }} + node_image: kindest/node:${{ matrix.versions.k8s }} + cluster_name: operator-ci-${{ matrix.versions.k8s }} config: .github/kind_config.yaml - name: Add Cert Manager Helm repo run: helm repo add jetstack https://charts.jetstack.io && helm repo update @@ -66,8 +88,8 @@ jobs: env: API_KEY: ${{ secrets.GO_INTEG_TEST_API_KEY }} APP_KEY: ${{ secrets.GO_INTEG_TEST_APP_KEY }} - CLUSTER_NAME: operator-ci-${{ matrix.k8s }} - K8S_VERSION: ${{ matrix.k8s }} + CLUSTER_NAME: operator-ci-${{ matrix.versions.k8s }} + K8S_VERSION: ${{ matrix.versions.k8s }} run: | kubectl cluster-info kubectl get nodes diff --git a/.github/workflows/labeler/labels.yaml b/.github/workflows/labeler/labels.yaml new file mode 100644 index 000000000..b5250ad26 --- /dev/null +++ b/.github/workflows/labeler/labels.yaml @@ -0,0 +1,49 @@ +chart/datadog: + - changed-files: + - any-glob-to-any-file: "charts/datadog/**" + +chart/datadog-crds: + - changed-files: + - any-glob-to-any-file: "charts/datadog-crds/**" + - any-glob-to-any-file: "crds/**" + +chart/datadog-operator: + - changed-files: + - any-glob-to-any-file: "charts/datadog-operator/**" + +chart/extended-daemon-set: + - changed-files: + - any-glob-to-any-file: "charts/extended-daemon-set/**" + +chart/watermarkpodautoscaler: + - changed-files: + - any-glob-to-any-file: "charts/watermarkpodautoscaler/**" + +chart/observability-pipelines-worker: + - changed-files: + - any-glob-to-any-file: "charts/observability-pipelines-worker/**" + +chart/synthetics-private-location: + - changed-files: + - any-glob-to-any-file: "charts/synthetics-private-location/**" + +chart/private-action-runner: + - changed-files: + - any-glob-to-any-file: "charts/private-action-runner/**" + +tools/tests: + - changed-files: + - any-glob-to-any-file: "tests/**" + +tools/ci: + - changed-files: + - any-glob-to-any-file: ".github/**" + - any-glob-to-any-file: ".gitlab-ci.yml" + - any-glob-to-any-file: "Makefile" + +documentation: + - changed-files: + - any-glob-to-any-file: "README.md" + - any-glob-to-any-file: "examples/**" + - any-glob-to-any-file: "CONTRIBUTING.md" + - any-glob-to-any-file: "LICENSE" diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml new file mode 100644 index 000000000..ff711a73d --- /dev/null +++ b/.github/workflows/pr-labeler.yaml @@ -0,0 +1,23 @@ +name: Labeler +on: + pull_request: + branches: + - main + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + +jobs: + label: + name: Add label for PRs + runs-on: ubuntu-latest + permissions: + pull-requests: write + timeout-minutes: 5 + steps: + - uses: actions/labeler@v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + configuration-path: .github/workflows/labeler/labels.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index bcb3892c5..e33b3d11f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,9 +7,14 @@ on: paths: - 'charts/**' +permissions: {} + jobs: release: runs-on: ubuntu-latest + permissions: + # https://github.com/helm/chart-releaser-action + contents: write steps: - name: Checkout uses: actions/checkout@v3 @@ -27,3 +32,4 @@ jobs: uses: helm/chart-releaser-action@v1.5.0 env: CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + CR_SKIP_EXISTING: true # Ignore chart changes when version was not updated (documentation) diff --git a/.gitignore b/.gitignore index 9f0bb268c..504caf976 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,8 @@ charts/*/charts helm-docs -kubeval +kubeconform .idea vendor/ .vscode go.work* +.DS_Store diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c9882e344..7d92a3ff0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,35 +1,55 @@ -variables: - # Do not modify this - must be the repository name for Kubernetes gitlab runners to run - KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: helm-charts - stages: - e2e +variables: + RUN_E2E_TEST: + description: "set RUN_E2E_TEST to 'true' if you want to trigger the e2e test on your pipeline." + e2e: stage: e2e rules: + - if: '$CI_COMMIT_BRANCH =~ /^mq-working-branch-/' + changes: + paths: + - charts/datadog/*.yaml + - test/**/* + compare_to: "refs/heads/main" + when: always + - if: '$CI_COMMIT_BRANCH =~ /^mq-working-branch-/' + when: never - if: $CI_COMMIT_BRANCH == "main" changes: paths: - - charts/**/*.yaml + - charts/datadog/** - test/**/* compare_to: "refs/heads/main" - image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/test-infra-definitions/runner:986d192b + when: always + - if: $RUN_E2E_TEST == "true" + when: manual + - when: never + image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/test-infra-definitions/runner:95dca87f269a tags: ["arch:amd64"] + variables: + AWS_KEYPAIR_NAME: datadog-agent-ci + AWS_PRIVATE_KEY_FILE: $CI_PROJECT_DIR/ssh_key + KUBERNETES_CPU_REQUEST: 2 + KUBERNETES_MEMORY_REQUEST: 4Gi + KUBERNETES_MEMORY_LIMIT: 12Gi before_script: - # Update awscli v2 - - aws --version - - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - - unzip awscliv2.zip - - ./aws/install --update - - aws --version - # Setup AWS Credentials - mkdir -p ~/.aws - set +x + # Set GITHUB_TOKEN to avoid getting rate-limited when pulumi sdk downloads the kubernetes provider + - export GITHUB_TOKEN=$(aws ssm get-parameter --region us-east-1 --name ci.helm-charts.github_token --with-decryption --query "Parameter.Value" --out text) + # Configure AWS EC2 ssh key needed for create pulumi EKS environment + - aws ssm get-parameter --region us-east-1 --name ci.helm-charts.ssh_key --with-decryption --query "Parameter.Value" --out text > $AWS_PRIVATE_KEY_FILE + - set -x + # Without the newline ssh silently fails and moves on to try other auth methods + - echo "" >> $AWS_PRIVATE_KEY_FILE + - chmod 600 $AWS_PRIVATE_KEY_FILE + # Configure AWS profile - aws ssm get-parameter --region us-east-1 --name ci.helm-charts.e2e-agent-qa-profile --with-decryption --query "Parameter.Value" --out text >> ~/.aws/config - set -x - export AWS_PROFILE=agent-qa-ci - pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE" script: - # TODO: enable running E2E tests when upstream pulumi-eks fix is merged https://github.com/pulumi/pulumi-eks/pull/886 - - echo "Success!" + - make test-e2e diff --git a/Makefile b/Makefile index 4516019f1..493319bbe 100644 --- a/Makefile +++ b/Makefile @@ -46,15 +46,27 @@ vet: .PHONY: unit-test unit-test: - go test -C test ./... -count=1 -skip=E2E + go test -C test ./... -count=1 + +.PHONY: unit-test-operator +unit-test-operator: + go test -C test ./datadog-operator -count=1 + +.PHONY: unit-test-private-action-runner +unit-test-private-action-runner: + go test -C test ./private-action-runner -count=1 .PHONY: update-test-baselines update-test-baselines: - go test -C test ./... -count=1 -skip=E2E -args -updateBaselines=true + go test -C test ./... -count=1 -args -updateBaselines=true + +.PHONY: update-test-baselines-operator +update-test-baselines-operator: + go test -C test ./datadog-operator -count=1 -args -updateBaselines=true .PHONY: integration-test integration-test: - go test -C test/integ --tags=integration -skip=E2E -count=1 -v + go test -C test/integ --tags=integration -count=1 -v # Running E2E tests locally: ## Must be connected to appgate @@ -67,14 +79,14 @@ test-e2e: fmt vet e2e-test # aws-vault exec sso-agent-sandbox-account-admin -- make e2e-test .PHONY: e2e-test e2e-test: - E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test ./... -v -run=E2E -vet=off -timeout 1h -count=1 + E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test/e2e ./... --tags=e2e -v -vet=off -timeout 1h -count=1 # aws-vault exec sso-agent-sandbox-account-admin -- make e2e-test-preserve-stacks .PHONY: e2e-test-preserve-stacks e2e-test-preserve-stacks: - E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test ./... -v -run=E2E -vet=off -timeout 1h -count=1 -args -preserveStacks=true + E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test/e2e ./... --tags=e2e -v -vet=off -timeout 1h -count=1 -args -preserveStacks=true # aws-vault exec sso-agent-sandbox-account-admin -- make e2e-test-cleanup-stacks .PHONY: e2e-test-cleanup-stacks e2e-test-cleanup-stacks: - E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test ./... -v -run=E2E -vet=off -timeout 1h -count=1 -args -destroyStacks=true + E2E_CONFIG_PARAMS=$(E2E_CONFIG_PARAMS) E2E_PROFILE=$(E2E_PROFILE) go test -C test/e2e ./... --tags=e2e -v -vet=off -timeout 1h -count=1 -args -destroyStacks=true diff --git a/README.md b/README.md index af3522e32..b141b71ca 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,11 @@ [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/datadog)](https://artifacthub.io/packages/search?repo=datadog) Official Helm charts for Datadog products. Currently supported: -- [Datadog Agents](charts/datadog/README.md) (datadog/datadog) -- [Observability Pipelines Worker](charts/observability-pipelines-worker/README.md) (datadog/observability-pipelines-worker) +- [Datadog Agents](charts/datadog/README.md) (`datadog/datadog`) +- [Datadog Operator](charts/datadog-operator/README.md) (`datadog/datadog-operator`) +- [Extended DaemonSet](charts/extended-daemon-set/README.md) (`datadog/extendeddaemonset`) +- [Observability Pipelines Worker](charts/observability-pipelines-worker/README.md) (`datadog/observability-pipelines-worker`) +- [Synthetics Private Location](charts/synthetics-private-location/README.md) (`datadog/synthetics-private-location`) ## How to use Datadog Helm repository diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 3e4c23ef8..b55387c05 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,47 @@ # Changelog +# 2.3.0 + +* Update CRDs from Datadog Operator v1.11.0 tag. + +# 2.2.0 + +* Update CRDs from Datadog Operator v1.10.0 tag. + +## 2.1.0 + +* Update CRDs from Datadog Operator v1.9.0 tag. +* Add DatadogDashboards CRD. + +## 2.0.0 + +* Update CRDs from Datadog Operator v1.8.0 tag. +* Remove support for DatadogAgent `v1alpha1` and conversion webhook. +* Final update of Datadog CRDs with the `apiextensions.k8s.io/v1beta1` version of CustomResourceDefinition. + +## 1.7.2 + +* Remove XValidation as requires K8S >= 1.25. + +## 1.7.1 + +* Add DPA CRD. + +## 1.7.0 +* Update CRDs from Datadog Operator v1.7.0 tag. + +## 1.6.0 +* Update CRDs from Datadog Operator v1.6.0 tag. + +## 1.5.0 +* Update CRDs from Datadog Operator v1.5.0 tag. + +## 1.4.0 +* Update CRDs from Datadog Operator v1.4.0 tag. + +## 1.3.1 +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 1.3.0 * Update CRDs from Datadog Operator v1.3.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 416ef901b..3402f3d30 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 1.3.0 +version: 2.3.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 40d5ee6d0..3da17dcde 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -22,16 +22,14 @@ But the recommended Kubernetes versions are `1.16+`. | Key | Type | Default | Description | |-----|------|---------|-------------| +| crds.datadogAgentProfiles | bool | `false` | Set to true to deploy the DatadogAgentProfiles CRD | | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | +| crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboards CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | +| crds.datadogPodAutoscalers | bool | `false` | Set to true to deploy the DatadogPodAutoscalers CRD | | crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | fullnameOverride | string | `""` | Override the fully qualified app name | -| migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | -| migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | -| migration.datadogAgents.conversionWebhook.namespace | string | `"default"` | | -| migration.datadogAgents.useCertManager | bool | `false` | | -| migration.datadogAgents.version | string | `"v2alpha1"` | | | nameOverride | string | `""` | Override name of app | ## Developers diff --git a/charts/datadog-crds/ci/kubeconform-values.yaml b/charts/datadog-crds/ci/kubeconform-values.yaml new file mode 100644 index 000000000..5fd2c50b1 --- /dev/null +++ b/charts/datadog-crds/ci/kubeconform-values.yaml @@ -0,0 +1,7 @@ +crds: + datadogMetrics: true + datadogAgents: true + datadogMonitors: true + datadogSLOs: true + datadogAgentProfiles: true + datadogPodAutoscalers: true diff --git a/charts/datadog-crds/ci/kubeval-values.yaml b/charts/datadog-crds/ci/kubeval-values.yaml deleted file mode 100644 index 1cc095b47..000000000 --- a/charts/datadog-crds/ci/kubeval-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -crds: - datadogMetrics: true - datadogAgents: true - datadogMonitors: true diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml new file mode 100644 index 000000000..e16b1bdcf --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -0,0 +1,437 @@ +{{- if and .Values.crds.datadogAgentProfiles (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadogagentprofiles.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogAgentProfile + listKind: DatadogAgentProfileList + plural: datadogagentprofiles + shortNames: + - dap + singular: datadogagentprofile + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.valid + name: valid + type: string + - jsonPath: .status.applied + name: applied + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogAgentProfile is the Schema for the datadogagentprofiles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogAgentProfileSpec defines the desired state of DatadogAgentProfile + properties: + config: + properties: + override: + additionalProperties: + properties: + containers: + additionalProperties: + properties: + env: + description: |- + Specify additional environment variables in the container. + See also: https://docs.datadoghq.com/agent/guide/environment-variables/ + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: |- + Specify the Request and Limits of the pods. + To get guaranteed QoS class, specify requests and limits equal. + See also: http://kubernetes.io/docs/user-guide/compute-resources/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + description: |- + Configure the basic configurations for an Agent container + Valid Agent container names are: `agent` + type: object + labels: + additionalProperties: + type: string + description: Labels provide labels that are added to the Datadog Agent pods. + type: object + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + updateStrategy: + description: |- + The deployment strategy to use to replace existing pods with new ones. + Valid types are `RollingUpdate` or `OnDelete` for DaemonSets + properties: + rollingUpdate: + description: Configure the rolling update strategy of the Deployment or DaemonSet. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge behaves differently based on the Kubernetes resource. Refer to the + Kubernetes API documentation for additional details. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Refer to the Kubernetes API documentation for additional details.. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate" + or "Recreate" for Deployments + type: string + type: object + type: object + description: Override the default configurations of the node agent. + type: object + type: object + profileAffinity: + properties: + profileNodeAffinity: + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + type: object + type: object + status: + description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + properties: + applied: + description: Applied shows whether the DatadogAgentProfile conflicts with an existing DatadogAgentProfile. + type: string + conditions: + description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + createStrategy: + description: CreateStrategy is the state of the create strategy feature. + properties: + lastTransition: + description: LastTransition is the last time the status was updated. + format: date-time + type: string + maxUnavailable: + description: MaxUnavailable shows the number of pods that can be in an unready state. + format: int32 + type: integer + nodesLabeled: + description: NodesLabeled shows the number of nodes currently labeled. + format: int32 + type: integer + podsReady: + description: PodsReady shows the number of pods in the ready state. + format: int32 + type: integer + status: + description: Status shows the current state of the feature. + type: string + type: object + currentHash: + description: CurrentHash is the stored hash of the DatadogAgentProfile. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + valid: + description: Valid shows if the DatadogAgentProfile has a valid config spec. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml new file mode 100644 index 000000000..3f7ab4dcb --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1beta1.yaml @@ -0,0 +1,290 @@ +{{- if and .Values.crds.datadogAgentProfiles (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogagentprofiles.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + additionalPrinterColumns: + - JSONPath: .status.valid + name: valid + type: string + - JSONPath: .status.applied + name: applied + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date + group: datadoghq.com + names: + kind: DatadogAgentProfile + listKind: DatadogAgentProfileList + plural: datadogagentprofiles + shortNames: + - dap + singular: datadogagentprofile + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: DatadogAgentProfile is the Schema for the datadogagentprofiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DatadogAgentProfileSpec defines the desired state of DatadogAgentProfile + properties: + config: + properties: + override: + additionalProperties: + properties: + containers: + additionalProperties: + properties: + env: + description: 'Specify additional environment variables in the container. See also: https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables' + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: 'Specify the Request and Limits of the pods To get guaranteed QoS class, specify requests and limits equal. See also: http://kubernetes.io/docs/user-guide/compute-resources/' + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + description: 'Configure the basic configurations for an Agent container Valid Agent container names are: `agent`' + type: object + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + type: string + type: object + type: object + type: object + profileAffinity: + properties: + profileNodeAffinity: + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: object + status: + description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + properties: + applied: + description: Applied shows whether the DatadogAgentProfile conflicts with an existing DatadogAgentProfile. + type: string + conditions: + description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentHash: + description: CurrentHash is the stored hash of the DatadogAgentProfile. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + valid: + description: Valid shows if the DatadogAgentProfile has a valid config spec. + type: string + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index d54a9d840..af1e555c1 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -1,15 +1,10 @@ {{- if and .Values.crds.datadogAgents (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - {{- if .Values.migration.datadogAgents.useCertManager }} - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}-serving-cert - {{- end }} - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -17,18 +12,6 @@ metadata: app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' app.kubernetes.io/instance: '{{ .Release.Name }}' spec: - {{- if .Values.migration.datadogAgents.conversionWebhook.enabled }} - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: {{ .Values.migration.datadogAgents.conversionWebhook.namespace }} - name: {{ .Values.migration.datadogAgents.conversionWebhook.name }} - path: /convert - conversionReviewVersions: - - v1 - {{- end }} group: datadoghq.com names: kind: DatadogAgent @@ -40,9 +23,6 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - jsonPath: .status.agent.status name: agent type: string @@ -55,7 +35,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: age type: date - name: v1alpha1 + name: v2alpha1 schema: openAPIV3Schema: properties: @@ -67,205 +47,153 @@ spec: type: object spec: properties: - agent: + features: properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: + admissionController: properties: - nodeAffinity: + agentCommunicationMode: + type: string + agentSidecarInjection: properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: properties: - nodeSelectorTerms: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: items: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array + name: + default: "" + type: string type: object + x-kubernetes-map-type: atomic type: array - required: - - nodeSelectorTerms + tag: + type: string type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: + profiles: items: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: key: type: string - operator: + name: + default: "" type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: properties: key: type: string - operator: + name: + default: "" type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: properties: - matchExpressions: + claims: items: properties: - key: + name: type: string - operator: + request: type: string - values: - items: - type: string - type: array required: - - key - - operator + - name type: object type: array - matchLabels: + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: namespaceSelector: properties: matchExpressions: @@ -279,101 +207,20 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + x-kubernetes-map-type: atomic + objectSelector: properties: matchExpressions: items: @@ -386,1719 +233,923 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + mutation: + properties: + enabled: + type: boolean + type: object + registry: + type: string + serviceName: + type: string + validation: + properties: + enabled: + type: boolean type: object + webhookName: + type: string type: object apm: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic enabled: type: boolean - env: - items: - properties: - name: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: type: string - value: + type: array + x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object + libVersions: + additionalProperties: type: string - valueFrom: - properties: - configMapKeyRef: + type: object + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object - failureThreshold: + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: format: int32 type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: properties: - host: - type: string - httpHeaders: + items: items: properties: - name: + key: type: string - value: + mode: + format: int32 + type: integer + path: type: string required: - - name - - value + - key + - path type: object type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true type: object type: object - unixDomainSocket: + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: properties: enabled: type: boolean - hostFilepath: + path: type: string type: object - volumeMounts: + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + collectedEventTypes: items: properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + kind: type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic required: - - mountPath - - name + - kind + - reasons type: object type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object - config: + externalMetricsServer: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: + enabled: type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: + endpoint: properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: + credentials: properties: - configData: + apiKey: type: string - configMap: + apiSecret: properties: - fileKey: + keyName: type: string - name: + secretName: type: string + required: + - secretName type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: + appKey: type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object type: object + url: + type: string type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: format: int32 type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: type: boolean - livenessProbe: + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: + configData: + type: string + configMap: properties: - host: - type: string - httpHeaders: + items: items: properties: - name: + key: type: string - value: + mode: + format: int32 + type: integer + path: type: string required: - - name - - value + - key + - path type: object type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string type: object - podAnnotationsAsTags: - additionalProperties: + customResources: + items: type: string - type: object - podLabelsAsTags: - additionalProperties: + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: type: string - type: object - readinessProbe: + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + protocols: properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object type: object type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + global: + properties: + checksTagCardinality: + type: string + clusterAgentToken: + type: string + clusterAgentTokenSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + clusterName: + type: string + containerStrategy: + type: string + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + criSocketPath: + type: string + disableNonResourceRules: + type: boolean + dockerSocketPath: + type: string + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: properties: - localhostProfile: + keyName: type: string - type: + secretName: type: string required: - - type + - secretName type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: + appKey: + type: string + appSecret: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: + keyName: type: string - hostProcess: - type: boolean - runAsUserName: + secretName: type: string + required: + - secretName type: object type: object - tags: - items: + url: + type: string + type: object + env: + items: + properties: + name: type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: + value: + type: string + valueFrom: properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: + configMapKeyRef: properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: + key: type: string - kind: + name: + default: "" type: string - readOnly: + optional: type: boolean required: - - diskName - - diskURI + - key type: object - azureFile: + x-kubernetes-map-type: atomic + fieldRef: properties: - readOnly: - type: boolean - secretName: + apiVersion: type: string - shareName: + fieldPath: type: string required: - - secretName - - shareName + - fieldPath type: object - cephfs: + x-kubernetes-map-type: atomic + resourceFieldRef: properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: + containerName: type: string - secretRef: - properties: - name: - type: string - type: object - user: + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string required: - - monitors + - resource type: object - cinder: + x-kubernetes-map-type: atomic + secretKeyRef: properties: - fsType: + key: type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: + name: + default: "" type: string + optional: + type: boolean required: - - volumeID + - key type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: properties: - name: + key: type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: + mode: + format: int32 + type: integer + path: type: string + required: + - key + - path type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: properties: - claimName: + name: + default: "" type: string - readOnly: - type: boolean - required: - - claimName type: object - photonPersistentDisk: + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + claims: + items: properties: - fsType: + name: type: string - pdID: + request: type: string required: - - pdID + - name type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object type: object + useHTTPS: + type: boolean type: object - daemonsetName: - type: string - deploymentStrategy: + kubelet: properties: - canary: + agentCAPath: + type: string + host: properties: - autoFail: + configMapKeyRef: properties: - canaryTimeout: + key: type: string - enabled: + name: + default: "" + type: string + optional: type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: type: string + required: + - fieldPath type: object - autoPause: + x-kubernetes-map-type: atomic + resourceFieldRef: properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string + required: + - resource type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: + x-kubernetes-map-type: atomic + secretKeyRef: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string + x-kubernetes-map-type: atomic type: object - reconcileFrequency: + hostCAPath: type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: + tlsVerify: + type: boolean + type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: type: string + type: object type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: type: string + type: object type: object - keepAnnotations: - type: string - keepLabels: - type: string localService: properties: - forceLocalServiceEnable: + forceEnableLocalService: type: boolean - overrideName: + nameOverride: type: string type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string + logLevel: + type: string + namespaceAnnotationsAsTags: + additionalProperties: + type: string + type: object + namespaceLabelsAsTags: + additionalProperties: + type: string type: object networkPolicy: properties: @@ -2118,4820 +1169,1549 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic flavor: type: string type: object - otlp: + nodeLabelsAsTags: + additionalProperties: + type: string + type: object + originDetectionUnified: properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object + enabled: + type: boolean + type: object + podAnnotationsAsTags: + additionalProperties: + type: string + type: object + podLabelsAsTags: + additionalProperties: + type: string type: object - priorityClassName: + registry: type: string - process: + runProcessChecksInCoreAgent: + type: boolean + secretBackend: properties: args: - items: - type: string - type: array - x-kubernetes-list-type: atomic + type: string command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: + type: string + enableGlobalPermissions: type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: + roles: items: properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + namespace: type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set required: - - mountPath - - name + - namespace + - secrets type: object type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: + timeout: + format: int32 + type: integer + type: object + site: + type: string + tags: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + override: + additionalProperties: + properties: + affinity: + properties: + nodeAffinity: properties: - name: - type: string - value: - type: string - valueFrom: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name + x-kubernetes-map-type: atomic type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: + podAffinity: properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - operator: + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array - required: - - key - - operator + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: + type: object + x-kubernetes-map-type: atomic + namespaces: + items: type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: + type: array + x-kubernetes-list-type: atomic + topologyKey: type: string required: - - secretName + - topologyKey type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - {{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - features: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - failurePolicy: - type: string - mutateUnlabelled: - type: boolean - serviceName: - type: string - webhookName: - type: string - type: object - apm: - properties: - enabled: - type: boolean - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - clusterChecks: - properties: - enabled: - type: boolean - useClusterChecksRunners: - type: boolean - type: object - cspm: - properties: - checkInterval: - type: string - customBenchmarks: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - hostBenchmarks: - properties: - enabled: - type: boolean - type: object - type: object - cws: - properties: - customPolicies: + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + containers: + additionalProperties: properties: - configData: + appArmorProfileName: type: string - configMap: - properties: - items: - items: + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - network: - properties: - enabled: - type: boolean - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - securityProfiles: - properties: - enabled: - type: boolean - type: object - syscallMonitorEnabled: - type: boolean - type: object - dogstatsd: - properties: - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + healthPort: format: int32 type: integer - type: object - mapperProfiles: - properties: - configData: - type: string - configMap: + livenessProbe: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: + exec: + properties: + command: + items: type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - originDetectionEnabled: - type: boolean - tagCardinality: - type: string - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - ebpfCheck: - properties: - enabled: - type: boolean - type: object - eventCollection: - properties: - collectKubernetesEvents: - type: boolean - type: object - externalMetricsServer: - properties: - enabled: - type: boolean - endpoint: - properties: - credentials: + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + name: + type: string + readinessProbe: properties: - apiKey: - type: string - apiSecret: + exec: properties: - keyName: - type: string - secretName: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" type: string required: - - secretName + - port type: object - appKey: - type: string - appSecret: + httpGet: properties: - keyName: + host: type: string - secretName: + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - secretName + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer type: object - url: - type: string - type: object - port: - format: int32 - type: integer - registerAPIService: - type: boolean - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - kubeStateMetricsCore: - properties: - conf: - properties: - configData: - type: string - configMap: + resources: properties: - items: + claims: items: properties: - key: + name: type: string - mode: - format: int32 - type: integer - path: + request: type: string required: - - key - - path + - name type: object type: array x-kubernetes-list-map-keys: - - key + - name x-kubernetes-list-type: map - name: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + seccompConfig: + properties: + customProfile: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customRootPath: type: string type: object - type: object - enabled: - type: boolean - type: object - liveContainerCollection: - properties: - enabled: - type: boolean - type: object - liveProcessCollection: - properties: - enabled: - type: boolean - scrubProcessArguments: - type: boolean - stripProcessArguments: - type: boolean - type: object - logCollection: - properties: - containerCollectAll: - type: boolean - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - npm: - properties: - collectDNSStats: - type: boolean - enableConntrack: - type: boolean - enabled: - type: boolean - type: object - oomKill: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - conf: - properties: - configData: - type: string - configMap: + securityContext: properties: - items: - items: - properties: - key: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: type: string - mode: - format: int32 - type: integer - path: + type: array + x-kubernetes-list-type: atomic + drop: + items: type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object type: object - type: object - customResources: - items: - type: string - type: array - x-kubernetes-list-type: set - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubContainers: - type: boolean - type: object - otlp: - properties: - receiver: - properties: - protocols: + startupProbe: properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer grpc: properties: - enabled: - type: boolean - endpoint: + port: + format: int32 + type: integer + service: + default: "" type: string + required: + - port type: object - http: + httpGet: properties: - enabled: - type: boolean - endpoint: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer type: object - type: object - type: object - processDiscovery: - properties: - enabled: - type: boolean - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enableServiceEndpoints: - type: boolean - enabled: - type: boolean - version: - type: integer - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - sbom: - properties: - containerImage: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - enabled: - type: boolean - host: - properties: - analyzers: + volumeMounts: items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - type: object - tcpQueueLength: - properties: - enabled: - type: boolean - type: object - usm: - properties: - enabled: - type: boolean - type: object - type: object - global: - properties: - clusterAgentToken: - type: string - clusterAgentTokenSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + - mountPath + x-kubernetes-list-type: map type: object - type: object - criSocketPath: - type: string - dockerSocketPath: - type: string - endpoint: - properties: - credentials: + type: object + createPodDisruptionBudget: + type: boolean + createRbac: + type: boolean + customConfigurations: + additionalProperties: properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: + configData: type: string - appSecret: + configMap: properties: - keyName: - type: string - secretName: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - required: - - secretName type: object type: object - url: - type: string - type: object - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: + type: object + disabled: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + x-kubernetes-list-type: atomic + options: + items: properties: - key: - type: string name: type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: + value: type: string - optional: - type: boolean - required: - - key type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - localService: - properties: - forceEnableLocalService: - type: boolean - nameOverride: - type: string - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: + type: array + x-kubernetes-list-type: atomic + searches: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: key: type: string - operator: + name: + default: "" type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - registry: - type: string - site: - type: string - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - override: - additionalProperties: - properties: - affinity: + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: + properties: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + extraChecksd: properties: - nodeAffinity: + configDataMap: + additionalProperties: + type: string + type: object + configMap: properties: - preferredDuringSchedulingIgnoredDuringExecution: + items: items: properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: + key: + type: string + mode: format: int32 type: integer + path: + type: string required: - - preference - - weight + - key + - path type: object type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object - podAffinity: + type: object + extraConfd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: properties: - preferredDuringSchedulingIgnoredDuringExecution: + items: items: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: + key: + type: string + mode: format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + type: integer + path: type: string required: - - topologyKey + - key + - path type: object type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object - podAntiAffinity: + type: object + hostNetwork: + type: boolean + hostPID: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + priorityClassName: + type: string + replicas: + format: int32 + type: integer + securityContext: + properties: + appArmorProfile: properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountAnnotations: + additionalProperties: + type: string + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: + type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: type: string - type: array - topologyKey: + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + default: "" type: string - required: - - topologyKey type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - containers: - additionalProperties: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: type: string - valueFrom: + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object fieldRef: properties: apiVersion: @@ -6941,6 +2721,12 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string resourceFieldRef: properties: containerName: @@ -6951,341 +2737,556 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: + resource: type: string required: - - name - - value + - resource type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object required: - - port + - spec type: object - initialDelaySeconds: + type: object + fc: + properties: + fsType: + type: string + lun: format: int32 type: integer - periodSeconds: + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: format: int32 type: integer - successThreshold: + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: format: int32 type: integer - tcpSocket: + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: properties: - host: + name: + default: "" type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal type: object - logLevel: - type: string name: type: string - readinessProbe: + nfs: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: format: int32 type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: + sources: + items: + properties: + clusterTrustBundle: properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic name: type: string - value: + optional: + type: boolean + path: + type: string + signerName: type: string required: - - name - - value + - path type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic type: object - seccompConfig: + quobyte: properties: - customProfile: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customRootPath: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: type: string + required: + - registry + - volume type: object - securityContext: + rbd: properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: + fsType: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + secretRef: properties: - localhostProfile: - type: string - type: + name: + default: "" type: string - required: - - type type: object - windowsOptions: + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: + name: + default: "" type: string type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - type: object - createRbac: - type: boolean - customConfigurations: - additionalProperties: - properties: - configData: - type: string - configMap: + secret: properties: + defaultMode: + format: int32 + type: integer items: items: properties: @@ -7301,71 +3302,42 @@ spec: - path type: object type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: type: string type: object - type: object - type: object - disabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: + storageos: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + fsType: + type: string + readOnly: + type: boolean + secretRef: properties: - key: - type: string name: + default: "" type: string - optional: - type: boolean - required: - - key type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath type: object required: - name @@ -7374,1025 +3346,958 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map - extraChecksd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - extraConfd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: + type: object + type: object + type: object + status: + properties: + agent: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: type: string - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: + daemonsetName: type: string - replicas: + desired: format: int32 type: integer - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccountName: + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic + clusterAgent: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + clusterChecksRunner: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time type: string - tolerations: - items: + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: + agentCommunicationMode: type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumes: - items: - properties: - awsElasticBlockStore: + agentSidecarInjection: properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: + clusterAgentCommunicationEnabled: type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: type: string - kind: + registry: type: string - readOnly: - type: boolean - required: - - diskName - - diskURI + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic type: object - azureFile: + cwsInstrumentation: properties: - readOnly: + enabled: type: boolean - secretName: - type: string - shareName: + mode: type: string - required: - - secretName - - shareName type: object - cephfs: + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + mutation: properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: + enabled: type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors type: object - cinder: + registry: + type: string + serviceName: + type: string + validation: properties: - fsType: - type: string - readOnly: + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID type: object - configMap: + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: properties: - defaultMode: + enabled: + type: boolean + hostPort: format: int32 type: integer - items: + type: object + instrumentation: + properties: + disabledNamespaces: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - name: - type: string - optional: + x-kubernetes-list-type: set + enabled: type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + languageDetection: properties: - name: - type: string + enabled: + type: boolean type: object - readOnly: - type: boolean - volumeAttributes: + libVersions: additionalProperties: type: string type: object - required: - - driver type: object - downwardAPI: + unixDomainSocketConfig: properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array + enabled: + type: boolean + path: + type: string type: object - emptyDir: + type: object + asm: + properties: + iast: properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + enabled: + type: boolean type: object - ephemeral: + sca: properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object + enabled: + type: boolean type: object - fc: + threats: properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: + enabled: type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array type: object - flexVolume: + type: object + autoscaling: + properties: + workload: properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: + enabled: type: boolean - secretRef: + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: type: string type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string type: object - gcePersistentDisk: + enabled: + type: boolean + hostBenchmarks: properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: + enabled: type: boolean - required: - - pdName type: object - gitRepo: + type: object + cws: + properties: + customPolicies: properties: - directory: - type: string - repository: - type: string - revision: + configData: type: string - required: - - repository + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object type: object - glusterfs: + enabled: + type: boolean + network: properties: - endpoints: - type: string - path: - type: string - readOnly: + enabled: type: boolean - required: - - endpoints - - path type: object - hostPath: + remoteConfiguration: properties: - path: - type: string - type: - type: string - required: - - path + enabled: + type: boolean type: object - iscsi: + securityProfiles: properties: - chapAuthDiscovery: + enabled: type: boolean - chapAuthSession: + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: + hostPort: format: int32 type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: type: string type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal type: object - name: + originDetectionEnabled: + type: boolean + tagCardinality: type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: + unixDomainSocketConfig: properties: - claimName: - type: string - readOnly: + enabled: type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: + path: type: string - required: - - pdID type: object - portworxVolume: + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: type: string - required: - - volumeID type: object - projected: + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: + configData: + type: string + configMap: + properties: + items: + items: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + key: type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean + required: + - key + - path type: object - serviceAccountToken: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: - audience: + key: type: string - expirationSeconds: - format: int64 + mode: + format: int32 type: integer path: type: string required: + - key - path type: object - type: object - type: array + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object type: object - quobyte: + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + type: object type: object - rbd: + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: + analyzers: items: type: string type: array - pool: - type: string - readOnly: + x-kubernetes-list-type: set + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: + overlayFSDirectScan: type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: + uncompressedLayersSupport: type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system type: object - secret: + enabled: + type: boolean + host: properties: - defaultMode: - format: int32 - type: integer - items: + analyzers: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: + x-kubernetes-list-type: set + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath type: object - required: - - name type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer + serviceDiscovery: + properties: + enabled: + type: boolean + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map type: object type: object - {{- if eq .Values.migration.datadogAgents.version "v2alpha1" }} served: true storage: true - {{- else }} - served: true - storage: false - {{- end }} subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml index fd1004c1e..c602a1017 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1beta1.yaml @@ -14,6 +14,19 @@ metadata: app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' app.kubernetes.io/instance: '{{ .Release.Name }}' spec: + additionalPrinterColumns: + - JSONPath: .status.agent.status + name: agent + type: string + - JSONPath: .status.clusterAgent.status + name: cluster-agent + type: string + - JSONPath: .status.clusterChecksRunner.status + name: cluster-checks-runner + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date group: datadoghq.com names: kind: DatadogAgent @@ -25,620 +38,394 @@ spec: scope: Namespaced subresources: status: {} - version: v1alpha1 - versions: - - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - JSONPath: .status.agent.status - name: agent + validation: + openAPIV3Schema: + properties: + apiVersion: type: string - - JSONPath: .status.clusterAgent.status - name: cluster-agent + kind: type: string - - JSONPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: + metadata: + type: object + spec: properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: + features: properties: - agent: + admissionController: properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: + agentCommunicationMode: + type: string + agentSidecarInjection: properties: - nodeAffinity: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: properties: - preferredDuringSchedulingIgnoredDuringExecution: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: items: properties: - preference: - properties: - matchExpressions: - items: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: key: type: string - operator: + name: type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchFields: - items: + fieldRef: properties: - key: + apiVersion: type: string - operator: + fieldPath: type: string - values: - items: - type: string - type: array required: - - key - - operator + - fieldPath type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: + resourceFieldRef: properties: - key: + containerName: type: string - operator: + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string - values: - items: - type: string - type: array required: - - key - - operator + - resource type: object - type: array - matchFields: - items: + secretKeyRef: properties: key: type: string - operator: + name: type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + claims: + items: + properties: + name: type: string - type: array - topologyKey: - type: string - required: - - topologyKey + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + matchExpressions: + items: + properties: + key: type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + operator: type: string - type: object + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - namespaces: + type: object + objectSelector: + properties: + matchExpressions: items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + registry: + type: string + serviceName: + type: string + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + libVersions: + additionalProperties: + type: string type: object - podAntiAffinity: + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: properties: - preferredDuringSchedulingIgnoredDuringExecution: + items: items: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: + key: + type: string + mode: format: int32 type: integer + path: + type: string required: - - podAffinityTerm - - weight + - key + - path type: object type: array - requiredDuringSchedulingIgnoredDuringExecution: + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: items: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + key: + type: string + mode: + format: int32 + type: integer + path: type: string required: - - topologyKey + - key + - path type: object type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object type: object - apm: + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic enabled: type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map hostPort: format: int32 type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map type: object - config: + mapperProfiles: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: + configData: + type: string + configMap: properties: - configMapName: - type: string items: items: properties: @@ -657,1177 +444,1031 @@ spec: x-kubernetes-list-map-keys: - key x-kubernetes-list-type: map - type: object - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: + name: type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map type: object - criSocket: + type: object + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: + properties: + credentials: properties: - criSocketPath: - type: string - dockerSocketPath: + apiKey: type: string - type: object - ddUrl: - type: string - dogstatsd: - properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: + apiSecret: properties: - configData: + keyName: type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object + secretName: + type: string + required: + - secretName type: object - unixDomainSocket: + appKey: + type: string + appSecret: properties: - enabled: - type: boolean - hostFilepath: + keyName: + type: string + secretName: type: string + required: + - secretName type: object type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: + url: + type: string + type: object + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - tlsVerify: - type: boolean type: object - leaderElection: - type: boolean - livenessProbe: + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: properties: - exec: - properties: - command: - items: + items: + items: + properties: + key: type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: + properties: + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: type: string - required: - - port type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + http: properties: - host: + enabled: + type: boolean + endpoint: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string type: object - nodeLabelsAsTags: - additionalProperties: + type: object + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: type: string - type: object - podAnnotationsAsTags: - additionalProperties: + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + global: + properties: + clusterAgentToken: + type: string + clusterAgentTokenSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + clusterName: + type: string + containerStrategy: + type: string + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + criSocketPath: + type: string + disableNonResourceRules: + type: boolean + dockerSocketPath: + type: string + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName type: object - podLabelsAsTags: - additionalProperties: - type: string + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName type: object - readinessProbe: + type: object + url: + type: string + type: object + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: properties: - exec: - properties: - command: - items: + items: + items: + properties: + key: type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: + mode: + format: int32 + type: integer + path: type: string required: - - name - - value + - key + - path type: object type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: items: properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: + name: type: string type: object type: array - x-kubernetes-list-type: atomic - volumeMounts: + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + claims: items: properties: - mountPath: - type: string - mountPropagation: - type: string name: type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string required: - - mountPath - name type: object type: array x-kubernetes-list-map-keys: - name - - mountPath x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + useHTTPS: + type: boolean + type: object + kubelet: + properties: + agentCAPath: + type: string + host: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + hostCAPath: + type: string + tlsVerify: + type: boolean + type: object + localService: + properties: + forceEnableLocalService: + type: boolean + nameOverride: + type: string + type: object + logLevel: + type: string + namespaceLabelsAsTags: + additionalProperties: + type: string + type: object + namespaceAnnotationsAsTags: + additionalProperties: + type: string + type: object + networkPolicy: + properties: + create: + type: boolean + dnsSelectorEndpoints: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: array + x-kubernetes-list-type: atomic + flavor: + type: string + type: object + nodeLabelsAsTags: + additionalProperties: + type: string + type: object + originDetectionUnified: + properties: + enabled: + type: boolean + type: object + podAnnotationsAsTags: + additionalProperties: + type: string + type: object + podLabelsAsTags: + additionalProperties: + type: string + type: object + registry: + type: string + site: + type: string + tags: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + override: + additionalProperties: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: + type: array + required: + - key + - operator type: object - spec: + type: array + matchFields: + items: properties: - accessModes: + key: + type: string + operator: + type: string + values: items: type: string type: array - dataSource: + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: properties: - apiGroup: - type: string - kind: + key: type: string - name: + operator: type: string + values: + items: + type: string + type: array required: - - kind - - name + - key + - operator type: object - dataSourceRef: + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: properties: - apiGroup: - type: string - kind: + key: type: string - name: + operator: type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: + values: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: type: string - type: object + type: array + required: + - key + - operator type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: + type: array + matchLabels: + additionalProperties: type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: type: string - options: - additionalProperties: + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: type: string - required: - - path - type: object - iscsi: + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + containers: + additionalProperties: + properties: + appArmorProfileName: + type: string + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + configMapKeyRef: properties: + key: + type: string name: type: string + optional: + type: boolean + required: + - key type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: + fieldRef: properties: - name: + apiVersion: type: string + fieldPath: + type: string + required: + - fieldPath type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: + resourceFieldRef: properties: - name: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string + required: + - resource type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: + secretKeyRef: properties: + key: + type: string name: type: string + optional: + type: boolean + required: + - key type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath type: object required: - name @@ -1836,412 +1477,292 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: + healthPort: + format: int32 + type: integer + livenessProbe: properties: - autoFail: + exec: properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string + command: + items: + type: string + type: array type: object - autoPause: + failureThreshold: + format: int32 + type: integer + grpc: properties: - enabled: - type: boolean - maxRestarts: + port: format: int32 type: integer - maxSlowStartDuration: + service: type: string + required: + - port type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: + httpGet: properties: - matchExpressions: + host: + type: string + httpHeaders: items: properties: - key: + name: type: string - operator: + value: type: string - values: - items: - type: string - type: array required: - - key - - operator + - name + - value type: object type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string type: object - updateStrategyType: + logLevel: type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: + name: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: type: string - required: - - fieldPath - type: object - resourceFieldRef: + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: + name: type: string required: - - resource + - name type: object - secretKeyRef: - properties: - key: + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + seccompConfig: + properties: + customProfile: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customRootPath: + type: string + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: type: string - name: + type: array + drop: + items: type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object + level: + type: string + role: + type: string + type: + type: string + user: + type: string type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string type: object type: object volumeMounts: @@ -2269,3615 +1790,1161 @@ spec: - mountPath x-kubernetes-list-type: map type: object - rbac: + type: object + createRbac: + type: boolean + customConfigurations: + additionalProperties: properties: - create: - type: boolean - serviceAccountName: + configData: type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: + configMap: properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: + items: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + type: object + disabled: + type: boolean + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: + resourceFieldRef: properties: - configMapName: + containerName: type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource type: object - syscallMonitor: + secretKeyRef: properties: - enabled: + key: + type: string + name: + type: string + optional: type: boolean + required: + - key type: object type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map + required: + - name type: object - systemProbe: - properties: - appArmorProfileName: + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + extraChecksd: + properties: + configDataMap: + additionalProperties: type: string - args: + type: object + configMap: + properties: items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: + type: object + type: object + extraConfd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: + items: properties: - fileKey: + key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - type: object + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + hostNetwork: + type: boolean + hostPID: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string type: object - debugPort: - format: int32 + type: array + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + priorityClassName: + type: string + replicas: + format: int32 + type: integer + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: + type: array + sysctls: + items: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object + name: + type: string + value: + type: string + required: + - name + - value type: object - secCompCustomProfileConfigMap: + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + tolerations: + items: + properties: + effect: type: string - secCompProfileName: + key: type: string - secCompRootPath: + operator: type: string - securityContext: + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + volumes: + items: + properties: + awsElasticBlockStore: properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: type: boolean - procMount: + volumeID: type: string - readOnlyRootFilesystem: + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: properties: - localhostProfile: - type: string - type: + name: type: string - required: - - type type: object - windowsOptions: + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: + name: type: string type: object + volumeID: + type: string + required: + - volumeID type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: + configMap: properties: - preferredDuringSchedulingIgnoredDuringExecution: + defaultMode: + format: int32 + type: integer + items: items: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: + key: type: string - partition: + mode: format: int32 type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: path: type: string - type: - type: string required: + - key - path type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: + fieldRef: properties: - name: + apiVersion: type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: + fieldPath: type: string + required: + - fieldPath type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: + mode: format: int32 type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: + path: type: string - readOnly: - type: boolean - secretRef: + resourceFieldRef: properties: - name: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string + required: + - resource type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string required: - - volumePath + - path type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: + type: array + type: object + emptyDir: properties: - fileKey: - type: string - name: + medium: type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: properties: - key: - type: string - operator: - type: string - values: + accessModes: items: type: string type: array - required: - - key - - operator + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: + required: + - spec + type: object + type: object + fc: properties: - configData: + fsType: type: string - configMap: + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: properties: - fileKey: - type: string name: type: string type: object + required: + - driver type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: properties: - configData: + endpoints: type: string - configMap: + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: properties: - fileKey: - type: string name: type: string type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal type: object - ddUrl: + name: type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: + nfs: properties: - containers: + path: + type: string + readOnly: type: boolean + server: + type: string + required: + - path + - server type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - defaultOverride: - type: object - x-kubernetes-preserve-unknown-fields: true + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object type: object type: object - {{- if not (eq .Values.migration.datadogAgents.version "v2alpha1") }} - served: true - storage: true - {{- else }} - served: true - storage: false - {{- end }} - - additionalPrinterColumns: - - JSONPath: .status.agent.status - name: agent - type: string - - JSONPath: .status.clusterAgent.status - name: cluster-agent - type: string - - JSONPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - JSONPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: + status: properties: - apiVersion: - type: string - kind: - type: string - metadata: + agent: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic + clusterAgent: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + clusterChecksRunner: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer type: object - spec: + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + remoteConfigConfiguration: properties: features: properties: @@ -5885,12 +2952,202 @@ spec: properties: agentCommunicationMode: type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object enabled: type: boolean failurePolicy: type: string mutateUnlabelled: type: boolean + registry: + type: string serviceName: type: string webhookName: @@ -5908,6 +3165,30 @@ spec: format: int32 type: integer type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object + libVersions: + additionalProperties: + type: string + type: object + type: object unixDomainSocketConfig: properties: enabled: @@ -5916,6 +3197,24 @@ spec: type: string type: object type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object clusterChecks: properties: enabled: @@ -6117,6 +3416,17 @@ spec: wpaController: type: boolean type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object kubeStateMetricsCore: properties: conf: @@ -6300,6 +3610,10 @@ spec: x-kubernetes-list-type: set enabled: type: boolean + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean type: object enabled: type: boolean @@ -6340,6 +3654,8 @@ spec: type: object clusterName: type: string + containerStrategy: + type: string credentials: properties: apiKey: @@ -6367,6 +3683,8 @@ spec: type: object criSocketPath: type: string + disableNonResourceRules: + type: boolean dockerSocketPath: type: string endpoint: @@ -6399,6 +3717,98 @@ spec: url: type: string type: object + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + useHTTPS: + type: boolean + type: object kubelet: properties: agentCAPath: @@ -6507,6 +3917,11 @@ spec: additionalProperties: type: string type: object + originDetectionUnified: + properties: + enabled: + type: boolean + type: object podAnnotationsAsTags: additionalProperties: type: string @@ -6599,7 +4014,127 @@ spec: - operator type: object type: array - matchFields: + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: items: properties: key: @@ -6615,13 +4150,23 @@ spec: - operator type: object type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array - required: - - nodeSelectorTerms - type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array type: object - podAffinity: + podAntiAffinity: properties: preferredDuringSchedulingIgnoredDuringExecution: items: @@ -6687,594 +4232,852 @@ spec: format: int32 type: integer required: - - podAffinityTerm - - weight + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + type: object + containers: + additionalProperties: + properties: + appArmorProfileName: + type: string + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + healthPort: + format: int32 + type: integer + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: + type: string + name: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + httpGet: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + host: + type: string + httpHeaders: + items: + properties: + name: type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: + value: type: string - type: object - type: object - namespaces: - items: - type: string + required: + - name + - value + type: object type: array - topologyKey: + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - topologyKey + - port type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - podAffinityTerm - - weight + - port type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + seccompConfig: + properties: + customProfile: + properties: + configData: + type: string + configMap: properties: - matchExpressions: + items: items: properties: key: type: string - operator: + mode: + format: int32 + type: integer + path: type: string - values: - items: - type: string - type: array required: - key - - operator + - path type: object type: array - matchLabels: - additionalProperties: - type: string - type: object + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object - namespaces: + type: object + customRootPath: + type: string + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: items: type: string type: array - topologyKey: + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: type: string required: - - topologyKey + - type type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - containers: - additionalProperties: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + volumeMounts: items: properties: + mountPath: + type: string + mountPropagation: + type: string name: type: string - value: + readOnly: + type: boolean + subPath: + type: string + subPathExpr: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object required: + - mountPath - name type: object type: array x-kubernetes-list-map-keys: - name + - mountPath x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: + type: object + type: object + createRbac: + type: boolean + customConfigurations: + additionalProperties: + properties: + configData: + type: string + configMap: properties: - exec: - properties: - command: - items: + items: + items: + properties: + key: type: string - type: array + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + type: object + disabled: + type: boolean + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource type: object - failureThreshold: - format: int32 - type: integer - grpc: + secretKeyRef: properties: - port: - format: int32 - type: integer - service: + key: + type: string + name: type: string + optional: + type: boolean required: - - port + - key type: object - httpGet: + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + extraChecksd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: + items: + items: properties: - host: + key: type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array + mode: + format: int32 + type: integer path: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string required: - - port + - key + - path type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + extraConfd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: + items: + items: properties: - host: + key: + type: string + mode: + format: int32 + type: integer + path: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - - port + - key + - path type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + hostNetwork: + type: boolean + hostPID: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string type: object - logLevel: + type: array + tag: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + priorityClassName: + type: string + replicas: + format: int32 + type: integer + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + strategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + tolerations: + items: + properties: + effect: type: string - name: + key: type: string - readinessProbe: + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + x-kubernetes-list-type: atomic + volumes: + items: + properties: + awsElasticBlockStore: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: + fsType: + type: string + partition: format: int32 type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - seccompConfig: + azureDisk: properties: - customProfile: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customRootPath: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: type: string + readOnly: + type: boolean + required: + - diskName + - diskURI type: object - securityContext: + azureFile: properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: + readOnly: type: boolean - procMount: + secretName: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object + shareName: + type: string + required: + - secretName + - shareName type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + cephfs: + properties: + monitors: + items: type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - type: object - createRbac: - type: boolean - customConfigurations: - additionalProperties: - properties: - configData: - type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object configMap: properties: + defaultMode: + format: int32 + type: integer items: items: properties: @@ -7290,269 +5093,349 @@ spec: - path type: object type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map name: type: string + optional: + type: boolean type: object - type: object - type: object - disabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: + csi: properties: - configMapKeyRef: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: properties: - key: - type: string name: type: string - optional: - type: boolean - required: - - key type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string type: object - resourceFieldRef: + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object required: - - resource + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string type: object - secretKeyRef: + readOnly: + type: boolean + secretRef: properties: - key: - type: string name: type: string - optional: - type: boolean - required: - - key type: object + required: + - driver type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - extraChecksd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: properties: - key: - type: string - mode: - format: int32 - type: integer - path: + name: type: string - required: - - key - - path type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - extraConfd: - properties: - configDataMap: - additionalProperties: + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: + nfs: properties: - name: + path: type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server type: object - type: array - tag: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - replicas: - format: int32 - type: integer - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: properties: - name: + fsType: type: string - value: + pdID: type: string required: - - name - - value + - pdID type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccountName: - type: string - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumes: - items: - properties: - awsElasticBlockStore: + portworxVolume: properties: fsType: type: string - partition: - format: int32 - type: integer readOnly: type: boolean volumeID: @@ -7560,822 +5443,1127 @@ spec: required: - volumeID type: object - azureDisk: + projected: properties: - cachingMode: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: type: string - diskName: + readOnly: + type: boolean + registry: type: string - diskURI: + tenant: + type: string + user: + type: string + volume: type: string + required: + - registry + - volume + type: object + rbd: + properties: fsType: type: string - kind: + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: type: string readOnly: type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string required: - - diskName - - diskURI + - image + - monitors type: object - azureFile: + scaleIO: properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string readOnly: type: boolean - secretName: + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: type: string - shareName: + storagePool: + type: string + system: + type: string + volumeName: type: string required: - - secretName - - shareName + - gateway + - secretRef + - system type: object - cephfs: + secret: properties: - monitors: + defaultMode: + format: int32 + type: integer + items: items: - type: string + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object type: array - path: + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: type: string readOnly: type: boolean - secretFile: - type: string secretRef: properties: name: type: string type: object - user: + volumeName: + type: string + volumeNamespace: type: string - required: - - monitors type: object - cinder: + vsphereVolume: properties: fsType: type: string - readOnly: + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + type: object + status: + properties: + agent: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic + clusterAgent: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + clusterChecksRunner: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: + properties: + agentCommunicationMode: + type: string + agentSidecarInjection: + properties: + clusterAgentCommunicationEnabled: type: boolean - secretRef: + enabled: + type: boolean + image: properties: + jmxEnabled: + type: boolean name: type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + type: string + type: object + type: array + tag: + type: string type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: + profiles: items: properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object type: object type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: + x-kubernetes-list-type: atomic + provider: type: string - fsType: + registry: type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: + selectors: items: properties: - fieldRef: + namespaceSelector: properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: + objectSelector: properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - required: - - path type: object type: array + x-kubernetes-list-type: atomic type: object - emptyDir: + cwsInstrumentation: properties: - medium: + enabled: + type: boolean + mode: type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object type: object - fc: + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + registry: + type: string + serviceName: + type: string + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: properties: - fsType: - type: string - lun: + enabled: + type: boolean + hostPort: format: int32 type: integer - readOnly: - type: boolean - targetWWNs: + type: object + instrumentation: + properties: + disabledNamespaces: items: type: string type: array - wwids: + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: items: type: string type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: + x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object + libVersions: additionalProperties: type: string type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver type: object - flocker: + unixDomainSocketConfig: properties: - datasetName: - type: string - datasetUUID: + enabled: + type: boolean + path: type: string type: object - gcePersistentDisk: + type: object + asm: + properties: + iast: properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: + enabled: type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository type: object - glusterfs: + sca: properties: - endpoints: - type: string - path: - type: string - readOnly: + enabled: type: boolean - required: - - endpoints - - path type: object - hostPath: + threats: properties: - path: - type: string - type: - type: string - required: - - path + enabled: + type: boolean type: object - iscsi: + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: + configData: type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + configMap: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: type: string type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server type: object - persistentVolumeClaim: + enabled: + type: boolean + hostBenchmarks: properties: - claimName: - type: string - readOnly: + enabled: type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID type: object - portworxVolume: + type: object + cws: + properties: + customPolicies: properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: + configData: type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: + configMap: + properties: + items: + items: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + key: type: string - optional: - type: boolean + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path type: object - serviceAccountToken: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: - audience: + key: type: string - expirationSeconds: - format: int64 + mode: + format: int32 type: integer path: type: string required: + - key - path type: object - type: object - type: array + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object type: object - quobyte: + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: properties: - group: - type: string - readOnly: + enabled: type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: + path: type: string - required: - - registry - - volume type: object - rbd: + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: properties: - fsType: - type: string - image: - type: string - keyring: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: type: string - monitors: - items: - type: string - type: array - pool: + type: object + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: type: string - readOnly: - type: boolean - secretRef: + configMap: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: type: string type: object - user: - type: string - required: - - image - - monitors type: object - scaleIO: + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: properties: - fsType: - type: string - gateway: - type: string - protectionDomain: + configData: type: string - readOnly: - type: boolean - secretRef: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: + properties: + protocols: properties: - name: - type: string + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + type: object type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system type: object - secret: + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: properties: - defaultMode: - format: int32 - type: integer - items: + analyzers: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - optional: + x-kubernetes-list-type: set + enabled: type: boolean - secretName: - type: string type: object - storageos: + enabled: + type: boolean + host: properties: - fsType: - type: string - readOnly: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath type: object - required: - - name type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map type: object type: object - {{- if eq .Values.migration.datadogAgents.version "v2alpha1" }} + type: object + version: v2alpha1 + versions: + - name: v2alpha1 served: true storage: true - {{- else }} - served: true - storage: false - {{- end }} status: acceptedNames: kind: "" diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml new file mode 100644 index 000000000..4b5a7a504 --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml @@ -0,0 +1,246 @@ +{{- if and .Values.crds.datadogDashboards (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadogdashboards.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogDashboard + listKind: DatadogDashboardList + plural: datadogdashboards + shortNames: + - ddd + singular: datadogdashboard + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogDashboard is the Schema for the datadogdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogDashboardSpec defines the desired state of DatadogDashboard + properties: + description: + description: Description is the description of the dashboard. + type: string + layoutType: + description: LayoutType is the layout type of the dashboard. + type: string + notifyList: + description: NotifyList is the list of handles of users to notify when changes are made to this dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + reflowType: + description: |- + Reflowtype is the reflow type for a 'new dashboard layout' dashboard. Set this only when layout type is 'ordered'. + If set to 'fixed', the dashboard expects all widgets to have a layout, and if it's set to 'auto', + widgets should not have layouts. + type: string + tags: + description: Tags is a list of team names representing ownership of a dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + templateVariablePresets: + description: TemplateVariablePresets is an array of template variables saved views. + items: + description: DashboardTemplateVariablePreset Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + templateVariables: + description: List of variables. + items: + description: DashboardTemplateVariablePresetValue Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + values: + description: One or many template variable values within the saved view, which will be unioned together using `OR` if more than one is specified. Cannot be used in conjunction with `value`. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + templateVariables: + description: TemplateVariables is a list of template variables for this dashboard. + items: + description: DashboardTemplateVariable Template variable. + properties: + availableValues: + description: The list of values that the template variable drop-down is limited to. + items: + type: string + type: array + defaults: + description: One or many default values for template variables on load. If more than one default is specified, they will be unioned together with `OR`. Cannot be used in conjunction with `default`. + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: The name of the variable. + type: string + prefix: + description: The tag prefix associated with the variable. Only tags with this prefix appear in the variable drop-down. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + title: + description: Title is the title of the dashboard. + type: string + widgets: + description: Widgets is a JSON string representation of a list of Datadog API Widgets + type: string + type: object + status: + description: DatadogDashboardStatus defines the observed state of DatadogDashboard + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogDashboard. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the dashboard was created. + format: date-time + type: string + creator: + description: Creator is the identity of the dashboard creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogDashboardSpec to know + if the Spec has changed and needs an update. + type: string + id: + description: ID is the dashboard ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API dashboard was last force synced with the DatadogDashboard resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the dashboard state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml index af440ca92..bbefe7dfc 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml @@ -1,12 +1,10 @@ {{- if and .Values.crds.datadogMetrics (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmetrics.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -44,10 +42,19 @@ spec: description: DatadogMetric allows autoscaling on arbitrary Datadog query properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -58,7 +65,9 @@ spec: description: ExternalMetricName is reserved for internal use type: string maxAge: - description: MaxAge provides the max age for the metric query (overrides the default setting `external_metrics_provider.max_age`) + description: |- + MaxAge provides the max age for the metric query (overrides the default setting + `external_metrics_provider.max_age`) type: string query: description: Query is the raw datadog query @@ -117,10 +126,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index fe62dd6b6..8a734a69b 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -1,12 +1,10 @@ {{- if and .Values.crds.datadogMonitors (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmonitors.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -48,10 +46,19 @@ spec: description: DatadogMonitor allows to define and manage Monitors from your Kubernetes Cluster properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -81,35 +88,83 @@ spec: description: A message to include with a re-notification. type: string evaluationDelay: - description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. + description: |- + Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), + the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. + This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. format: int64 type: integer + groupbySimpleMonitor: + description: A Boolean indicating whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. + type: boolean includeTags: description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. type: boolean locked: - description: Whether or not the monitor is locked (only editable by creator and admins). + description: 'DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use `restricted_roles` instead.' type: boolean newGroupDelay: - description: Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of monitor results. Should be a non negative integer. + description: |- + Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of + monitor results. Should be a non negative integer. format: int64 type: integer noDataTimeframe: - description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. + description: |- + The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the + monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe + is used for metric alerts, and 24 hours is used for service checks. format: int64 type: integer + notificationPresetName: + description: An enum that toggles the display of additional content sent in the monitor notification. + type: string notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean + notifyBy: + description: |- + A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. + For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new + cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must + be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot + notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + items: + type: string + type: array + x-kubernetes-list-type: set notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean + onMissingData: + description: |- + An enum that controls how groups or monitors are treated if an evaluation does not return data points. + The default option results in different behavior depending on the monitor query type. + For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. + For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. + This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + type: string renotifyInterval: - description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. + description: |- + The number of minutes after the last notification before a monitor re-notifies on the current status. + It only re-notifies if it’s not resolved. + format: int64 + type: integer + renotifyOccurrences: + description: The number of times re-notification messages should be sent on the current status at the provided re-notification interval. format: int64 type: integer + renotifyStatuses: + description: The types of statuses for which re-notification messages should be sent. Valid values are alert, warn, no data. + items: + description: MonitorRenotifyStatusType The different statuses for which renotification is supported. + type: string + type: array + x-kubernetes-list-type: set requireFullWindow: - description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. + description: |- + A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly + recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. type: boolean thresholdWindows: description: A struct of the alerting time window options. @@ -156,7 +211,10 @@ spec: description: Query is the Datadog monitor query type: string restrictedRoles: - description: RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). + description: |- + RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. + `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, + see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). items: type: string type: array @@ -215,14 +273,18 @@ spec: description: Creator is the identify of the monitor creator type: string currentHash: - description: CurrentHash tracks the hash of the current DatadogMonitorSpec to know if the Spec has changed and needs an update + description: |- + CurrentHash tracks the hash of the current DatadogMonitorSpec to know + if the Spec has changed and needs an update type: string downtimeStatus: description: DowntimeStatus defines whether the monitor is downtimed properties: - downtimeId: + downtimeID: + description: DowntimeID is the downtime ID. type: integer isDowntimed: + description: IsDowntimed shows the downtime status of the monitor. type: boolean type: object id: @@ -243,16 +305,20 @@ spec: description: MonitorStateLastUpdateTime is the last time the monitor state updated format: date-time type: string - primary: - description: Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) - type: boolean - syncStatus: + monitorStateSyncStatus: description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog type: string + primary: + description: |- + Primary defines whether the monitor is managed by the Kubernetes custom + resource (true) or outside Kubernetes (false) + type: boolean triggeredState: description: TriggeredState only includes details for monitor groups that are triggering items: - description: DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data + description: |- + DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor + The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data properties: lastTransitionTime: format: date-time @@ -276,10 +342,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml index a17c7fa58..a8c8db48f 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1beta1.yaml @@ -84,6 +84,9 @@ spec: description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. format: int64 type: integer + groupbySimpleMonitor: + description: A Boolean indicating whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. + type: boolean includeTags: description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. type: boolean @@ -98,16 +101,31 @@ spec: description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. format: int64 type: integer + notificationPresetName: + description: An enum that toggles the display of additional content sent in the monitor notification. + type: string notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean + notifyBy: + description: A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + items: + type: string + type: array notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean + onMissingData: + description: An enum that controls how groups or monitors are treated if an evaluation does not return data points. The default option results in different behavior depending on the monitor query type. For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + type: string renotifyInterval: description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. format: int64 type: integer + renotifyOccurrences: + description: The number of times re-notification messages should be sent on the current status at the provided re-notification interval. + format: int64 + type: integer requireFullWindow: description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. type: boolean diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml new file mode 100644 index 000000000..7ef853b56 --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml @@ -0,0 +1,610 @@ +{{- if and .Values.crds.datadogPodAutoscalers (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadogpodautoscalers.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogPodAutoscaler + listKind: DatadogPodAutoscalerList + plural: datadogpodautoscalers + shortNames: + - dpa + singular: datadogpodautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.policy.applyMode + name: Apply Mode + type: string + - jsonPath: .status.conditions[?(@.type=='Active')].status + name: Active + type: string + - jsonPath: .status.conditions[?(@.type=='Error')].status + name: In Error + type: string + - jsonPath: .status.horizontal.target.desiredReplicas + name: Desired Replicas + type: integer + - jsonPath: .status.horizontal.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='HorizontalAbleToScale')].status + name: Able to Scale + type: string + - jsonPath: .status.horizontal.lastAction.time + name: Last Scale + type: date + - jsonPath: .status.vertical.target.podCPURequest + name: Target CPU Req + type: string + - jsonPath: .status.vertical.target.podMemoryRequest + name: Target Memory Req + type: string + - jsonPath: .status.vertical.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='VerticalAbleToApply')].status + name: Able to Apply + type: string + - jsonPath: .status.vertical.lastAction.time + name: Last Trigger + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogPodAutoscaler is the Schema for the datadogpodautoscalers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogPodAutoscalerSpec defines the desired state of DatadogPodAutoscaler + properties: + constraints: + description: Constraints defines constraints that should always be respected. + properties: + containers: + description: Containers defines constraints for the containers. + items: + description: |- + DatadogPodAutoscalerContainerConstraints defines constraints that should always be respected for a container. + If no constraints are set, it enables resources scaling for all containers without any constraints. + properties: + enabled: + description: Enabled false allows to disable resources autoscaling for the container. Default to true. + type: boolean + limits: + description: Limits defines the constraints for the limits of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests of the container. + type: object + type: object + name: + description: Name is the name of the container. Can be "*" to apply to all containers. + type: string + requests: + description: Requests defines the constraints for the requests of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests of the container. + type: object + type: object + required: + - name + type: object + type: array + maxReplicas: + description: MaxReplicas is the upper limit for the number of POD replicas. Needs to be >= minReplicas. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the lower limit for the number of POD replicas. Needs to be >= 1. Default to 1. + format: int32 + minimum: 1 + type: integer + required: + - maxReplicas + type: object + owner: + description: |- + Owner defines the source of truth for this object (local or remote) + Value needs to be set when a DatadogPodAutoscaler object is created. + enum: + - Local + - Remote + type: string + policy: + default: {} + description: Policy defines how recommendations should be applied. + properties: + applyMode: + default: All + description: |- + ApplyMode determines recommendations that should be applied by the controller: + - All: Apply all recommendations (regular and manual). + - Manual: Apply only manual recommendations (recommendations manually validated by user in the Datadog app). + - None: Prevent the controller to apply any recommendations. + It's also possible to selectively deactivate upscale, downscale or update actions thanks to the `Upscale`, `Downscale` and `Update` fields. + enum: + - All + - Manual + - None + type: string + downscale: + description: Downscale defines the policy to scale down the target resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules for horizontal that should be true for a certain amount of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + update: + description: Update defines the policy to update target resource. + properties: + strategy: + description: Mode defines the mode of the update policy. + enum: + - Auto + - Disabled + type: string + type: object + upscale: + description: Upscale defines the policy to scale up the target resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules for horizontal that should be true for a certain amount of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + type: object + remoteVersion: + description: |- + RemoteVersion is the version of the .Spec currently store in this object. + Only set if the owner is Remote. + format: int64 + type: integer + targetRef: + description: TargetRef is the reference to the resource to scale. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + targets: + description: |- + Targets are objectives to reach and maintain for the target resource. + Default to a single target to maintain 80% POD CPU utilization. + items: + description: DatadogPodAutoscalerTarget defines the objectives to reach and maintain for the target resource. + properties: + containerResource: + description: ContainerResource allows to set a container-level resource target. + properties: + container: + description: Container is the name of the container. + type: string + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - container + - name + - value + type: object + podResource: + description: PodResource allows to set a POD-level resource target. + properties: + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - name + - value + type: object + type: + description: Type sets the type of the target. + enum: + - PodResource + - ContainerResource + type: string + required: + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - owner + - targetRef + type: object + status: + description: DatadogPodAutoscalerStatus defines the observed state of DatadogPodAutoscaler + properties: + conditions: + description: Conditions describe the current state of the DatadogPodAutoscaler operations. + items: + description: DatadogPodAutoscalerCondition describes the state of DatadogPodAutoscaler. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of DatadogMetric condition. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentReplicas: + description: CurrentReplicas is the current number of PODs for the targetRef observed by the controller. + format: int32 + type: integer + horizontal: + description: Horizontal is the status of the horizontal scaling, if activated. + properties: + lastActions: + description: LastActions are the last successful actions done by the controller + items: + description: DatadogPodAutoscalerHorizontalAction represents an horizontal action done by the controller + properties: + limitedReason: + description: LimitedReason is the reason why the action was limited (ToReplicas != RecommendedReplicas) + type: string + recommendedReplicas: + description: RecommendedReplicas is the original number of replicas recommended by Datadog + format: int32 + type: integer + replicas: + description: FromReplicas is the number of replicas before the action + format: int32 + type: integer + time: + description: Time is the timestamp of the action + format: date-time + type: string + toReplicas: + description: ToReplicas is the effective number of replicas after the action + format: int32 + type: integer + required: + - replicas + - time + - toReplicas + type: object + type: array + target: + description: Target is the current target of the horizontal scaling + properties: + desiredReplicas: + description: Replicas is the desired number of replicas for the resource + format: int32 + type: integer + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation was generated + format: date-time + type: string + source: + description: Source is the source of the value used to scale the target resource + type: string + required: + - desiredReplicas + - source + type: object + type: object + vertical: + description: Vertical is the status of the vertical scaling, if activated. + properties: + lastAction: + description: LastAction is the last successful action done by the controller + properties: + time: + description: Time is the timestamp of the action + format: date-time + type: string + type: + description: Type is the type of action + type: string + version: + description: Version is the recommendation version used for the action + type: string + required: + - time + - type + - version + type: object + target: + description: Target is the current target of the vertical scaling + properties: + desiredResources: + description: DesiredResources is the desired resources for containers + items: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + name: + description: Name is the name of the container + type: string + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes target resources of compute resources allowed. + type: object + required: + - name + type: object + type: array + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation was generated + format: date-time + type: string + podCPURequest: + anyOf: + - type: integer + - type: string + description: PODCPURequest is the sum of CPU requests for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podMemoryRequest: + anyOf: + - type: integer + - type: string + description: PODMemoryRequest is the sum of memory requests for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + scaled: + description: Scaled is the current number of PODs having desired resources + format: int32 + type: integer + source: + description: Source is the source of the value used to scale the target resource + type: string + version: + description: Version is the current version of the received recommendation + type: string + required: + - desiredResources + - podCPURequest + - podMemoryRequest + - source + - version + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml index d95be534c..bbaa77066 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml @@ -1,12 +1,10 @@ {{- if and .Values.crds.datadogSLOs (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogslos.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -40,10 +38,19 @@ spec: description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -57,10 +64,15 @@ spec: type: boolean type: object description: - description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + description: |- + Description is a user-defined description of the service level objective. + Always included in service level objective responses (but may be null). Optional in create/update requests. type: string groups: - description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + description: |- + Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. + Included in service level objective responses if it is not empty. + Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. items: type: string type: array @@ -76,7 +88,9 @@ spec: description: Name is the name of the service level objective. type: string query: - description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + description: |- + Query is the query for a metric-based SLO. Required if type is metric. + Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. properties: denominator: description: Denominator is a Datadog metric query for total (valid) events. @@ -89,7 +103,10 @@ spec: - numerator type: object tags: - description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + description: |- + Tags is a list of tags to associate with your service level objective. + This can help you categorize and filter service level objectives in the service level objectives page of the UI. + Note: it's not currently possible to filter by these tags when querying via the API. items: type: string type: array @@ -126,23 +143,35 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -155,7 +184,7 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -178,7 +207,9 @@ spec: description: Creator is the identity of the SLO creator. type: string currentHash: - description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + description: |- + CurrentHash tracks the hash of the current DatadogSLOSpec to know + if the Spec has changed and needs an update. type: string id: description: ID is the SLO ID generated in Datadog. @@ -196,10 +227,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml new file mode 100644 index 000000000..90d531817 --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1beta1.yaml @@ -0,0 +1,206 @@ +{{- if and .Values.crds.datadogSLOs (semverCompare "<=1.21-0" .Capabilities.KubeVersion.GitVersion ) }} + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.1 + creationTimestamp: null + name: datadogslos.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + additionalPrinterColumns: + - JSONPath: .status.id + name: id + type: string + - JSONPath: .status.syncStatus + name: sync status + type: string + - JSONPath: .metadata.creationTimestamp + name: age + type: date + group: datadoghq.com + names: + kind: DatadogSLO + listKind: DatadogSLOList + plural: datadogslos + shortNames: + - ddslo + singular: datadogslo + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + controllerOptions: + description: ControllerOptions are the optional parameters in the DatadogSLO controller + properties: + disableRequiredTags: + description: DisableRequiredTags disables the automatic addition of required tags to SLOs. + type: boolean + type: object + description: + description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + type: string + groups: + description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + items: + type: string + type: array + x-kubernetes-list-type: set + monitorIDs: + description: MonitorIDs is a list of monitor IDs that defines the scope of a monitor service level objective. Required if type is monitor. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: set + name: + description: Name is the name of the service level objective. + type: string + query: + description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + properties: + denominator: + description: Denominator is a Datadog metric query for total (valid) events. + type: string + numerator: + description: Numerator is a Datadog metric query for good events. + type: string + required: + - denominator + - numerator + type: object + tags: + description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + items: + type: string + type: array + x-kubernetes-list-type: set + targetThreshold: + anyOf: + - type: integer + - type: string + description: TargetThreshold is the target threshold such that when the service level indicator is above this threshold over the given timeframe, the objective is being met. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + timeframe: + description: The SLO time window options. + type: string + type: + description: Type is the type of the service level objective. + type: string + warningThreshold: + anyOf: + - type: integer + - type: string + description: WarningThreshold is a optional warning threshold such that when the service level indicator is below this value for the given threshold, but above the target threshold, the objective appears in a "warning" state. This value must be greater than the target threshold. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - name + - targetThreshold + - timeframe + - type + type: object + status: + description: DatadogSLOStatus defines the observed state of a DatadogSLO. + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogSLO. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the SLO was created. + format: date-time + type: string + creator: + description: Creator is the identity of the SLO creator. + type: string + currentHash: + description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + type: string + id: + description: ID is the SLO ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API SLO was last force synced with the DatadogSLO resource. + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the SLO state to Datadog. + type: string + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index c1ff364ce..457b77afd 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -53,10 +53,10 @@ download_crd() { } mkdir -p "$ROOT/crds" -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmetrics datadogMetrics v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmetrics datadogMetrics v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagents datadogAgents v1 -download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1beta1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogmonitors datadogMonitors v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datadogSLOs v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogpodautoscalers datadogPodAutoscalers v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogdashboards datadogDashboards v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 696f33411..2b89e21f0 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -11,15 +11,12 @@ crds: datadogMonitors: false # crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD datadogSLOs: false - -migration: - datadogAgents: - conversionWebhook: - enabled: false - name: datadog-operator-webhook-service - namespace: default - useCertManager: false - version: "v2alpha1" + # crds.datadogAgentProfiles -- Set to true to deploy the DatadogAgentProfiles CRD + datadogAgentProfiles: false + # crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD + datadogPodAutoscalers: false + # crds.datadogDashboards -- Set to true to deploy the DatadogDashboards CRD + datadogDashboards: false # nameOverride -- Override name of app nameOverride: "" diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index 06d1f6fd5..a7ed55f0a 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,95 @@ # Changelog +## 2.5.1 + +* Expose CRD-specific namespace watch configuration added in Operator 1.8.0 release. + +## 2.5.0 + +* Update Datadog Operator version to 1.11.1. + +## 2.4.0 + +* Add configuration to grant the necessary RBAC to the operator for the CWS Instrumentation Admission Controller feature in the Cluster-Agent. + +## 2.3.0 + +* Update Datadog Operator version to 1.10.0. + +## 2.2.0 + +* Add clusterRole.allowReadAllResources to allow viewing all resources. This is required for collecting custom resources in the Kubernetes Explorer + +## 2.1.0 + +* Update Datadog Operator version to 1.9.0. +* Add DatadogDashboard configuration. + +## 2.0.1 + +* Make Operator `livenessProbe` configurable. + +## 2.0.0 + +* Update Datadog Operator version to 1.8.0. +* Drop support for DatadogAgent `v1alpha1` and conversion webhook. + +## 1.8.5 + +* Update `datadog-crds` dependency to `1.7.2`. + +## 1.8.4 + +* Add option to specify `deployment.annotations`. + +## 1.8.3 + +* Add `image.doNotCheckTag` option to permit skipping operator image tag compatibility. + +## 1.8.2 + +* Deprecate `webhookEnabled` flag for 1.7.0. + +## 1.8.1 + +* Configure tool version. + +## 1.8.0 + +* Update Datadog Operator version to 1.7.0. + +## 1.7.1 + +* Add `DD_TOOL_VERSION` to operator deployment. + +## 1.7.0 + +* Update Datadog Operator version to 1.6.0. + +## 1.6.1 + +* Fix clusterRole when DatadogAgentProfiles are enabled. + +## 1.6.0 + +* Update Datadog Operator version to 1.5.0. + +## 1.5.2 + +* Add deprecation warning for `DatadogAgent` `v1alpha1` CRD version. + +## 1.5.1 + +* Add configuration for Operator flag `introspectionEnabled`: this parameter is used to enable the Introspection. It is disabled by default. + +## 1.5.0 + +* Update Datadog Operator version to 1.4.0. + +## 1.4.2 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 1.4.1 * Add configuration for Operator flag `datadogSLOEnabled` : this parameter is used to enable the Datadog SLO Controller. It is disabled by default. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index b6e053faf..e5aa3049e 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.3.0 -digest: sha256:c0d897e7b5648db215c1c051fed5a3d431fadb1d92784ed0eb5b0f0f6574821e -generated: "2023-12-11T14:56:49.631017-05:00" + version: 2.3.0 +digest: sha256:67db7e15aa50bde3e2e62273b71402d2e4302c71f13201c3646ee5865e236106 +generated: "2024-12-18T14:19:32.327237+01:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 67efc918e..23065c712 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 1.4.1 -appVersion: 1.3.0 +version: 2.5.1 +appVersion: 1.11.1 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=1.3.0" + version: "=2.3.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 0e9d28def..2e67681f0 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 1.4.1](https://img.shields.io/badge/Version-1.4.1-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) +![Version: 2.5.1](https://img.shields.io/badge/Version-2.5.1-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) ## Values @@ -11,28 +11,33 @@ | apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one | | appKey | string | `nil` | Your Datadog APP key | | appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one | +| clusterName | string | `nil` | Set a unique cluster name reporting from the Datadog Operator. | +| clusterRole | object | `{"allowCreatePodsExec":false,"allowReadAllResources":false}` | Set specific configuration for the cluster role | | collectOperatorMetrics | bool | `true` | Configures an openmetrics check to collect operator metrics | | containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for a container. | | datadogAgent.enabled | bool | `true` | Enables Datadog Agent controller | +| datadogAgentProfile.enabled | bool | `false` | If true, enables DatadogAgentProfile controller (beta). Requires v1.5.0+ | | datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | +| datadogCRDs.crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboard CRD | | datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | | datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | +| datadogCRDs.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | -| datadogCRDs.migration.datadogAgents.conversionWebhook.enabled | bool | `false` | | -| datadogCRDs.migration.datadogAgents.conversionWebhook.name | string | `"datadog-operator-webhook-service"` | | -| datadogCRDs.migration.datadogAgents.conversionWebhook.namespace | string | `"default"` | | -| datadogCRDs.migration.datadogAgents.useCertManager | bool | `false` | | -| datadogCRDs.migration.datadogAgents.version | string | `"v2alpha1"` | | +| datadogDashboard.enabled | bool | `false` | Enables the Datadog Dashboard controller | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | | datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | +| deployment.annotations | object | `{}` | Allows setting additional annotations for the deployment resource | | env | list | `[]` | Define any environment variables to be passed to the operator. | | fullnameOverride | string | `""` | | +| image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.3.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.11.1"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | +| introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | +| livenessProbe | object | `{"periodSeconds":10}` | Add default livenessProbe settings. HTTP GET is not configurable as it is hardcoded in the Operator. | | logLevel | string | `"info"` | Set Datadog Operator log level (debug, info, error, panic, fatal) | | maximumGoroutines | string | `nil` | Override default goroutines threshold for the health check failure. | | metricsPort | int | `8383` | Port used for OpenMetrics endpoint | @@ -42,6 +47,7 @@ | podAnnotations | object | `{}` | Allows setting additional annotations for Datadog Operator PODs | | podLabels | object | `{}` | Allows setting additional labels for for Datadog Operator PODs | | rbac.create | bool | `true` | Specifies whether the RBAC resources should be created | +| remoteConfiguration.enabled | bool | `false` | If true, enables Remote Configuration in the Datadog Operator (beta). Requires clusterName, API and App keys to be set. | | replicaCount | int | `1` | Number of instances of Datadog Operator | | resources | object | `{}` | Set resources requests/limits for Datadog Operator PODs | | secretBackend.arguments | string | `""` | Specifies the space-separated arguments passed to the command that implements the secret backend api | @@ -54,7 +60,11 @@ | tolerations | list | `[]` | Allows to schedule Datadog Operator on tainted nodes | | volumeMounts | list | `[]` | Specify additional volumes to mount in the container | | volumes | list | `[]` | Specify additional volumes to mount in the container | -| watchNamespaces | list | `[]` | Restricts the Operator to watch its managed resources on specific namespaces | +| watchNamespaces | list | `[]` | Restricts the Operator to watch its managed resources on specific namespaces unless CRD-specific watchNamespaces properties are set | +| watchNamespacesAgent | list | `[]` | Restricts the Operator to watch DatadogAgent resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesAgentProfile | list | `[]` | Restricts the Operator to watch DatadogAgentProfile resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesMonitor | list | `[]` | Restricts the Operator to watch DatadogMonitor resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesSLO | list | `[]` | Restricts the Operator to watch DatadogSLO resources on specific namespaces. Requires v1.8.0+ | ## How to configure which namespaces are watched by the Operator. @@ -73,184 +83,4 @@ To watch all namespaces, the following configuration needs to be used: ```yaml watchNamespaces: - "" -``` - -## Migrating to the version 1.0 of the Datadog Operator - -### Disclaimer - -As part of the General Availability release of the Datadog Operator, we are offering a migration path for our early adopters to migrate to the GA version of the custom resource, `v2alpha1/DatadogAgent`. - -The Datadog Operator v1.X reconciles the version `v2alpha1` of the DatadogAgent custom resource, while the v0.X reconciles `v1alpha1`. - -### Requirements - -If you are using the v1alpha1 with a v0.X version of the Datadog Operator and would like to upgrade, you will need to use the Conversion Webhook feature. - -Start by ensuring that you have the minimum required version of the chart and it's dependencies: - -``` -NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-crds 0.6.1 1 Datadog Kubernetes CRDs chart -``` - -and for the Datadog Operator chart: - -``` -NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-operator 1.1.0 1.1.0 Datadog Operator -``` - -Then you will need to install the cert manager if you don't have it already, add the chart: -``` -helm repo add jetstack https://charts.jetstack.io -``` -and then install it: -``` - helm install \ - cert-manager jetstack/cert-manager \ - --version v1.11.0 \ - --set installCRDs=true -``` - -### Migration - -You can update with the following: - -``` -helm upgrade \ - datadog-operator datadog/datadog-operator \ - --set image.tag=1.3.0 \ - --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ - --set datadogCRDs.migration.datadogAgents.useCertManager=true \ - --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true -``` - -### Notes - -Starting at the version 1.0.0 of the datadog-operator chart, the fields `image.tag` has a default values of `1.0.0` and `datadogCRDs.migration.datadogAgents.version` is `v2alpha1`. - -We set them in the command here to illustrate the migration of going from a Datadog Operator version < 1.0.0 with a stored version of `v1alpha1` to the GA version of `1.0.0` with a stored version of `v2alpha1`. - -### Implementation details - -This will create a self-signed `Certificate` (using an `Issuer`) that will be used by the Certificate Manager to mutate the DatadogAgent CRD to document the `caBundle` that the API Server will use to contact the Conversion Webhook. - -The Datadog Operator will be running the new reconciler for `v2alpha1` object and will also start a Conversion Webhook Server, exposed on port 9443. This server is the one the API Server will be using to convert v1alpha1 DatadogAgent into v2alpha1. - -### Lifecycle - -The conversionWebhook is not supposed to be an ever running process, we recommend using it to migrate your objects as a transition. - -Once converted, you can store the new version of your DatadogAgent, deactivate the conversion and simply deploy v2alpha1 objects. - -### Roadmap - -Upon releasing the v2 version of the DatadogAgent object, we will remove v1alpha1 from the CRD as part of a major update of the charts (datadog-crds and datadog-operator). - -### Troubleshooting - -* I don't see v2alpha1 version of the DatadogAgent resource - -The v1alpha1 and the v2alpha1 are `served` so you might need to specify which version you want to see: - -``` -kubectl get datadogagents.v2alpha1.datadoghq.com datadog-agent -``` - -* The Conversion is not working - -The logs of the Datadog Operator pod should show that the conversion webhook is enabled, the server is running, the certificates are watched. - -``` -kubectl logs datadog-operator-XXX-YYY -[...] -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/convert"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"datadoghq.com/v2alpha1, Kind=DatadogAgent"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"setup","msg":"starting manager"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook.webhooks","msg":"Starting webhook server"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook","msg":"Serving webhook server","host":"","port":9443} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","msg":"Starting server","path":"/metrics","kind":"metrics","addr":"0.0.0.0:8383"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","msg":"Starting server","kind":"health probe","addr":"0.0.0.0:8081"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"} -[...] -``` - -* Check the service registered for the conversion for a registered Endpoint - -``` -kubectl describe service datadog-operator-webhook-service -[...] -Name: datadog-operator-webhook-service -Namespace: default -[...] -Selector: app.kubernetes.io/instance=datadog-operator,app.kubernetes.io/name=datadog-operator -[...] -Port: 443/TCP -TargetPort: 9443/TCP -Endpoints: 10.88.3.28:9443 -``` - -* Verify the registered service for the conversion webhook - -``` -kubectl describe crd datadogagents.datadoghq.com -[...] - Conversion: - Strategy: Webhook - Webhook: - Client Config: - Ca Bundle: LS0t[...]UtLS0tLQo= - Service: - Name: datadog-operator-webhook-service - Namespace: default - Path: /convert - Port: 443 - Conversion Review Versions: - v1 -``` - -* The CRD does not have the `caBundle` - -Make sure that the CRD has the correct annotation: `cert-manager.io/inject-ca-from: default/datadog-operator-serving-cert` and check the logs of the `cert-manager-cainjector` pod. - -If you do not see anything standing out, setting the log level to 5 (debug) might help: - -``` -kubectl edit deploy cert-manager-cainjector -n cert-manager -[...] - spec: - containers: - - args: - - --v=5 -[...] -``` - -You should see logs such as: - -``` -[...] -I0217 08:11:15.582479 1 controller.go:178] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="updated object" "resource_kind"="CustomResourceDefinition" "resource_name"="datadogagents.datadoghq.com" "resource_namespace"="" "resource_version"="v1" -I0217 08:25:24.989209 1 sources.go:98] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="Extracting CA from Certificate resource" "certificate"="default/datadog-operator-serving-cert" "resource_kind"="CustomResourceDefinition" "resource_name"="datadogagents.datadoghq.com" "resource_namespace"="" "resource_version"="v1" -[...] -``` -### Rollback - -If you migrated to the new version of the Datadog Operator using v2alpha1 but want to rollback to the former version, we recommend: -- Scaling the Datadog Operator deployment to 0 replicas. - ``` - kubectl scale deploy datadog-operator --replicas=0 - ``` -- Upgrading the chart to have v1alpha1 stored and for the Datadog Operator to use the 0.8.X image. - ``` - helm upgrade \ - datadog-operator datadog/datadog-operator \ - --set image.tag=0.8.4 \ - --set datadogCRDs.migration.datadogAgents.version=v1alpha1 \ - --set datadogCRDs.migration.datadogAgents.useCertManager=false \ - --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=false - ``` -- Redeploy the previous DatadogAgent v1alpha1 object. - -Note: The Daemonset of the Datadog Agents will be rolled out in the process. +``` \ No newline at end of file diff --git a/charts/datadog-operator/README.md.gotmpl b/charts/datadog-operator/README.md.gotmpl index c21bb39ed..c860465b9 100644 --- a/charts/datadog-operator/README.md.gotmpl +++ b/charts/datadog-operator/README.md.gotmpl @@ -21,184 +21,4 @@ To watch all namespaces, the following configuration needs to be used: ```yaml watchNamespaces: - "" -``` - -## Migrating to the version 1.0 of the Datadog Operator - -### Disclaimer - -As part of the General Availability release of the Datadog Operator, we are offering a migration path for our early adopters to migrate to the GA version of the custom resource, `v2alpha1/DatadogAgent`. - -The Datadog Operator v1.X reconciles the version `v2alpha1` of the DatadogAgent custom resource, while the v0.X reconciles `v1alpha1`. - -### Requirements - -If you are using the v1alpha1 with a v0.X version of the Datadog Operator and would like to upgrade, you will need to use the Conversion Webhook feature. - -Start by ensuring that you have the minimum required version of the chart and it's dependencies: - -``` -NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-crds 0.6.1 1 Datadog Kubernetes CRDs chart -``` - -and for the Datadog Operator chart: - -``` -NAME CHART VERSION APP VERSION DESCRIPTION -datadog/datadog-operator 1.1.0 1.1.0 Datadog Operator -``` - -Then you will need to install the cert manager if you don't have it already, add the chart: -``` -helm repo add jetstack https://charts.jetstack.io -``` -and then install it: -``` - helm install \ - cert-manager jetstack/cert-manager \ - --version v1.11.0 \ - --set installCRDs=true -``` - -### Migration - -You can update with the following: - -``` -helm upgrade \ - datadog-operator datadog/datadog-operator \ - --set image.tag=1.3.0 \ - --set datadogCRDs.migration.datadogAgents.version=v2alpha1 \ - --set datadogCRDs.migration.datadogAgents.useCertManager=true \ - --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=true -``` - -### Notes - -Starting at the version 1.0.0 of the datadog-operator chart, the fields `image.tag` has a default values of `1.0.0` and `datadogCRDs.migration.datadogAgents.version` is `v2alpha1`. - -We set them in the command here to illustrate the migration of going from a Datadog Operator version < 1.0.0 with a stored version of `v1alpha1` to the GA version of `1.0.0` with a stored version of `v2alpha1`. - -### Implementation details - -This will create a self-signed `Certificate` (using an `Issuer`) that will be used by the Certificate Manager to mutate the DatadogAgent CRD to document the `caBundle` that the API Server will use to contact the Conversion Webhook. - -The Datadog Operator will be running the new reconciler for `v2alpha1` object and will also start a Conversion Webhook Server, exposed on port 9443. This server is the one the API Server will be using to convert v1alpha1 DatadogAgent into v2alpha1. - -### Lifecycle - -The conversionWebhook is not supposed to be an ever running process, we recommend using it to migrate your objects as a transition. - -Once converted, you can store the new version of your DatadogAgent, deactivate the conversion and simply deploy v2alpha1 objects. - -### Roadmap - -Upon releasing the v2 version of the DatadogAgent object, we will remove v1alpha1 from the CRD as part of a major update of the charts (datadog-crds and datadog-operator). - -### Troubleshooting - -* I don't see v2alpha1 version of the DatadogAgent resource - -The v1alpha1 and the v2alpha1 are `served` so you might need to specify which version you want to see: - -``` -kubectl get datadogagents.v2alpha1.datadoghq.com datadog-agent -``` - -* The Conversion is not working - -The logs of the Datadog Operator pod should show that the conversion webhook is enabled, the server is running, the certificates are watched. - -``` -kubectl logs datadog-operator-XXX-YYY -[...] -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/convert"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"datadoghq.com/v2alpha1, Kind=DatadogAgent"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"setup","msg":"starting manager"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook.webhooks","msg":"Starting webhook server"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.webhook","msg":"Serving webhook server","host":"","port":9443} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","msg":"Starting server","path":"/metrics","kind":"metrics","addr":"0.0.0.0:8383"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","msg":"Starting server","kind":"health probe","addr":"0.0.0.0:8081"} -{"level":"INFO","ts":"2023-02-16T16:47:07Z","logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"} -[...] -``` - -* Check the service registered for the conversion for a registered Endpoint - -``` -kubectl describe service datadog-operator-webhook-service -[...] -Name: datadog-operator-webhook-service -Namespace: default -[...] -Selector: app.kubernetes.io/instance=datadog-operator,app.kubernetes.io/name=datadog-operator -[...] -Port: 443/TCP -TargetPort: 9443/TCP -Endpoints: 10.88.3.28:9443 -``` - -* Verify the registered service for the conversion webhook - -``` -kubectl describe crd datadogagents.datadoghq.com -[...] - Conversion: - Strategy: Webhook - Webhook: - Client Config: - Ca Bundle: LS0t[...]UtLS0tLQo= - Service: - Name: datadog-operator-webhook-service - Namespace: default - Path: /convert - Port: 443 - Conversion Review Versions: - v1 -``` - -* The CRD does not have the `caBundle` - -Make sure that the CRD has the correct annotation: `cert-manager.io/inject-ca-from: default/datadog-operator-serving-cert` and check the logs of the `cert-manager-cainjector` pod. - -If you do not see anything standing out, setting the log level to 5 (debug) might help: - -``` -kubectl edit deploy cert-manager-cainjector -n cert-manager -[...] - spec: - containers: - - args: - - --v=5 -[...] -``` - -You should see logs such as: - -``` -[...] -I0217 08:11:15.582479 1 controller.go:178] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="updated object" "resource_kind"="CustomResourceDefinition" "resource_name"="datadogagents.datadoghq.com" "resource_namespace"="" "resource_version"="v1" -I0217 08:25:24.989209 1 sources.go:98] cert-manager/certificate/customresourcedefinition/generic-inject-reconciler "msg"="Extracting CA from Certificate resource" "certificate"="default/datadog-operator-serving-cert" "resource_kind"="CustomResourceDefinition" "resource_name"="datadogagents.datadoghq.com" "resource_namespace"="" "resource_version"="v1" -[...] -``` -### Rollback - -If you migrated to the new version of the Datadog Operator using v2alpha1 but want to rollback to the former version, we recommend: -- Scaling the Datadog Operator deployment to 0 replicas. - ``` - kubectl scale deploy datadog-operator --replicas=0 - ``` -- Upgrading the chart to have v1alpha1 stored and for the Datadog Operator to use the 0.8.X image. - ``` - helm upgrade \ - datadog-operator datadog/datadog-operator \ - --set image.tag=0.8.4 \ - --set datadogCRDs.migration.datadogAgents.version=v1alpha1 \ - --set datadogCRDs.migration.datadogAgents.useCertManager=false \ - --set datadogCRDs.migration.datadogAgents.conversionWebhook.enabled=false - ``` -- Redeploy the previous DatadogAgent v1alpha1 object. - -Note: The Daemonset of the Datadog Agents will be rolled out in the process. +``` \ No newline at end of file diff --git a/charts/datadog-operator/ci/kubeval-values.yaml b/charts/datadog-operator/ci/kubeconform-values.yaml similarity index 100% rename from charts/datadog-operator/ci/kubeval-values.yaml rename to charts/datadog-operator/ci/kubeconform-values.yaml diff --git a/charts/datadog-operator/templates/NOTES.txt b/charts/datadog-operator/templates/NOTES.txt index 85723cecb..2c9b4ba69 100644 --- a/charts/datadog-operator/templates/NOTES.txt +++ b/charts/datadog-operator/templates/NOTES.txt @@ -1,3 +1,4 @@ +{{ $version := include "check-image-tag" . }} {{- if .Values.datadogMonitor.enabled }} {{- if (and ( not .Values.apiKeyExistingSecret) (not .Values.apiKey)) }} ############################################################################## @@ -21,7 +22,7 @@ Create an application key at https://app.datadoghq.com/account/settings#api {{- end }} -{{- if (semverCompare "<1.0.0-rc.13" .Values.image.tag) }} +{{- if (semverCompare "<1.0.0-rc.13" $version) }} {{- if (not .Values.datadogAgent.enabled) }} ############################################################################## #### WARNING: Unsupported parameter datadogAgent.enabled. #### @@ -40,6 +41,3 @@ The maximumGoroutines parameter isn't supported by the Operator 1.0.0-rc.12 and Setting a value will not change the default defined in the Operator. {{- end }} {{- end }} -{{- if not (and (semverCompare ">=1.0.0-0" .Values.image.tag) (eq .Values.datadogCRDs.migration.datadogAgents.version "v2alpha1")) }} -{{- fail "The Datadog Operator `1.0.0` reconciles `DatadogAgent` versions `v2alpha1`. Using an old version of the Datadog Operator (< 1.0.0) with the new version of the DatadogAgent Customer Resource, or the Datadog Operator `1.X` with the `v1alpha1` as stored version of the DatadogAgent is not supported. If you are using a DatadogAgent `v1alpha1`, refer to the Migration Steps: https://github.com/DataDog/helm-charts/blob/main/charts/datadog-operator/README.md#migrating-to-the-version-10-of-the-datadog-operator."}} -{{- end }} diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 640d1b321..50dc92353 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -76,4 +76,15 @@ Return the appropriate apiVersion for PodDisruptionBudget policy APIs. {{- else -}} "policy/v1beta1" {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Check operator image tag version. +*/}} +{{- define "check-image-tag" -}} +{{- if not .Values.image.doNotCheckTag -}} +{{- .Values.image.tag -}} +{{- else -}} +{{ "1.11.1" }} +{{- end -}} +{{- end -}} diff --git a/charts/datadog-operator/templates/certificate_conversion.yaml b/charts/datadog-operator/templates/certificate_conversion.yaml deleted file mode 100644 index e3d104d3d..000000000 --- a/charts/datadog-operator/templates/certificate_conversion.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. -{{- if and .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled .Values.datadogCRDs.migration.datadogAgents.useCertManager }} -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ .Release.Name }}-selfsigned-issuer - namespace: {{ .Release.Namespace }} -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Release.Name }}-serving-cert - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.name }}.{{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.namespace }}.svc - - {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.name }}.{{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.namespace }}.svc.cluster.local - issuerRef: - kind: Issuer - name: {{ .Release.Name }}-selfsigned-issuer - secretName: {{ .Release.Name }}-webhook-server-cert -{{- end }} diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 2699c37c7..79c245eb6 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -15,26 +15,8 @@ rules: - "" resources: - componentstatuses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - deployments + - namespaces verbs: - get - list @@ -42,19 +24,13 @@ rules: - apiGroups: - "" resources: + - configmaps - endpoints - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - events + - pods + - secrets + - serviceaccounts + - services verbs: - create - delete @@ -67,17 +43,13 @@ rules: - "" resources: - limitranges + - persistentvolumeclaims + - persistentvolumes + - replicationcontrollers + - resourcequotas verbs: - list - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - apiGroups: - "" resources: @@ -90,112 +62,30 @@ rules: - "" resources: - nodes/metrics - verbs: - - get -- apiGroups: - - "" - resources: - nodes/proxy - verbs: - - get -- apiGroups: - - "" - resources: - nodes/spec - verbs: - - get -- apiGroups: - - "" - resources: - nodes/stats verbs: - get - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - resourcequotas - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" + - '*' resources: - - services + - '*/scale' verbs: - - create - - delete - get - - list - - patch - update - - watch - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations + - validatingwebhookconfigurations verbs: - '*' - apiGroups: - - admissionregistration.k8s.io + - apiextensions.k8s.io + - extensions resources: - - validatingwebhookconfigurations + - customresourcedefinitions verbs: - list - watch @@ -205,21 +95,12 @@ rules: - apiservices verbs: - '*' -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - create - - delete - - get - list - - patch - - update - watch - apiGroups: - apps resources: + - daemonsets - deployments verbs: - create @@ -233,6 +114,7 @@ rules: - apps resources: - replicasets + - statefulsets verbs: - get - list @@ -244,14 +126,6 @@ rules: verbs: - list - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch - apiGroups: - apps - extensions @@ -272,42 +146,18 @@ rules: - apiGroups: - authorization.k8s.io resources: - - clusterrolebindings + - subjectaccessreviews verbs: - create - - delete - get - - list - - patch - - update - - watch - apiGroups: - authorization.k8s.io + - rbac.authorization.k8s.io + - roles.rbac.authorization.k8s.io resources: + - clusterrolebindings - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - authorization.k8s.io - resources: - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - authorization.k8s.io - resources: - roles verbs: - create @@ -317,13 +167,6 @@ rules: - patch - update - watch -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - apiGroups: - autoscaling resources: @@ -331,14 +174,6 @@ rules: verbs: - list - watch -- apiGroups: - - apiextensions.k8s.io - - extensions - resources: - - customresourcedefinitions - verbs: - - list - - watch - apiGroups: - autoscaling.k8s.io resources: @@ -350,13 +185,6 @@ rules: - batch resources: - cronjobs - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - jobs verbs: - get @@ -397,18 +225,12 @@ rules: - datadoghq.com resources: - datadogagents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - datadogagents/finalizers + - datadogmonitors + - datadogmonitors/finalizers + - datadogslos + - datadogslos/finalizers + - extendeddaemonsets verbs: - create - delete @@ -421,19 +243,12 @@ rules: - datadoghq.com resources: - datadogagents/status + - datadogmonitors/status + - datadogslos/status verbs: - get - patch - update -- apiGroups: - - datadoghq.com - resources: - - datadogmetrics - verbs: - - create - - delete - - list - - watch - apiGroups: - datadoghq.com resources: @@ -443,53 +258,25 @@ rules: - apiGroups: - datadoghq.com resources: - - datadogmonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogmonitors/finalizers + - datadogmetrics verbs: - create - delete - - get - list - - patch - - update - watch - apiGroups: - datadoghq.com resources: - - datadogmonitors/status + - datadogpodautoscalers + - datadogpodautoscalers/status verbs: - - get - - patch - - update + - '*' - apiGroups: - datadoghq.com resources: - extendeddaemonsetreplicasets verbs: - get -- apiGroups: - - datadoghq.com - resources: - - extendeddaemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - datadoghq.com resources: @@ -498,38 +285,6 @@ rules: - get - list - watch -- apiGroups: - - datadoghq.com - resources: - - datadogslos - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogslos/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogslos/status - verbs: - - get - - patch - - update - apiGroups: - external.metrics.k8s.io resources: @@ -570,48 +325,39 @@ rules: - update - watch - apiGroups: - - policy + - quota.openshift.io resources: - - podsecuritypolicies + - clusterresourcequotas verbs: - get - list - - watch - apiGroups: - - quota.openshift.io + - security.openshift.io + resourceNames: + - restricted resources: - - clusterresourcequotas + - securitycontextconstraints verbs: - - get - - list + - use - apiGroups: - - rbac.authorization.k8s.io + - storage.k8s.io resources: - - clusterrolebindings + - storageclasses + - volumeattachments verbs: - - create - - delete - - get - list - - patch - - update - watch +{{- if .Values.datadogAgentProfile.enabled }} - apiGroups: - - rbac.authorization.k8s.io + - "" resources: - - clusterroles + - nodes verbs: - - create - - delete - - get - - list - patch - - update - - watch - apiGroups: - - rbac.authorization.k8s.io + - datadoghq.com resources: - - rolebindings + - datadogagentprofiles verbs: - create - delete @@ -621,9 +367,9 @@ rules: - update - watch - apiGroups: - - rbac.authorization.k8s.io + - datadoghq.com resources: - - roles + - datadogagentprofiles/finalizers verbs: - create - delete @@ -633,21 +379,19 @@ rules: - update - watch - apiGroups: - - roles.rbac.authorization.k8s.io + - datadoghq.com resources: - - clusterrolebindings + - datadogagentprofiles/status verbs: - - create - - delete - get - - list - patch - update - - watch +{{- end }} +{{- if .Values.datadogDashboard.enabled }} - apiGroups: - - roles.rbac.authorization.k8s.io + - datadoghq.com resources: - - clusterroles + - datadogdashboards verbs: - create - delete @@ -657,43 +401,32 @@ rules: - update - watch - apiGroups: - - roles.rbac.authorization.k8s.io + - datadoghq.com resources: - - rolebindings + - datadogdashboards/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - roles.rbac.authorization.k8s.io + - datadoghq.com resources: - - roles + - datadogdashboards/status verbs: - - create - - delete - get - - list - patch - update - - watch -- apiGroups: - - security.openshift.io - resourceNames: - - restricted - resources: - - securitycontextconstraints - verbs: - - use +{{- end }} +{{- if .Values.clusterRole.allowReadAllResources }} - apiGroups: - - storage.k8s.io + - '*' resources: - - storageclasses - - volumeattachments + - '*' verbs: - list - watch +{{- end }} +{{- if .Values.clusterRole.allowCreatePodsExec }} +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +{{- end }} {{- end -}} diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index a8de14218..6532eb07c 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -3,6 +3,10 @@ kind: Deployment metadata: name: {{ include "datadog-operator.fullname" . }} namespace: {{ .Release.Namespace }} +{{- if .Values.deployment.annotations }} + annotations: +{{ toYaml .Values.deployment.annotations | indent 4 }} +{{- end }} labels: {{ include "datadog-operator.labels" . | indent 4 }} spec: @@ -58,10 +62,35 @@ spec: fieldRef: fieldPath: metadata.namespace {{- end }} + {{- if .Values.watchNamespacesAgent }} + - name: DD_AGENT_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesAgent | join "," }} + {{- end }} + {{- if .Values.watchNamespacesMonitor }} + - name: DD_MONITOR_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesMonitor | join "," }} + {{- end }} + {{- if .Values.watchNamespacesSLO }} + - name: DD_SLO_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesSLO | join "," }} + {{- end }} + {{- if .Values.watchNamespacesAgentProfile }} + - name: DD_AGENT_PROFILE_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesAgentProfile | join "," }} + {{- end }} - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name + {{- $version := include "check-image-tag" . }} + {{- if (semverCompare ">=1.7.0-0" $version) }} + - name: DD_TOOL_VERSION + value: {{ .Values.toolVersion | default "helm" }} + {{- end }} + {{- if .Values.clusterName }} + - name: DD_CLUSTER_NAME + value: {{ .Values.clusterName }} + {{- end }} {{- if or .Values.apiKey .Values.apiKeyExistingSecret }} - name: DD_API_KEY valueFrom: @@ -94,49 +123,48 @@ spec: - "-metrics-addr=:{{ .Values.metricsPort }}" - "-loglevel={{ .Values.logLevel }}" - "-operatorMetricsEnabled={{ .Values.operatorMetricsEnabled }}" - {{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" .Values.image.tag ) }} - - "-webhookEnabled={{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }}" - {{- else }} - - "-webhookEnabled=false" - {{- end }} {{- if .Values.secretBackend.command }} - "-secretBackendCommand={{ .Values.secretBackend.command }}" {{- end }} {{- if .Values.secretBackend.arguments }} - "-secretBackendArgs={{ .Values.secretBackend.arguments }}" {{- end }} - {{- if and .Values.maximumGoroutines (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} + {{- if and .Values.maximumGoroutines (semverCompare ">=1.0.0-rc.13" $version) }} - "-maximumGoroutines={{ .Values.maximumGoroutines }}" + {{- end }} + {{- if (semverCompare ">=1.4.0" $version) }} + - "-introspectionEnabled={{ .Values.introspection.enabled }}" + {{- end }} + {{- if (semverCompare ">=1.5.0" $version) }} + - "-datadogAgentProfileEnabled={{ .Values.datadogAgentProfile.enabled }}" {{- end }} - "-datadogMonitorEnabled={{ .Values.datadogMonitor.enabled }}" - {{- if (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} + {{- if (semverCompare ">=1.0.0-rc.13" $version) }} - "-datadogAgentEnabled={{ .Values.datadogAgent.enabled }}" {{- end }} - {{- if (semverCompare ">=1.3.0" .Values.image.tag) }} + {{- if (semverCompare ">=1.3.0" $version) }} - "-datadogSLOEnabled={{ .Values.datadogSLO.enabled }}" {{- end }} + {{- if (semverCompare ">=1.9.0-0" $version) }} + - "-datadogDashboardEnabled={{ .Values.datadogDashboard.enabled }}" + {{- end }} + {{- if (semverCompare ">=1.7.0" $version) }} + - "-remoteConfigEnabled={{ .Values.remoteConfiguration.enabled }}" + {{- end }} ports: - name: metrics containerPort: {{ .Values.metricsPort }} protocol: TCP - {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} - - name: webhook - containerPort: 9443 - protocol: TCP - {{- end }} livenessProbe: httpGet: path: /healthz/ port: 8081 - periodSeconds: 10 + {{- if .Values.livenessProbe }} + {{- toYaml .Values.livenessProbe | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - {{- end }} {{- if .Values.volumeMounts }} {{- toYaml .Values.volumeMounts | nindent 10 }} {{- end }} @@ -157,12 +185,6 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} - - name: cert - secret: - defaultMode: 420 - secretName: {{ .Release.Name }}-webhook-server-cert - {{- end }} {{- if .Values.volumes }} {{- toYaml .Values.volumes | nindent 6 }} {{- end }} diff --git a/charts/datadog-operator/templates/webhook-service.yaml b/charts/datadog-operator/templates/webhook-service.yaml deleted file mode 100644 index 0f1975041..000000000 --- a/charts/datadog-operator/templates/webhook-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.name }} - namespace: {{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.namespace }} -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - app.kubernetes.io/name: {{ include "datadog-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 59101aff9..d2c1be14e 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -16,6 +16,10 @@ apiKeyExistingSecret: # # appKey -- Your Datadog APP key appKey: # + +# clusterName -- Set a unique cluster name reporting from the Datadog Operator. +clusterName: + # site -- The site of the Datadog intake to send data to (documentation: https://docs.datadoghq.com/getting_started/site/) ## Set to 'datadoghq.com' to send data to the US1 site (default). @@ -43,9 +47,11 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.3.0 + tag: 1.11.1 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent + # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. + doNotCheckTag: false # imagePullSecrets -- Datadog Operator repository pullSecret (ex: specify docker registry credentials) imagePullSecrets: [] # nameOverride -- Override name of app @@ -56,6 +62,14 @@ fullnameOverride: "" logLevel: "info" # maximumGoroutines -- Override default goroutines threshold for the health check failure. maximumGoroutines: + + +introspection: +# introspection.enabled -- If true, enables introspection feature (beta). Requires v1.4.0+ + enabled: false +datadogAgentProfile: +# datadogAgentProfile.enabled -- If true, enables DatadogAgentProfile controller (beta). Requires v1.5.0+ + enabled: false # supportExtendedDaemonset -- If true, supports using ExtendedDaemonSet CRD supportExtendedDaemonset: "false" # operatorMetricsEnabled -- Enable forwarding of Datadog Operator metrics and events to Datadog. @@ -70,12 +84,22 @@ secretBackend: datadogAgent: # datadogAgent.enabled -- Enables Datadog Agent controller enabled: true +datadogDashboard: + # datadogDashboard.enabled -- Enables the Datadog Dashboard controller + enabled: false datadogMonitor: # datadogMonitor.enabled -- Enables the Datadog Monitor controller enabled: false datadogSLO: # datadogSLO.enabled -- Enables the Datadog SLO controller enabled: false +remoteConfiguration: + # remoteConfiguration.enabled -- If true, enables Remote Configuration in the Datadog Operator (beta). Requires clusterName, API and App keys to be set. + enabled: false + +deployment: + # deployment.annotations -- Allows setting additional annotations for the deployment resource + annotations: {} rbac: # rbac.create -- Specifies whether the RBAC resources should be created create: true @@ -115,18 +139,14 @@ datadogCRDs: datadogAgents: true # datadogCRDs.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD datadogMetrics: true + # datadogCRDs.crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD + datadogPodAutoscalers: true # datadogCRDs.crds.datadogMonitors -- Set to true to deploy the DatadogMonitors CRD datadogMonitors: true # datadogCRDs.crds.datadogSLOs -- Set to true to deploy the DatadogSLO CRD datadogSLOs: false - migration: - datadogAgents: - conversionWebhook: - enabled: false - name: datadog-operator-webhook-service - namespace: default - useCertManager: false - version: "v2alpha1" + # datadogCRDs.crds.datadogDashboards -- Set to true to deploy the DatadogDashboard CRD + datadogDashboards: false # podAnnotations -- Allows setting additional annotations for Datadog Operator PODs podAnnotations: {} @@ -137,6 +157,7 @@ podLabels: {} collectOperatorMetrics: true # watchNamespaces -- Restricts the Operator to watch its managed resources on specific namespaces +# unless CRD-specific watchNamespaces properties are set watchNamespaces: [] # example: watch only two namespaces: # watchNamespaces: @@ -147,6 +168,54 @@ watchNamespaces: [] # watchNamespaces: # - "" +# watchNamespacesAgent -- Restricts the Operator to watch DatadogAgent resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesAgent: [] +# example: watch only two namespaces: +# watchNamespacesAgent: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesAgent: +# - "" + +# watchNamespacesMonitor -- Restricts the Operator to watch DatadogMonitor resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesMonitor: [] +# example: watch only two namespaces: +# watchNamespacesMonitor: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesMonitor: +# - "" + +# watchNamespacesSLO -- Restricts the Operator to watch DatadogSLO resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesSLO: [] +# example: watch only two namespaces: +# watchNamespacesSLO: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesSLO: +# - "" + +# watchNamespacesAgentProfile -- Restricts the Operator to watch DatadogAgentProfile resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesAgentProfile: [] +# example: watch only two namespaces: +# watchNamespacesAgentProfile: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesAgentProfile: +# - "" + # containerSecurityContext -- A security context defines privileges and access control settings for a container. containerSecurityContext: {} @@ -161,3 +230,21 @@ volumeMounts: [] # - name: # mountPath: # readOnly: true + +# livenessProbe -- Add default livenessProbe settings. HTTP GET is not configurable as it is hardcoded in the Operator. +livenessProbe: + periodSeconds: 10 + # Example fields of livenessProbe that are also configurable: + # initialDelaySeconds: 15 + # timeoutSeconds: 1 + # successThreshold: 1 + # failureThreshold: 3 + +# clusterRole -- Set specific configuration for the cluster role +clusterRole: + # allowReadAllResources is required to allow the operator to view all custom resources. + # If collecting CRDs in the Kubernetes Explorer this is required + allowReadAllResources: false + + # allowCreatePodsExec is required for `remote_copy` mode of the CWS Instrumentation feature. + allowCreatePodsExec: false diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 9e71c6719..675248aff 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,16 +1,429 @@ # Datadog changelog -## 3.53.4 +## 3.88.3 * Add default container resource values for GKE Autopilot +## 3.88.2 + +* Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. + +## 3.88.1 + +* Disable SBOM monitoring features for GKE Autopilot, as they are not supported + +## 3.88.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.61.0`. + +## 3.87.2 + +* Add cgroups mount in system-probe for USM, NPM and Service Discovery matching the datadog-operator. + +## 3.87.1 + +* Add the ability to set the image tag to use for the APM Injector. + +## 3.87.0 + +* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. + +## 3.86.0 + +* Add `delete` permission for `datadog-webhook` Admission Registration RBACs. + +## 3.85.0 + +* Add `datadog.discovery.enabled` configuration to control service-discovery. + +## 3.84.4 + +* Propagate the `datadog.site` option to the default `datadog.otelCollector` configuration. + +## 3.84.3 + +* Added the configuration value `clusterAgent.admissionController.kubernetes_admission_events.enabled` to enabled/disable the Kubernetes Admission Events feature. + +## 3.84.2 + +* Add `endpointslices.discovery.k8s.io` to the list of resources to collect in the Cluster Agent RBAC. +* Add configuration option for `datadog.kubernetesUseEndpointSlices` to map Kubernetes services to endpoint slices instead of endpoints. Disabled by default. + +## 3.84.1 + +* Remove deployments.apps example of `datadog.kubernetesResourcesLabelsAsTags` and `datadog.kubernetesResourcesAnnotationsAsTags` since it's not implemented yet + +## 3.84.0 + +* Set the default value of `datadog.processAgent.runInCoreAgent` to `true`. + +## 3.83.1 + +* Add /sys/fs/bpf to system-probe volume mounts + +## 3.83.0 + +* Added the configuration value `datadog.disablePasswdMount` to disable mounting the `/etc/passwd` path from the host filesystem. This option should be used when the underlying OS does not have these files (e.g., Talos OS). +* Added the configuration value `datadog.disableDefaultOsReleasePaths` to disable mounting the default "os-release" file paths from the host filesystem (e.g., `/etc/redhat-release`, `/etc/fedora-release`, etc.). Note that this change does not affect the `datadog.osReleasePath` option. To avoid mounting the `/etc/os-release` host path, set the `datadog.osReleasePath` configuration value to an empty string. This option should be used when the underlying OS does not have these files (e.g., Talos OS). +* Add `providers.talos.enabled` to simplify agent deployment configuration on Talos OS. + +## 3.82.0 + +* Add `pods/exec` RBAC to the `Cluster-Agent` when needed and inject the service account name of the `Cluster-Agent` as environment variable. + +## 3.81.2 + +* Fix ci values.yaml files name to be taken into account by the ci job. + +## 3.81.1 + +* Update default `fips.image.tag` to `1.1.6`, which updates PCRE2 version to 10.44 and HAProxy version to 2.4.28 + +## 3.81.0 + +* Add a new option to disable hostPorts for the trace-agent with `datadog.apm.useLocalService`. This option enables K8s clusters with hostPort and hostPath volumes restrictions to use the K8s local service to send traces. + +## 3.80.0 + +* Add `datadog.admissionController.validation` and `datadog.admissionController.mutation` to enable/disable the admission controller validation and mutation webhooks. + +## 3.79.1 + +* Document how to use `datadog.envDict` option with the `--set` helm's flag. + +## 3.79.0 + +* Add Logs Collection support for Google GKE on GDC + +## 3.78.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.59.0`. + +## 3.77.3 + +* Update version required for datadog.processAgent.runInCoreAgent and remove experimental status. + +## 3.77.2 + +* Add the ability to include Security Contexts at the container level for Cluster Checks Runners. + +## 3.77.1 + +* Modify command that removes the default conf.d directory from the Cluster Checks Runners and only removes the default YAML files. + +## 3.77.0 + +* Add experimental support for overlayfs direct scan for SBOMs + +## 3.76.3 + +* Add `podisruptionbudgets` RBAC to the Cluster Agent. + +## 3.76.2 + +* Fix warning message displayed when installing/upgrading the Agent with OTel collector. +* Add preview message in values.yaml file. + +## 3.76.1 + +* Gate `datadog.sbom.containerImage.uncompressedLayersSupport` feature behind `datadog.sbom.containerImage.enabled`: if the latter is not enabled (default), do not modify template based on `datadog.sbom.containerImage.uncompressedLayersSupport`. + +## 3.76.0 + +* Set `datadog.sbom.containerImage.uncompressedLayersSupport` to `true` by default. + +## 3.75.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.58.0`. + +## 3.74.6 + +* Fix error message for when System Probe is enabled on GKE Autopilot + +## 3.74.5 + +* Add configuration option for `datadog.KubernetesEvents.sourceDetectionEnabled` to map Kubernetes events to integration sources based on controller names. Disabled by default. + +## 3.74.4 + +* Define `admission_controller.container_registry` regardless of `clusterAgent.admissionController.agentSidecarInjection` feature status. + +## 3.74.3 + +* Do not mount `/usr/lib/sysimage/rpm` (reverts https://github.com/DataDog/helm-charts/pull/1541): in some operating systems such as Bottlerocket, `/usr` is `read-only`, preventing the Agent from being deployed when `datadog.sbom.host.enabled` is set to `true` as kubelet cannot create the directory at this location if it does not exist. + +## 3.74.2 + +* Mount `/usr/lib/sysimage/rpm` in the Agent DaemonSet when using host SBOM feature (required on hosts running Amazon Linux distributions). + +## 3.74.1 + +* Pass components env variables to the cluster checks runner deployment pod spec. + +## 3.74.0 + +* Simplify OTel Agent OOTB pipelines: + * Remove `traces/otlp` pipeline from the default OTel Agent config + * Add `infaattributes` processor and `datadog` exporter to the `traces` pipeline. + +## 3.73.3 + +* Fix a few typos on OTel Agent configs. + +## 3.73.2 + +* Add `admissionregistration.k8s.io/v1/validatingwebhookconfigurations` RBACs to the Cluster Agent. + +## 3.73.1 + +* Add role-based access control rules to Datadog Cluster Agent to read k8s resources annotations and labels to create tags. + +## 3.73.0 + +* Add Azure Container Registry, enabled automatically when targeting `us3.datadoghq.com`. + +## 3.72.1 + +* Add configuration option for `datadog.KubernetesEvents.filteringEnabled` to only include pre-defined allowed events. Disabled by default. + +## 3.72.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.57.2`. + +## 3.71.2 + +* Add `datadog.kubernetesResourcesLabelsAsTags` to assign Kubernetes Resources Labels as tags in the tagger +* Add `datadog.kubernetesResourcesAnnotationsAsTags` to assign Kuberenetes Resources Annotations as tags in the tagger + +## 3.71.1 + +* Update `fips.image.tag` to `1.1.5` updating openSSL version to 3.0.15 + +## 3.71.0 + +* Add `datadog.profiling` section to configure Continuous Profiler. Disabled by default. + +## 3.70.7 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.2`. + +## 3.70.6 + +* Add private beta note for OTel Collector. + +## 3.70.5 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.1`. + +## 3.70.4 + +* Improve support for `processAgent.runInCoreAgent` feature. + +## 3.70.3 + +* Update `fips.image.tag` to `1.1.4` + +## 3.70.2 + +* Add admission controller port to cilium network policy for the cluster agent + +## 3.70.1 + +* Fix datadog.kubelet.coreCheckEnabled conditional statement to accept false value + +## 3.70.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.56.0`. + +## 3.69.3 + +* Update `datadog-crds` dependency to `1.7.2`. + +## 3.69.2 + +* Allow activation of autoscaling. + +## 3.69.1 + +* Set default `Agent` and `Cluster-Agent` version to `7.55.2`. + +## 3.69.0 + +* Add support OTel Agent container. OTel Agent is Datadog's distribution of OTel collector. + +## 3.68.2 + +* Fix datadog.containerLifecycle.enabled conditional statement to accept false value + +## 3.68.1 + +* Add automatic detection for enablement of process agent container. + +## 3.68.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.55.1`. + +## 3.67.5 + +* Add support for `processAgent.runInCoreAgent` as an experimental feature. + +## 3.67.4 + +* Overwrite the securityContext for the `seccomp-setup` initContainer with `agents.containers.initContainers.securityContext`. + +## 3.67.3 + +* Make sure that disabling CSPM host benchmarks is propagated to the agent. + +## 3.67.2 + +* Remove startup probe for `Agent` in GKE AutoPilot due to deployment restrictions + +## 3.67.1 + +* Update `fips.image.tag` to `1.1.3` + +## 3.67.0 + +* Add startup probe for `Agent`, `Cluster-Agent` and `Cluster-Check-Runner`. + +## 3.66.1 + +* Add 'datadog.namespaceAnnotationsAsTags' to assign namespace annotations as tags on pod entities in the tagger. + +## 3.66.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.54.0`. + +## 3.65.3 + +* Add RBAC rules for collection of StorageClass and LimitRange resources in the Orchestrator Explorer. + +## 3.65.2 + +* Do not enable live process collection by default when language detection is enabled for `APM SSI`. + +## 3.65.1 + +* Make sure the security agent is aware of `datadog.securityAgent.runtime.useSecruntimeTrack`. + +## 3.65.0 + +* Default `datadog.securityAgent.runtime.useSecruntimeTrack` to `true`, sending CWS events directly to the new secruntime track (and to the new agent events explorer). + +## 3.64.1 + +* Add `datadog.securityAgent.runtime.useSecruntimeTrack` config to start sending CWS events directly to the new secruntime track (and to the new agent events explorer). + +## 3.64.0 + +* Add `datadog.originDetectionUnified.enabled` setting to enable unified origin detection for container tagging. Disabled by default + +## 3.63.0 + +* Set kubelet core check to be enabled by default + +## 3.62.1 + +* Update `fips.image.tag` to `1.1.2` + +## 3.62.0 + +* Add `datadog.asm` section to configure various features of the ASM Security Product. Disabled by default + +## 3.61.0 + +* Add `datadog.kubelet.core_check` option to configure whether the kubelet core check should be used + Note: this requires agent/cluster agent version 7.53.0+ + +## 3.60.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.53.0` + +## 3.59.7 + +* Add configuration option to specify clusterAgent.admissionController.containerRegistry, which defaults to registry +* No longer set `DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY` to registry as a fallback, + that option is implicit from us now setting the higher level `clusterAgent.admissionController.containerRegistry`. + +## 3.59.6 + +* Add configuration option datadog.apm.instrumentation.skipKPITelemetry. + +## 3.59.5 + +* Set default `Agent` and `Cluster-Agent` version to `7.52.1`. + +## 3.59.4 + +* Add language detection enable option for `APM` instrumentation. + +## 3.59.3 + +* Add `contimage-intake.datadoghq.com` & `contlcycle-intake.datadoghq.com` endpoints to the `Agent` cilium network policy. + +## 3.59.2 + +* Disable language detection reporting by default in Cluster Agent with Agent 7.52+. + +## 3.59.1 + +* Add support for configuring Agent sidecar injection using Admission Controller. + +## 3.59.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.52.0`. + +## 3.58.1 + +* Fix typo in PodSecurityPolicy warning note. + +## 3.58.0 + +* Change configuration options for APM Instrumentation. Starting from Agent and Cluster-Agent version `7.51.0` APM Instrumentation needs to be configured using the following configuration options: +* `datadog.apm.instrumentation.enabled` - set to `true` to enable automatic instrumentation. +* `datadog.apm.instrumentation.enabledNamespaces` - optional; list of namespaces to enable automatic instrumentation in. If not provided, every namespace in the cluster will be instrumented. +* `datadog.apm.instrumentation.disabledNamespaces` - optional; list of namespaces to disable automatic instrumentation in. + +## 3.57.3 + +* Exclude agent, cluster agent and agent clusterchecks pods from injection from the admission controller. + +## 3.57.2 + +* Add `networkpolicies` default permission for the cluster agent. + +## 3.57.1 + +* Allow configuring CWS security profile based auto suppression feature and enable it by default. + +## 3.57.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.51.0`. + +## 3.56.0 + +* Allow templating of `datadog.clusterName`. + +## 3.55.0 + +* Modify `datadog.dogstatsd.originDetection` to also support container tagging for origin detection enabled clients. + +## 3.54.2 + +* Set `DD_APM_ENABLED` value in the core agent container to properly report its value. + +## 3.54.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 3.53.3 * Update `fips.image.tag` to `1.1.1` ## 3.53.2 -* Exclude agent pod from labels injection from the admission controller +* Exclude agent pod from labels injection from the admission controller. ## 3.53.1 @@ -90,7 +503,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.49.2 -* Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set +* Fix check for APM Instrumentation when apm.intrumentation.disabledNamespaces is set ## 3.49.1 @@ -147,7 +560,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 3.42.1 -* Bump FIPS proxy OpenSSL version to 3.0.12 +* Bump FIPS proxy OpenSSL version to 3.0.12 ## 3.42.0 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index b5938ecc5..78206b997 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,6 +1,7 @@ +--- apiVersion: v1 name: datadog -version: 3.53.4 +version: 3.88.3 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 0a375646d..20ec06684 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.53.4](https://img.shields.io/badge/Version-3.53.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.88.3](https://img.shields.io/badge/Version-3.88.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -28,7 +28,7 @@ Kubernetes 1.10+ or OpenShift 3.10+, note that: | Repository | Name | Version | |------------|------|---------| -| https://helm.datadoghq.com | datadog-crds | 1.0.1 | +| https://helm.datadoghq.com | datadog-crds | 1.7.2 | | https://prometheus-community.github.io/helm-charts | kube-state-metrics | 2.13.2 | ## Quick start @@ -262,7 +262,7 @@ datadog: # (...) apm: instrumentation: - enabled: false + enabled: true enabledNamespaces: - namespaceC ``` @@ -274,7 +274,7 @@ datadog: # (...) apm: instrumentation: - enabled: false + enabled: true libVersions: java: v1.18.0 python: v1.20.0 @@ -441,6 +441,16 @@ agents: # (...) ``` +## Set an environment variable with the `--set` helm flag + +You can set environment variables using the `--set` helm's flag thanks to the `datadog.envDict` field. + +For example, to set the `DD_ENV` environment variable: + +```console +$ helm install --set datadog.envDict.DD_ENV=prod datadog/datadog +``` + ## All configuration options The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -467,9 +477,16 @@ helm install \ | agents.containers.agent.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent readiness probe settings | | agents.containers.agent.resources | object | `{}` | Resource requests and limits for the agent container. | | agents.containers.agent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the agent container. | +| agents.containers.agent.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default agent startup probe settings | | agents.containers.initContainers.resources | object | `{}` | Resource requests and limits for the init containers | | agents.containers.initContainers.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the init containers. | | agents.containers.initContainers.volumeMounts | list | `[]` | Specify additional volumes to mount for the init containers | +| agents.containers.otelAgent.env | list | `[]` | Additional environment variables for the otel-agent container | +| agents.containers.otelAgent.envDict | object | `{}` | Set environment variables specific to otel-agent defined in a dict | +| agents.containers.otelAgent.envFrom | list | `[]` | Set environment variables specific to otel-agent from configMaps and/or secrets | +| agents.containers.otelAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | +| agents.containers.otelAgent.resources | object | `{}` | Resource requests and limits for the otel-agent container | +| agents.containers.otelAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the otel-agent container. | | agents.containers.processAgent.env | list | `[]` | Additional environment variables for the process-agent container | | agents.containers.processAgent.envDict | object | `{}` | Set environment variables specific to process-agent defined in a dict | | agents.containers.processAgent.envFrom | list | `[]` | Set environment variables specific to process-agent from configMaps and/or secrets | @@ -508,7 +525,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.50.3"` | Define the Agent version to use | +| agents.image.tag | string | `"7.61.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -544,13 +561,29 @@ helm install \ | agents.volumeMounts | list | `[]` | Specify additional volumes to mount in all containers of the agent pod | | agents.volumes | list | `[]` | Specify additional volumes to mount in the dd-agent container | | clusterAgent.additionalLabels | object | `{}` | Adds labels to the Cluster Agent deployment and pods | +| clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled | bool | `true` | Enable communication between Agent sidecars and the Cluster Agent. | +| clusterAgent.admissionController.agentSidecarInjection.containerRegistry | string | `nil` | Override the default registry for the sidecar Agent. | +| clusterAgent.admissionController.agentSidecarInjection.enabled | bool | `false` | Enables Datadog Agent sidecar injection. | +| clusterAgent.admissionController.agentSidecarInjection.imageName | string | `nil` | | +| clusterAgent.admissionController.agentSidecarInjection.imageTag | string | `nil` | | +| clusterAgent.admissionController.agentSidecarInjection.profiles | list | `[]` | Defines the sidecar configuration override, currently only one profile is supported. | +| clusterAgent.admissionController.agentSidecarInjection.provider | string | `nil` | Used by the admission controller to add infrastructure provider-specific configurations to the Agent sidecar. | +| clusterAgent.admissionController.agentSidecarInjection.selectors | list | `[]` | Defines the pod selector for sidecar injection, currently only one rule is supported. | | clusterAgent.admissionController.configMode | string | `nil` | The kind of configuration to be injected, it can be "hostip", "service", or "socket". | +| clusterAgent.admissionController.containerRegistry | string | `nil` | Override the default registry for the admission controller. | +| clusterAgent.admissionController.cwsInstrumentation.enabled | bool | `false` | Enable the CWS Instrumentation admission controller endpoint. | +| clusterAgent.admissionController.cwsInstrumentation.mode | string | `"remote_copy"` | Mode defines how the CWS Instrumentation should behave. Options are "remote_copy" or "init_container" | | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | +| clusterAgent.admissionController.kubernetesAdmissionEvents.enabled | bool | `false` | Enable the Kubernetes Admission Events feature. | | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | +| clusterAgent.admissionController.mutation | object | `{"enabled":true}` | Mutation Webhook configuration options | +| clusterAgent.admissionController.mutation.enabled | bool | `true` | Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). | | clusterAgent.admissionController.port | int | `8000` | Set port of cluster-agent admission controller service | | clusterAgent.admissionController.remoteInstrumentation.enabled | bool | `false` | Enable polling and applying library injection using Remote Config. # This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. # Enabling this feature grants the Cluster Agent the permissions to patch Deployment objects in the cluster. | -| clusterAgent.admissionController.webhookName | string | `"datadog-webhook"` | Name of the mutatingwebhookconfigurations created by the cluster-agent | +| clusterAgent.admissionController.validation | object | `{"enabled":true}` | Validation Webhook configuration options | +| clusterAgent.admissionController.validation.enabled | bool | `true` | Enabled enables the Admission Controller validation webhook. Default: true. (Requires Agent 7.59.0+). | +| clusterAgent.admissionController.webhookName | string | `"datadog-webhook"` | Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent | | clusterAgent.advancedConfd | object | `{}` | Provide additional cluster check configurations. Each key is an integration containing several config files. | | clusterAgent.affinity | object | `{}` | Allow the Cluster Agent Deployment to schedule using affinity rules | | clusterAgent.command | list | `[]` | Command to run in the Cluster Agent container as entrypoint | @@ -575,7 +608,7 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.50.3"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.61.0"` | Cluster Agent image tag to use | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -603,6 +636,7 @@ helm install \ | clusterAgent.revisionHistoryLimit | int | `10` | The number of old ReplicaSets to keep in this Deployment. | | clusterAgent.securityContext | object | `{}` | Allows you to overwrite the default PodSecurityContext on the cluster-agent pods. | | clusterAgent.shareProcessNamespace | bool | `false` | Set the process namespace sharing on the Datadog Cluster Agent | +| clusterAgent.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent startup probe settings | | clusterAgent.strategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Allow the Cluster Agent deployment to perform a rolling update on helm update | | clusterAgent.token | string | `""` | Cluster Agent token is a preshared key between node agents and cluster agent (autogenerated if empty, needs to be at least 32 characters a-zA-z) | | clusterAgent.tokenExistingSecret | string | `""` | Existing secret name to use for Cluster Agent token. Put the Cluster Agent token in a key named `token` inside the Secret | @@ -613,6 +647,8 @@ helm install \ | clusterAgent.volumes | list | `[]` | Specify additional volumes to mount in the cluster-agent container | | clusterChecksRunner.additionalLabels | object | `{}` | Adds labels to the cluster checks runner deployment and pods | | clusterChecksRunner.affinity | object | `{}` | Allow the ClusterChecks Deployment to schedule using affinity rules. | +| clusterChecksRunner.containers.agent.securityContext | object | `{}` | Specify securityContext on the agent container | +| clusterChecksRunner.containers.initContainers.securityContext | object | `{}` | Specify securityContext on the init containers | | clusterChecksRunner.createPodDisruptionBudget | bool | `false` | Create the pod disruption budget to apply to the cluster checks agents | | clusterChecksRunner.deploymentAnnotations | object | `{}` | Annotations to add to the cluster-checks-runner's Deployment | | clusterChecksRunner.dnsConfig | object | `{}` | specify dns configuration options for datadog cluster agent containers e.g ndots | @@ -626,7 +662,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.50.3"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.61.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | @@ -644,6 +680,7 @@ helm install \ | clusterChecksRunner.resources | object | `{}` | Datadog clusterchecks-agent resource requests and limits. | | clusterChecksRunner.revisionHistoryLimit | int | `10` | The number of old ReplicaSets to keep in this Deployment. | | clusterChecksRunner.securityContext | object | `{}` | Allows you to overwrite the default PodSecurityContext on the clusterchecks pods. | +| clusterChecksRunner.startupProbe | object | Every 15s / 6 KO / 1 OK | Override default agent startup probe settings | | clusterChecksRunner.strategy | object | `{"rollingUpdate":{"maxSurge":1,"maxUnavailable":0},"type":"RollingUpdate"}` | Allow the ClusterChecks deployment to perform a rolling update on helm update | | clusterChecksRunner.tolerations | list | `[]` | Tolerations for pod assignment | | clusterChecksRunner.topologySpreadConstraints | list | `[]` | Allow the ClusterChecks Deployment to schedule using pod topology spreading | @@ -651,6 +688,7 @@ helm install \ | clusterChecksRunner.volumes | list | `[]` | Specify additional volumes to mount in the cluster checks container | | commonLabels | object | `{}` | Labels to apply to all resources | | datadog-crds.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | +| datadog-crds.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadog.apiKey | string | `nil` | Your Datadog API key | | datadog.apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one. The value should be set with the `api-key` key inside the secret. | | datadog.apm.enabled | bool | `false` | Enable this to enable APM and tracing, on port 8126 DEPRECATED. Use datadog.apm.portEnabled instead | @@ -658,14 +696,21 @@ helm install \ | datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). | | datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (beta). | | datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.injector.imageTag | string | `""` | The image tag to use for the APM Injector (preview). | +| datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (beta). | | datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | +| datadog.apm.instrumentation.skipKPITelemetry | bool | `false` | Disable generating Configmap for APM Instrumentation KPIs | | datadog.apm.port | int | `8126` | Override the trace Agent port | | datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | | datadog.apm.socketEnabled | bool | `true` | Enable APM over Socket (Unix Socket or windows named pipe) | | datadog.apm.socketPath | string | `"/var/run/datadog/apm.socket"` | Path to the trace-agent socket | +| datadog.apm.useLocalService | bool | `false` | Enable APM over TCP communication to use the local service only (requires Kubernetes v1.22+) Note: The hostPort 8126 is disabled when this is enabled. | | datadog.apm.useSocketVolume | bool | `false` | Enable APM over Unix Domain Socket DEPRECATED. Use datadog.apm.socketEnabled instead | | datadog.appKey | string | `nil` | Datadog APP key required to use metricsProvider | | datadog.appKeyExistingSecret | string | `nil` | Use existing Secret which stores APP key instead of creating a new one. The value should be set with the `app-key` key inside the secret. | +| datadog.asm.iast.enabled | bool | `false` | Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster | +| datadog.asm.sca.enabled | bool | `false` | Enable Application Security Management Software Composition Analysis by injecting `DD_APPSEC_SCA_ENABLED=true` environment variable to all pods in the cluster | +| datadog.asm.threats.enabled | bool | `false` | Enable Application Security Management Threats App & API Protection by injecting `DD_APPSEC_ENABLED=true` environment variable to all pods in the cluster | | datadog.checksCardinality | string | `nil` | Sets the tag cardinality for the checks run by the Agent. | | datadog.checksd | object | `{}` | Provide additional custom checks as python code | | datadog.clusterChecks.enabled | bool | `true` | Enable the Cluster Checks feature on both the cluster-agents and the daemonset | @@ -685,6 +730,9 @@ helm install \ | datadog.containerRuntimeSupport.enabled | bool | `true` | Set this to false to disable agent access to container runtime. | | datadog.criSocketPath | string | `nil` | Path to the container runtime socket (if different from Docker) | | datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | +| datadog.disableDefaultOsReleasePaths | bool | `false` | Set this to true to disable mounting datadog.osReleasePath in all containers | +| datadog.disablePasswdMount | bool | `false` | Set this to true to disable mounting /etc/passwd in all containers | +| datadog.discovery.enabled | bool | `nil` | Enable Service Discovery | | datadog.dockerSocketPath | string | `nil` | Path to the docker socket | | datadog.dogstatsd.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the DogStatsD socket | | datadog.dogstatsd.nonLocalTraffic | bool | `true` | Enable this to make each node accept non-local statsd traffic (from outside of the pod) | @@ -720,12 +768,18 @@ helm install \ | datadog.kubeStateMetricsEnabled | bool | `false` | If true, deploys the kube-state-metrics deployment | | datadog.kubeStateMetricsNetworkPolicy.create | bool | `false` | If true, create a NetworkPolicy for kube state metrics | | datadog.kubelet.agentCAPath | string | /var/run/host-kubelet-ca.crt if hostCAPath else /var/run/secrets/kubernetes.io/serviceaccount/ca.crt | Path (inside Agent containers) where the Kubelet CA certificate is stored | +| datadog.kubelet.coreCheckEnabled | bool | true | Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) | | datadog.kubelet.host | object | `{"valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}` | Override kubelet IP | | datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | +| datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | +| datadog.kubernetesEvents.sourceDetectionEnabled | bool | `false` | Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). | | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | +| datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | +| datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | +| datadog.kubernetesUseEndpointSlices | bool | `false` | Enable this to map Kubernetes services to endpointslices instead of endpoints. (Requires Cluster Agent 7.62.0+). | | datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | | datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. | | datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | @@ -734,6 +788,7 @@ helm install \ | datadog.logs.containerCollectAll | bool | `false` | Enable this to allow log collection for all containers | | datadog.logs.containerCollectUsingFiles | bool | `true` | Collect logs from files in /var/log/pods instead of using container runtime API | | datadog.logs.enabled | bool | `false` | Enables this to activate Datadog Agent log collection | +| datadog.namespaceAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Namespace Annotations to Datadog Tags | | datadog.namespaceLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Namespace Labels to Datadog Tags | | datadog.networkMonitoring.enabled | bool | `false` | Enable network performance monitoring | | datadog.networkPolicy.cilium.dnsSelector | object | kube-dns in namespace kube-system | Cilium selector of the DNS server entity | @@ -743,7 +798,11 @@ helm install \ | datadog.orchestratorExplorer.container_scrubbing | object | `{"enabled":true}` | Enable the scrubbing of containers in the kubernetes resource YAML for sensitive information | | datadog.orchestratorExplorer.customResources | list | `[]` | Defines custom resources for the orchestrator explorer to collect | | datadog.orchestratorExplorer.enabled | bool | `true` | Set this to false to disable the orchestrator explorer | +| datadog.originDetectionUnified.enabled | bool | `false` | Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). | | datadog.osReleasePath | string | `"/etc/os-release"` | Specify the path to your os-release file | +| datadog.otelCollector.config | string | `nil` | OTel collector configuration | +| datadog.otelCollector.enabled | bool | `false` | Enable the OTel Collector | +| datadog.otelCollector.ports | list | `[{"containerPort":"4317","name":"otel-grpc"},{"containerPort":"4318","name":"otel-http"}]` | Ports that OTel Collector is listening | | datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | | datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.endpoint | string | `"0.0.0.0:4317"` | OTLP/gRPC endpoint | @@ -753,17 +812,21 @@ helm install \ | datadog.otlp.receiver.protocols.http.useHostPort | bool | `true` | Enable the Host Port for the OTLP/HTTP endpoint | | datadog.podAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Annotations to Datadog Tags | | datadog.podLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Labels to Datadog Tags | -| datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent | -| datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection in process monitoring agent | +| datadog.processAgent.containerCollection | bool | `true` | Set this to true to enable container collection # ref: https://docs.datadoghq.com/infrastructure/containers/?tab=helm | +| datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | +| datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection | | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | -| datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes | +| datadog.processAgent.runInCoreAgent | bool | `true` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.60.0+ and Linux. | +| datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | +| datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | | datadog.prometheusScrape.enabled | bool | `false` | Enable autodiscovering pods and services exposing prometheus metrics. | | datadog.prometheusScrape.serviceEndpoints | bool | `false` | Enable generating dedicated checks for service endpoints. | | datadog.prometheusScrape.version | int | `2` | Version of the openmetrics check to schedule by default. | -| datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. Consider using remoteConfiguration.enabled instead | +| datadog.remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration. DEPRECATED: Consider using remoteConfiguration.enabled instead | | datadog.sbom.containerImage.enabled | bool | `false` | Enable SBOM collection for container images | -| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `false` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. | +| datadog.sbom.containerImage.overlayFSDirectScan | bool | `false` | Use experimental overlayFS direct scan | +| datadog.sbom.containerImage.uncompressedLayersSupport | bool | `true` | Use container runtime snapshotter This should be set to true when using EKS, GKE or if containerd is configured to discard uncompressed layers. This feature will cause the SYS_ADMIN capability to be added to the Agent container. Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers | | datadog.sbom.host.enabled | bool | `false` | Enable SBOM collection for host filesystems | | datadog.secretAnnotations | object | `{}` | | | datadog.secretBackend.arguments | string | `nil` | Configure the secret backend command arguments (space-separated strings). | @@ -774,7 +837,7 @@ helm install \ | datadog.securityAgent.compliance.checkInterval | string | `"20m"` | Compliance check run interval | | datadog.securityAgent.compliance.configMap | string | `nil` | Contains CSPM compliance benchmarks that will be used | | datadog.securityAgent.compliance.enabled | bool | `false` | Set to true to enable Cloud Security Posture Management (CSPM) | -| datadog.securityAgent.compliance.host_benchmarks.enabled | bool | `false` | Set to true to enable host benchmarks (this feature is supported from Agent 7.47, and requires 160 MB extra memory for the `security-agent` container) | +| datadog.securityAgent.compliance.host_benchmarks.enabled | bool | `true` | Set to false to disable host benchmarks. If enabled, this feature requires 160 MB extra memory for the `security-agent` container. (Requires Agent 7.47.0+) | | datadog.securityAgent.compliance.xccdf.enabled | bool | `false` | | | datadog.securityAgent.runtime.activityDump.cgroupDumpTimeout | int | `20` | Set to the desired duration of a single container tracing (in minutes) | | datadog.securityAgent.runtime.activityDump.cgroupWaitListSize | int | `0` | Set to the size of the wait list for already traced containers | @@ -786,8 +849,10 @@ helm install \ | datadog.securityAgent.runtime.network.enabled | bool | `true` | Set to true to enable the collection of CWS network events | | datadog.securityAgent.runtime.policies.configMap | string | `nil` | Contains CWS policies that will be used | | datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled | bool | `true` | Set to true to enable CWS runtime drift events | +| datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled | bool | `true` | Set to true to enable CWS runtime auto suppression | | datadog.securityAgent.runtime.securityProfile.enabled | bool | `true` | Set to true to enable CWS runtime security profiles | | datadog.securityAgent.runtime.syscallMonitor.enabled | bool | `false` | Set to true to enable the Syscall monitoring (recommended for troubleshooting only) | +| datadog.securityAgent.runtime.useSecruntimeTrack | bool | `true` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | | datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring | | datadog.site | string | `nil` | The site of the Datadog intake to send Agent data to. (documentation: https://docs.datadoghq.com/getting_started/site/) | @@ -820,7 +885,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.1"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.6"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | @@ -838,8 +903,10 @@ helm install \ | providers.eks.ec2.useHostnameFromFile | bool | `false` | Use hostname from EC2 filesystem instead of fetching from metadata endpoint. | | providers.gke.autopilot | bool | `false` | Enables Datadog Agent deployment on GKE Autopilot | | providers.gke.cos | bool | `false` | Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) | -| registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) | -| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. Preferred way to enable Remote Configuration. | +| providers.gke.gdc | bool | `false` | Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) | +| providers.talos.enabled | bool | `false` | Activate all required specificities related to Talos.dev configuration, as currently the chart cannot auto-detect Talos.dev cluster. Note: The Agent deployment requires additional privileges that are not permitted by the default pod security policy. The annotation `pod-security.kubernetes.io/enforce=privileged` must be applied to the Datadog installation Kubernetes namespace. For more information on pod security policies in Talos.dev clusters, see: https://www.talos.dev/v1.8/kubernetes-guides/configuration/pod-security/ | +| registry | string | `nil` | Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) | +| remoteConfiguration.enabled | bool | `true` | Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. Can be overridden if `datadog.remoteConfiguration.enabled` Preferred way to enable Remote Configuration. | | targetSystem | string | `"linux"` | Target OS for this deployment (possible values: linux, windows) | ## Configuration options for Windows deployments diff --git a/charts/datadog/README.md.gotmpl b/charts/datadog/README.md.gotmpl index e0d78c0ec..5e99e6f20 100644 --- a/charts/datadog/README.md.gotmpl +++ b/charts/datadog/README.md.gotmpl @@ -258,7 +258,7 @@ datadog: # (...) apm: instrumentation: - enabled: false + enabled: true enabledNamespaces: - namespaceC ``` @@ -270,7 +270,7 @@ datadog: # (...) apm: instrumentation: - enabled: false + enabled: true libVersions: java: v1.18.0 python: v1.20.0 @@ -437,6 +437,16 @@ agents: # (...) ``` +## Set an environment variable with the `--set` helm flag + +You can set environment variables using the `--set` helm's flag thanks to the `datadog.envDict` field. + +For example, to set the `DD_ENV` environment variable: + +```console +$ helm install --set datadog.envDict.DD_ENV=prod datadog/datadog +``` + ## All configuration options The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/charts/datadog/ci/agent-apm-use-local-service-values.yaml b/charts/datadog/ci/agent-apm-use-local-service-values.yaml new file mode 100644 index 000000000..baec19cf1 --- /dev/null +++ b/charts/datadog/ci/agent-apm-use-local-service-values.yaml @@ -0,0 +1,11 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubelet: + tlsVerify: false + dogstatsd: + useSocketVolume: false + apm: + portEnabled: false + socketEnabled: false + useLocalService: true diff --git a/charts/datadog/ci/agent-otel-collector-no-config-values.yaml b/charts/datadog/ci/agent-otel-collector-no-config-values.yaml new file mode 100644 index 000000000..f62b4cb66 --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-no-config-values.yaml @@ -0,0 +1,16 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true diff --git a/charts/datadog/ci/agent-otel-collector-ports-values.yaml b/charts/datadog/ci/agent-otel-collector-ports-values.yaml new file mode 100644 index 000000000..5e82a3350 --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-ports-values.yaml @@ -0,0 +1,41 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + ports: + - containerPort: "5317" + hostPort: "5317" + name: "otel-grpc" + config: | + receivers: + otlp: + protocols: + grpc: + endpoint: "localhost:5317" + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + exporters: [datadog] + metrics: + receivers: [otlp] + exporters: [datadog] + logs: + receivers: [otlp] + exporters: [datadog] diff --git a/charts/datadog/ci/agent-otel-collector-values.yaml b/charts/datadog/ci/agent-otel-collector-values.yaml new file mode 100644 index 000000000..1f845f2d9 --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-values.yaml @@ -0,0 +1,34 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + config: | + receivers: + otlp: + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + exporters: [datadog] + metrics: + receivers: [otlp] + exporters: [datadog] + logs: + receivers: [otlp] + exporters: [datadog] diff --git a/charts/datadog/ci/agent-sbom-snapshotter.yaml b/charts/datadog/ci/agent-sbom-snapshotter-values.yaml similarity index 100% rename from charts/datadog/ci/agent-sbom-snapshotter.yaml rename to charts/datadog/ci/agent-sbom-snapshotter-values.yaml diff --git a/charts/datadog/ci/autoscaling-values.yaml b/charts/datadog/ci/autoscaling-values.yaml new file mode 100644 index 000000000..6d677b170 --- /dev/null +++ b/charts/datadog/ci/autoscaling-values.yaml @@ -0,0 +1,15 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + orchestratorExplorer: + customResources: + - datadoghq.com/v1alpha1/datadogpodautoscalers + autoscaling: + workload: + enabled: true + kubernetesEvents: + unbundleEvents: true +clusterAgent: + image: + tag: beta + doNotCheckTag: true diff --git a/charts/datadog/ci/cluster-agent-values.yaml b/charts/datadog/ci/cluster-agent-values.yaml index e51445d2b..ed84b4d0e 100644 --- a/charts/datadog/ci/cluster-agent-values.yaml +++ b/charts/datadog/ci/cluster-agent-values.yaml @@ -6,6 +6,7 @@ datadog: clusterChecks: enabled: true kubernetesEvents: + filteringEnabled: true unbundleEvents: true clusterTagger: collectKubernetesTags: true diff --git a/charts/datadog/ci/disable-defaultosreleasepath-values.yaml b/charts/datadog/ci/disable-defaultosreleasepath-values.yaml new file mode 100644 index 000000000..ec6a32782 --- /dev/null +++ b/charts/datadog/ci/disable-defaultosreleasepath-values.yaml @@ -0,0 +1,4 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + disableDefaultOsReleasePaths: true diff --git a/charts/datadog/ci/gke-gdc-values.yaml b/charts/datadog/ci/gke-gdc-values.yaml new file mode 100644 index 000000000..1c6fcc087 --- /dev/null +++ b/charts/datadog/ci/gke-gdc-values.yaml @@ -0,0 +1,20 @@ +providers: + gke: + gdc: true + +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + + apm: + socketEnabled: false + portEnabled: false + + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true + + kubeStateMetricsCore: + enabled: true diff --git a/charts/datadog/ci/image-digest-values.yaml b/charts/datadog/ci/image-digest-values.yaml new file mode 100644 index 000000000..c3bf66a1b --- /dev/null +++ b/charts/datadog/ci/image-digest-values.yaml @@ -0,0 +1,9 @@ +clusterAgent: + image: + digest: sha256:28a5e138123e273643527341c3e38721cec2d89a472958df8e956ae681c10d75 # corresponds to 7.59.0 +agents: + image: + digest: sha256:9b4be18f644bd35dad2387f37d9859674080889642b970c0e924d027c4182f6d # corresponds to 7.59.0 +clusterChecksRunner: + image: + digest: sha256:9b4be18f644bd35dad2387f37d9859674080889642b970c0e924d027c4182f6d # corresponds to 7.59.0 diff --git a/charts/datadog/ci/image-digest.yaml b/charts/datadog/ci/image-digest.yaml deleted file mode 100644 index 5e81f2ec4..000000000 --- a/charts/datadog/ci/image-digest.yaml +++ /dev/null @@ -1,9 +0,0 @@ -clusterAgent: - image: - digest: sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108 -agents: - image: - digest: sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108 -clusterChecksRunner: - image: - digest: sha256:4a1c4b21597c1b4415bdbecb28a3296c6b5e23ca4f9feeb599860a1dac6a0108 \ No newline at end of file diff --git a/charts/datadog/ci/kubeval-values.yaml b/charts/datadog/ci/kubeconform-values.yaml similarity index 93% rename from charts/datadog/ci/kubeval-values.yaml rename to charts/datadog/ci/kubeconform-values.yaml index 162127c79..5494bd6c4 100644 --- a/charts/datadog/ci/kubeval-values.yaml +++ b/charts/datadog/ci/kubeconform-values.yaml @@ -4,6 +4,7 @@ datadog: kubelet: hostCAPath: /foo/bar/cert.ca agentCAPath: /bar/foo/cert.ca + coreCheckEnabled: true env: - name: "DD_KUBELET_TLS_VERIFY" value: "false" @@ -36,7 +37,7 @@ clusterAgent: enabled: true createPodDisruptionBudget: true nodeSelector: - kubernetes.io/os: linux + disktype: ssd metricsProvider: enabled: false admissionController: @@ -46,10 +47,10 @@ clusterChecksRunner: enabled: true createPodDisruptionBudget: true nodeSelector: - kubernetes.io/os: linux + disktype: ssd agents: nodeSelector: - kubernetes.io/os: linux + disktype: ssd podSecurity: podSecurityPolicy: create: true diff --git a/charts/datadog/ci/no_hardened_seccomp-values.yaml b/charts/datadog/ci/no-hardened-seccomp-values.yaml similarity index 100% rename from charts/datadog/ci/no_hardened_seccomp-values.yaml rename to charts/datadog/ci/no-hardened-seccomp-values.yaml diff --git a/charts/datadog/ci/otlp-ingest.yaml b/charts/datadog/ci/otlp-ingest-values.yaml similarity index 80% rename from charts/datadog/ci/otlp-ingest.yaml rename to charts/datadog/ci/otlp-ingest-values.yaml index cfeed5ef4..39fb464fd 100644 --- a/charts/datadog/ci/otlp-ingest.yaml +++ b/charts/datadog/ci/otlp-ingest-values.yaml @@ -3,6 +3,6 @@ datadog: receiver: protocols: grpc: - enabled: true + enabled: true http: enabled: true diff --git a/charts/datadog/ci/provider-talos-values.yaml b/charts/datadog/ci/provider-talos-values.yaml new file mode 100644 index 000000000..48de269ef --- /dev/null +++ b/charts/datadog/ci/provider-talos-values.yaml @@ -0,0 +1,8 @@ +--- +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + +providers: + talos: + enabled: true diff --git a/charts/datadog/requirements.lock b/charts/datadog/requirements.lock index 6455e2890..87e35aad2 100644 --- a/charts/datadog/requirements.lock +++ b/charts/datadog/requirements.lock @@ -1,9 +1,9 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 1.0.1 + version: 1.7.2 - name: kube-state-metrics repository: https://prometheus-community.github.io/helm-charts version: 2.13.2 -digest: sha256:10386038ff3fcdc2e2402135f2b94a587bdd4c2f13f5a3ff0eba381942e84bdc -generated: "2023-07-12T12:26:01.725393+02:00" +digest: sha256:ffe3215351a645d08a42bdb49ea28563f77f63372f4ed926e5bae5b5dc1511c6 +generated: "2024-08-02T09:23:56.854712+02:00" diff --git a/charts/datadog/requirements.yaml b/charts/datadog/requirements.yaml index 18ca3dc6c..a80b3b360 100644 --- a/charts/datadog/requirements.yaml +++ b/charts/datadog/requirements.yaml @@ -1,8 +1,8 @@ dependencies: - name: datadog-crds - version: 1.0.1 + version: 1.7.2 repository: https://helm.datadoghq.com - condition: clusterAgent.metricsProvider.useDatadogMetrics + condition: datadog.autoscaling.workload.enabled,clusterAgent.metricsProvider.useDatadogMetrics tags: - install-crds - name: kube-state-metrics diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index c91017e0a..692d62f9b 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -27,6 +27,7 @@ Then run: {{- end }} {{- $healthPort := .Values.agents.containers.agent.healthPort }} + {{- with $liveness := .Values.agents.containers.agent.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -37,6 +38,7 @@ Then run: Node Agent liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.agents.containers.agent.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -47,6 +49,18 @@ Node Agent liveness probe port ({{ $liveness.port }}) is different from the conf Node Agent readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + +{{- with $startup := .Values.agents.containers.agent.startupProbe.httpGet }} +{{- if and $startup.port (ne $healthPort $startup.port) }} + +############################################################################## +#### ERROR: Node Agent startup probe misconfiguration #### +############################################################################## + +Node Agent readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). +{{- end }} +{{- end }} + {{- if eq (include "should-deploy-cluster-agent" .) "true" }} {{- if .Values.clusterAgent.metricsProvider.enabled }} @@ -65,6 +79,7 @@ Create an application key at https://app.datadoghq.com/account/settings#api {{- end }} {{- end }} {{- $healthPort := .Values.clusterAgent.healthPort }} + {{- with $liveness := .Values.clusterAgent.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -75,6 +90,7 @@ Create an application key at https://app.datadoghq.com/account/settings#api Cluster Agent liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.clusterAgent.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -85,8 +101,21 @@ Cluster Agent liveness probe port ({{ $liveness.port }}) is different from the c Cluster Agent readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + + {{- with $startup := .Values.clusterAgent.startupProbe.httpGet }} + {{- if and $startup.port (ne $healthPort $startup.port) }} + +############################################################################## +#### ERROR: Cluster Agent startup probe misconfiguration #### +############################################################################## + +Cluster Agent readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). + {{- end }} + {{- end }} + {{- if (eq (include "should-enable-cluster-check-workers" .) "true") }} {{- $healthPort := .Values.clusterChecksRunner.healthPort }} + {{- with $liveness := .Values.clusterChecksRunner.livenessProbe.httpGet }} {{- if and $liveness.port (ne $healthPort $liveness.port) }} @@ -97,6 +126,7 @@ Cluster Agent readiness probe port ({{ $readiness.port }}) is different from the Cluster Checks Runner liveness probe port ({{ $liveness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + {{- with $readiness := .Values.clusterChecksRunner.readinessProbe.httpGet }} {{- if and $readiness.port (ne $healthPort $readiness.port) }} @@ -107,6 +137,18 @@ Cluster Checks Runner liveness probe port ({{ $liveness.port }}) is different fr Cluster Checks Runner readiness probe port ({{ $readiness.port }}) is different from the configured health port ({{ $healthPort }}). {{- end }} {{- end }} + + {{- with $startup := .Values.clusterChecksRunner.startupProbe.httpGet }} + {{- if and $startup.port (ne $healthPort $startup.port) }} + +##################################################################################### +#### ERROR: Cluster Checks Runner startup probe misconfiguration #### +##################################################################################### + +Cluster Checks Runner readiness probe port ({{ $startup.port }}) is different from the configured health port ({{ $healthPort }}). + {{- end }} + {{- end }} + {{- end }} {{- end }} {{- if or .Values.datadog.apm.enabled .Values.datadog.apm.portEnabled }} @@ -135,44 +177,44 @@ The Datadog Agent is listening on port {{ $apmPort }} for APM service. {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled (eq (include "cluster-agent-enabled" .) "false")}} +{{- if and (((.Values.datadog.autoscaling).workload).enabled) (not .Values.remoteConfiguration.enabled) }} -################################################################# -#### WARNING: Configuration notice #### -################################################################# +################################################################################### +#### ERROR: Container Autoscaling misconfiguration #### +################################################################################### -{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. To enable it please set clusterAgent.enabled to 'true'." }} +{{- fail "Workload autoscaling is activated without remote configuration. Remote configuration is required (remoteConfiguration.enabled = true)" }} {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled (not .Values.clusterAgent.admissionController.enabled)}} +{{- if and .Values.datadog.apm.instrumentation.enabled (eq (include "cluster-agent-enabled" .) "false")}} ################################################################# #### WARNING: Configuration notice #### ################################################################# -{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the admission controller. This configuration is unsupported. To enable it please set clusterAgent.admissionController.enabled to 'true'." }} +{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. To enable it please set clusterAgent.enabled to 'true'." }} {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled_namespaces (eq (include "cluster-agent-enabled" .) "false")}} +{{- if and .Values.datadog.apm.instrumentation.enabled (not .Values.clusterAgent.admissionController.enabled)}} ################################################################# #### WARNING: Configuration notice #### ################################################################# -You are using datadog.apm.instrumentation.enabledNamespaces but you disabled the cluster agent. This configuration is unsupported and Kubernetes resource monitoring has been turned off. -To enable it please set clusterAgent.enabled to 'true'. +{{- fail "You are using datadog.apm.instrumentation.enabled but you disabled the admission controller. This configuration is unsupported. To enable it please set clusterAgent.admissionController.enabled to 'true'." }} + {{- end }} -{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.enabledNamespaces }} +{{- if and .Values.datadog.apm.instrumentation.enabledNamespaces (not .Values.datadog.apm.instrumentation.enabled) }} ################################################################# #### WARNING: Configuration notice #### ################################################################# -The options `datadog.apm.instrumentation.enabled` and `datadog.apm.instrumentation.enabledNamespaces` are set together. -APM Single Step Instrumentation will be enabled in the whole cluster. +The option `datadog.apm.instrumentation.enabledNamespaces` is set while `datadog.apm.instrumentation.enabled` is disabled. +APM Single Step Instrumentation will be disabled in the whole cluster. {{- end }} @@ -198,6 +240,20 @@ The option `datadog.apm.socketEnabled` is enabled by default and can be used to {{- end }} +{{- if .Values.datadog.apm.useLocalService }} + +################################################################# +#### WARNING: Configuration notice #### +################################################################# + +The option `datadog.apm.useLocalService` will disable the trace-agent's hostPort. +Make sure that `datadog.apm.portEnabled` is set to `false` for this to take effect. + +If you are using the Admission Controller APM library injection method to send traces to Datadog, this option will send traces via TCP to the local service. +Make sure that `datadog.apm.socketEnabled` is set to `false` when enabling this or it defaults to sending traces via UDS. + +{{- end }} + {{- if or .Values.datadog.systemProbe.enableKernelHeaderDownload .Values.datadog.systemProbe.enableRuntimeCompiler }} ################################################################# @@ -296,7 +352,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes ##################################################################### #### WARNING: System Probe is not supported on GKE Autopilot #### ##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled' must be set 'false'" }} +{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} {{- end }} @@ -368,6 +424,20 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} + +{{- if or .Values.datadog.sbom.containerImage.enabled .Values.datadog.sbom.host.enabled }} + +####################################################################################### +#### WARNING: SBOM Monitoring is not supported on GKE Autopilot #### +####################################################################################### + +On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'datadog.sbom.containerImage.enabled' and 'datadog.sbom.host.enabled' must be set to 'false'. + +{{- end }} + +{{- end }} + {{- if and (.Values.datadog.dogstatsd.useSocketVolume) (eq .Values.targetSystem "windows") }} ################################################################################### @@ -478,6 +548,25 @@ More information about this change: https://github.com/DataDog/helm-charts/pull/ {{- end }} +{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") (eq (include "should-enable-sbom-host-fs-collection" .) "true") }} +################################################################# +#### ERROR: Configuration notice #### +################################################################# +The SBOM host filesystem collection feature requires access to the os-release information from the host. +`datadog.sbom.host.enabled: true` can't be used with `datadog.disableDefaultOsReleasePaths: true`. +{{- fail "The SBOM host filesystem collection feature requires access to the os-release information from the host." }} +{{- end }} + +{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") (eq (include "should-enable-system-probe" .) "true") }} +################################################################# +#### ERROR: Configuration notice #### +################################################################# +The current set of options used to install the chart requires the system-probe container to be enabled. +However, the `datadog.disableDefaultOsReleasePaths` option set to `true` and `datadog.osReleasePath` is empty which is not compatible when the system-probe container is required. +{{- fail "OS Release information is required when system-probe is enabled." }} +{{- end }} + + {{- $hasContainerIncludeEnv := false }} {{- range $key := .Values.datadog.env }} {{- if eq $key.name "DD_CONTAINER_INCLUDE" }} @@ -534,7 +623,7 @@ To send OTLP data to the Agent use the Service created by specifying "http://{{ ################################################################# #### WARNING: Incompatibility #### ################################################################# -You have enabled creataion of PodSecurityPolicy, however PSP have been removed from Kubernetes >= 1.25, thus PSP will not be created. +You have enabled creation of PodSecurityPolicy, however PSP have been removed from Kubernetes >= 1.25, thus PSP will not be created. You should deactivate these options: clusterAgent.podSecurity.podSecurityPolicy.create and/or agents.podSecurity.podSecurityPolicy.create {{- end }} @@ -548,3 +637,20 @@ You are using the datadog.securityAgent.compliance.xccdf.enabled parameter which This version still supports both but the support of the old name will be dropped in the next major version of our Helm chart. More information about this change: https://github.com/DataDog/helm-charts/pull/1161 {{- end }} + + +{{- if and (eq (include "should-enable-otel-agent" .) "true") .Values.providers.gke.autopilot }} +################################################################# +#### WARNING: Configuration notice #### +################################################################# +OTel collector is not supported on GKE Autopilot. +{{- fail "The OTel collector cannot be run on GKE Autopilot." }} +{{- end }} + + +{{- if (eq (include "should-enable-otel-agent" .) "true") }} +################################################################# +#### WARNING: Private Beta notice #### +################################################################# +OTel collector is in preview. Please reach out to your Datadog representative for more information. +{{- end }} diff --git a/charts/datadog/templates/_ac-agent-sidecar-env.yaml b/charts/datadog/templates/_ac-agent-sidecar-env.yaml new file mode 100644 index 000000000..0e9799d38 --- /dev/null +++ b/charts/datadog/templates/_ac-agent-sidecar-env.yaml @@ -0,0 +1,47 @@ +{{- define "ac-agent-sidecar-env" -}} +{{- if and .Values.clusterAgent.admissionController.enabled .Values.clusterAgent.admissionController.agentSidecarInjection.enabled }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "true" +{{- else }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "false" +{{- end }} +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.provider }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.containerRegistry }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.imageName }} +{{- else if .Values.agents.image.name}} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: {{ .Values.agents.image.name }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.imageTag }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: {{ .Values.clusterAgent.admissionController.agentSidecarInjection.imageTag }} +{{- else if .Values.agents.image.tag}} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: {{ .Values.agents.image.tag }} +{{- end }} + +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.selectors }}' +{{- end }} +{{- if .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }} +- name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '{{ toJson .Values.clusterAgent.admissionController.agentSidecarInjection.profiles }}' +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/datadog/templates/_components-common-env.yaml b/charts/datadog/templates/_components-common-env.yaml index 8ddd83a99..0ca7b0363 100644 --- a/charts/datadog/templates/_components-common-env.yaml +++ b/charts/datadog/templates/_components-common-env.yaml @@ -1,5 +1,5 @@ # The purpose of this template is to define a minimal set of environment -# variables shared between components: agent, cluster-agent +# variables shared between components: agent, cluster-agent and cluster checks runner {{- define "components-common-env" -}} {{- if .Values.datadog.secretBackend.command }} - name: DD_SECRET_BACKEND_COMMAND @@ -16,7 +16,7 @@ {{- if .Values.datadog.clusterName }} {{- template "check-cluster-name" . }} - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} + value: {{ tpl .Values.datadog.clusterName . | quote }} {{- end }} {{- if .Values.datadog.tags }} - name: DD_TAGS @@ -38,6 +38,18 @@ - name: DD_KUBERNETES_NAMESPACE_LABELS_AS_TAGS value: '{{ toJson .Values.datadog.namespaceLabelsAsTags }}' {{- end }} +{{- if .Values.datadog.namespaceAnnotationsAsTags }} +- name: DD_KUBERNETES_NAMESPACE_ANNOTATIONS_AS_TAGS + value: '{{ toJson .Values.datadog.namespaceAnnotationsAsTags }}' +{{- end }} +{{- if .Values.datadog.kubernetesResourcesLabelsAsTags }} +- name: DD_KUBERNETES_RESOURCES_LABELS_AS_TAGS + value: '{{ toJson .Values.datadog.kubernetesResourcesLabelsAsTags }}' +{{- end}} +{{- if .Values.datadog.kubernetesResourcesAnnotationsAsTags }} +- name: DD_KUBERNETES_RESOURCES_ANNOTATIONS_AS_TAGS + value: '{{ toJson .Values.datadog.kubernetesResourcesAnnotationsAsTags }}' +{{- end}} - name: KUBERNETES value: "yes" {{- if .Values.datadog.site }} @@ -52,4 +64,10 @@ - name: DD_EXCLUDE_PAUSE_CONTAINER value: "false" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt +- name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key +{{- end }} {{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index d7da8c1db..6a313d47f 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["agent", "run"] -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" .Values.datadog.sbom.containerImage.uncompressedLayersSupport) | indent 2 }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.agent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version "sysAdmin" (and (eq (include "should-enable-sbom-container-image-collection" .) "true") (and .Values.datadog.sbom.containerImage.uncompressedLayersSupport (not .Values.datadog.sbom.containerImage.overlayFSDirectScan)))) | indent 2 }} resources: {{- if and (empty .Values.agents.containers.agent.resources) .Values.providers.gke.autopilot -}} {{ include "default-agent-container-resources" . | indent 4 }} @@ -62,6 +62,8 @@ env: {{- include "containers-common-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} + {{- include "processes-common-envs" . | nindent 4 }} + {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.agent.logLevel | default .Values.datadog.logLevel | quote }} @@ -77,6 +79,12 @@ {{- if .Values.datadog.dogstatsd.originDetection }} - name: DD_DOGSTATSD_ORIGIN_DETECTION value: {{ .Values.datadog.dogstatsd.originDetection | quote }} + - name: DD_DOGSTATSD_ORIGIN_DETECTION_CLIENT + value: {{ .Values.datadog.dogstatsd.originDetection | quote }} + {{- end }} + {{- if .Values.datadog.originDetectionUnified.enabled }} + - name: DD_ORIGIN_DETECTION_UNIFIED + value: {{ .Values.datadog.originDetectionUnified.enabled | quote }} {{- end }} {{- if .Values.datadog.dogstatsd.tagCardinality }} - name: DD_DOGSTATSD_TAG_CARDINALITY @@ -105,7 +113,7 @@ {{- include "containers-cluster-agent-env" . | nindent 4 }} {{- end }} - name: DD_APM_ENABLED - value: "false" + value: {{ include "should-enable-trace-agent" . | quote }} - name: DD_LOGS_ENABLED value: {{ (default false (or .Values.datadog.logs.enabled .Values.datadog.logsEnabled)) | quote}} - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL @@ -117,7 +125,7 @@ - name: DD_HEALTH_PORT {{- $healthPort := .Values.agents.containers.agent.healthPort }} value: {{ $healthPort | quote }} - {{- if eq .Values.targetSystem "linux" }} + {{- if and (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc) }} - name: DD_DOGSTATSD_SOCKET value: {{ .Values.datadog.dogstatsd.socketPath | quote }} {{- end }} @@ -154,10 +162,8 @@ - name: DD_CHECKS_TAG_CARDINALITY value: {{ .Values.datadog.checksCardinality | quote }} {{- end }} - {{- if .Values.datadog.containerLifecycle.enabled }} - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: {{ .Values.datadog.containerLifecycle.enabled | quote }} - {{- end }} + value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} - name: DD_EXPVAR_PORT @@ -168,24 +174,37 @@ - name: DD_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} - {{- if or .Values.datadog.sbom.host.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") }} + {{- if or (eq (include "should-enable-sbom-host-fs-collection" .) "true") (eq (include "should-enable-sbom-container-image-collection" .) "true") }} - name: DD_SBOM_ENABLED value: "true" {{- if eq (include "should-enable-sbom-container-image-collection" .) "true" }} - name: DD_SBOM_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} + {{- if (eq (include "should-enable-sbom-container-image-collection" .) "true") }} {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if .Values.datadog.sbom.containerImage.overlayFSDirectScan }} + - name: DD_SBOM_CONTAINER_IMAGE_OVERLAYFS_DIRECT_SCAN + value: "true" + {{- else }} - name: DD_SBOM_CONTAINER_IMAGE_USE_MOUNT value: "true" {{- end }} - {{- if .Values.datadog.sbom.host.enabled }} + {{- end }} + {{- end }} + {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: DD_SBOM_HOST_ENABLED value: "true" - name: HOST_ROOT value: /host {{- end }} {{- end }} + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: {{ .Values.datadog.kubelet.coreCheckEnabled | quote | default "true" }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: DD_OTELCOLLECTOR_ENABLED + value: "true" + {{- end }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: @@ -222,6 +241,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false @@ -242,6 +262,12 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true + {{- if and (eq (include "should-add-host-path-for-etc-passwd" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true") }} + - name: passwd + mountPath: /etc/passwd + readOnly: true + {{- end }} + {{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir mountPath: /opt/datadog-agent/run @@ -255,19 +281,22 @@ mountPath: /var/log/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if not .Values.datadog.criSocketPath }} + {{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - name: logdockercontainerpath mountPath: /var/lib/docker/containers mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} {{- end }} - {{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") (or .Values.datadog.sbom.containerImage.uncompressedLayersSupport .Values.datadog.sbom.containerImage.overlayFSDirectScan)}} - name: host-containerd-dir mountPath: /host/var/lib/containerd readOnly: true + - name: host-docker-dir + mountPath: /host/var/lib/docker + readOnly: true {{- end }} - {{- if .Values.datadog.sbom.host.enabled }} + {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: host-apk-dir mountPath: /host/var/lib/apk readOnly: true @@ -277,6 +306,7 @@ - name: host-rpm-dir mountPath: /host/var/lib/rpm readOnly: true + {{- if eq (include "should-add-host-path-for-os-release-paths" .) "true" }} {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} - name: etc-redhat-release mountPath: /host/etc/redhat-release @@ -299,6 +329,7 @@ {{- end }} {{- end }} {{- end }} + {{- end }} {{- if eq .Values.targetSystem "windows" }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - name: pointerdir @@ -315,6 +346,10 @@ {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} {{- end }} + {{- if .Values.providers.gke.gdc }} + - name: kubelet-cert-volume + mountPath: /certs + {{- end }} {{- if .Values.agents.volumeMounts }} {{ toYaml .Values.agents.volumeMounts | indent 4 }} {{- end }} @@ -324,4 +359,9 @@ readinessProbe: {{- $ready := .Values.agents.containers.agent.readinessProbe }} {{ include "probe.http" (dict "path" "/ready" "port" $healthPort "settings" $ready) | indent 4 }} +{{- if (not .Values.providers.gke.autopilot) }} + startupProbe: +{{- $startup := .Values.agents.containers.agent.startupProbe }} +{{ include "probe.http" (dict "path" "/startup" "port" $healthPort "settings" $startup) | indent 4 }} +{{- end }} {{- end -}} diff --git a/charts/datadog/templates/_container-cri-volumemounts.yaml b/charts/datadog/templates/_container-cri-volumemounts.yaml index fa85ce44e..af88ed5f3 100644 --- a/charts/datadog/templates/_container-cri-volumemounts.yaml +++ b/charts/datadog/templates/_container-cri-volumemounts.yaml @@ -1,5 +1,5 @@ {{- define "container-crisocket-volumemounts" -}} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if eq .Values.targetSystem "linux" }} - name: runtimesocketdir mountPath: {{ print "/host/" (dir (include "datadog.dockerOrCriSocketPath" .)) | clean }} diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index 7e3ad1ac4..af1cfea68 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,11 +1,15 @@ {{- define "linux-container-host-release-volumemounts" -}} -{{- if eq (include "should-enable-system-probe" .) "true" }} +{{- if or .Values.datadog.osReleasePath .Values.datadog.systemProbe.osReleasePath }} + {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} + {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} readOnly: true -{{- else if not .Values.providers.gke.autopilot}} + {{- else if .Values.datadog.osReleasePath }} - name: os-release-file mountPath: /host{{ .Values.datadog.osReleasePath }} readOnly: true + {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml new file mode 100644 index 000000000..193748157 --- /dev/null +++ b/charts/datadog/templates/_container-otel-agent.yaml @@ -0,0 +1,81 @@ +{{- define "container-otel-agent" -}} +- name: otel-agent + image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} + {{- if eq .Values.targetSystem "linux" }} + command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml"] + {{- end -}} + {{- if eq .Values.targetSystem "windows" }} + command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml"] + {{- end -}} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.otelAgent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} + resources: +{{ toYaml .Values.agents.containers.otelAgent.resources | indent 4 }} + ports: + {{- range .Values.datadog.otelCollector.ports }} + - containerPort: {{ .containerPort }} + {{- if .hostPort }} + hostPort: {{ .hostPort }} + {{- end }} + protocol: TCP + name: {{ .name }} + {{- end }} +{{- if or .Values.datadog.envFrom .Values.agents.containers.otelAgent.envFrom }} + envFrom: +{{- if .Values.datadog.envFrom }} +{{ .Values.datadog.envFrom | toYaml | indent 4 }} +{{- end }} +{{- if .Values.agents.containers.otelAgent.envFrom }} +{{ .Values.agents.containers.otelAgent.envFrom | toYaml | indent 4 }} +{{- end }} +{{- end }} + env: + {{- include "containers-common-env" . | nindent 4 }} + {{- include "containers-cluster-agent-env" . | nindent 4 }} + {{- include "fips-envvar" . | nindent 4 }} + - name: DD_LOG_LEVEL + value: {{ .Values.agents.containers.otelAgent.logLevel | default .Values.datadog.logLevel | quote }} + {{- include "additional-env-entries" .Values.agents.containers.otelAgent.env | indent 4 }} + {{- include "additional-env-dict-entries" .Values.agents.containers.otelAgent.envDict | indent 4 }} + volumeMounts: + - name: config + mountPath: {{ template "datadog.confPath" . }} + readOnly: true + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs + {{- if (not .Values.providers.gke.autopilot) }} + - name: auth-token + mountPath: {{ template "datadog.confPath" . }}/auth + readOnly: true + {{- end }} + - name: otelconfig + mountPath: {{ template "datadog.otelconfPath" . }} + readOnly: true + {{- if eq .Values.targetSystem "linux" }} + {{- if not .Values.providers.gke.autopilot }} + - name: procdir + mountPath: /host/proc + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true + {{- end }} + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} + readOnly: true + {{- end }} + {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- include "container-cloudinit-volumemounts" . | nindent 4 }} + {{- if .Values.datadog.kubelet.hostCAPath }} +{{ include "datadog.kubelet.volumeMount" . | indent 4 }} + {{- end }} +{{- if .Values.agents.volumeMounts }} +{{ toYaml .Values.agents.volumeMounts | indent 4 }} +{{- end }} +{{- end -}} diff --git a/charts/datadog/templates/_container-process-agent.yaml b/charts/datadog/templates/_container-process-agent.yaml index 1c23238a0..a75b11f02 100644 --- a/charts/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/templates/_container-process-agent.yaml @@ -32,16 +32,7 @@ {{- include "containers-common-env" . | nindent 4 }} {{- include "containers-cluster-agent-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} - {{- if .Values.datadog.processAgent.processCollection }} - - name: DD_PROCESS_AGENT_ENABLED - value: "true" - {{- end }} - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: {{ .Values.datadog.processAgent.processDiscovery | quote }} - {{- if .Values.datadog.processAgent.stripProcessArguments }} - - name: DD_STRIP_PROCESS_ARGS - value: "true" - {{- end }} + {{- include "processes-common-envs" . | nindent 4 }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.processAgent.logLevel | default .Values.datadog.logLevel | quote }} - name: DD_SYSTEM_PROBE_ENABLED @@ -92,7 +83,7 @@ mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true - {{- if or .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery}} + {{- if and (eq (include "should-add-host-path-for-etc-passwd" .) "true") (or .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery .Values.datadog.processAgent.containerCollection) }} - name: passwd mountPath: /etc/passwd readOnly: true diff --git a/charts/datadog/templates/_container-security-agent.yaml b/charts/datadog/templates/_container-security-agent.yaml index 29656fc2c..7269ddd8f 100644 --- a/charts/datadog/templates/_container-security-agent.yaml +++ b/charts/datadog/templates/_container-security-agent.yaml @@ -34,22 +34,22 @@ {{- if .Values.datadog.securityAgent.compliance.enabled }} - name: DD_COMPLIANCE_CONFIG_CHECK_INTERVAL value: {{ .Values.datadog.securityAgent.compliance.checkInterval | quote }} - {{- if or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled }} - name: DD_COMPLIANCE_CONFIG_XCCDF_ENABLED - value: "true" + value: {{ (or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled) | quote }} - name: DD_COMPLIANCE_CONFIG_HOST_BENCHMARKS_ENABLED - value: "true" - {{- end }} + value: {{ (or .Values.datadog.securityAgent.compliance.xccdf.enabled .Values.datadog.securityAgent.compliance.host_benchmarks.enabled) | quote }} - name: HOST_ROOT value: /host/root {{- end }} - name: DD_RUNTIME_SECURITY_CONFIG_ENABLED - value: {{ .Values.datadog.securityAgent.runtime.enabled | quote }} + value: {{ .Values.datadog.securityAgent.runtime.enabled | quote }} {{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled }} - name: DD_RUNTIME_SECURITY_CONFIG_POLICIES_DIR value: "/etc/datadog-agent/runtime-security.d" - name: DD_RUNTIME_SECURITY_CONFIG_SOCKET value: /var/run/sysprobe/runtime-security.sock + - name: DD_RUNTIME_SECURITY_CONFIG_USE_SECRUNTIME_TRACK + value: {{ .Values.datadog.securityAgent.runtime.useSecruntimeTrack | quote }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - name: DD_DOGSTATSD_SOCKET @@ -91,9 +91,11 @@ - name: cgroups mountPath: /host/sys/fs/cgroup readOnly: true + {{- if (eq (include "should-add-host-path-for-etc-passwd" .) "true") }} - name: passwd mountPath: /etc/passwd readOnly: true + {{- end }} - name: group mountPath: /etc/group readOnly: true diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index c891a30d1..6e3127392 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -43,6 +43,12 @@ mountPath: /sys/kernel/debug mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: false # Need RW for kprobe_events +{{- if .Values.datadog.networkMonitoring.enabled }} + - name: bpffs + mountPath: /sys/fs/bpf + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true +{{- end }} - name: config mountPath: {{ template "datadog.confPath" . }} readOnly: true @@ -64,8 +70,14 @@ mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true +{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.networkMonitoring.enabled .Values.datadog.discovery.enabled }} + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true +{{- end }} {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} - {{- if .Values.datadog.systemProbe.enableDefaultOsReleasePaths }} + {{- if (eq (include "should-add-host-path-for-os-release-paths" .) "true") }} {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} - name: etc-redhat-release mountPath: /host/etc/redhat-release diff --git a/charts/datadog/templates/_container-trace-agent.yaml b/charts/datadog/templates/_container-trace-agent.yaml index 574ddb406..adf37d1ba 100644 --- a/charts/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/templates/_container-trace-agent.yaml @@ -90,7 +90,7 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{- if not .Values.providers.gke.autopilot }} + {{- if not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc) }} - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} @@ -103,6 +103,7 @@ - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory + {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} readOnly: false # Need RW for UDS DSD socket @@ -113,6 +114,7 @@ {{- end }} {{- end }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.datadog.kubelet.hostCAPath }} {{ include "datadog.kubelet.volumeMount" . | indent 4 }} diff --git a/charts/datadog/templates/_containers-common-env.yaml b/charts/datadog/templates/_containers-common-env.yaml index dfb27ea2d..84428aeb1 100644 --- a/charts/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/templates/_containers-common-env.yaml @@ -13,6 +13,7 @@ value: {{ template "datadog.confPath" . }}/auth/token {{- end }} {{ include "components-common-env" . }} +{{ include "language-detection-common-env" . }} {{- if .Values.datadog.kubelet.host }} - name: DD_KUBERNETES_KUBELET_HOST {{ toYaml .Values.datadog.kubelet.host | indent 2 }} @@ -29,6 +30,15 @@ - name: DD_KUBERNETES_HTTPS_KUBELET_PORT value: "0" {{- end }} +{{- if .Values.providers.gke.gdc }} +- name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName +- name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" +{{- end }} {{- if eq .Values.targetSystem "linux" }} {{- if .Values.providers.eks.ec2.useHostnameFromFile }} - name: DD_HOSTNAME_FILE @@ -115,7 +125,7 @@ {{- end }} {{- end }} {{- else }} # No support for env AD -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} {{- if or .Values.providers.gke.autopilot .Values.datadog.criSocketPath }} - name: DD_CRI_SOCKET_PATH value: {{ print "/host/" (include "datadog.dockerOrCriSocketPath" .) | clean }} diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index 43b6c2692..8bb250fcf 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,7 +1,7 @@ {{- define "containers-init-linux" -}} - name: init-volume {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -20,7 +20,7 @@ {{- end }} - name: init-config {{- if not .Values.providers.gke.autopilot }} -{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} {{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} @@ -30,9 +30,6 @@ args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - - name: logdatadog - mountPath: {{ template "datadog.logDirectoryPath" . }} - readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path @@ -46,11 +43,16 @@ mountPath: /checks.d readOnly: true {{- end }} + {{- if not .Values.providers.gke.gdc }} + - name: logdatadog + mountPath: {{ template "datadog.logDirectoryPath" . }} + readOnly: false # Need RW to write logs - name: procdir mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- include "container-crisocket-volumemounts" . | nindent 4 }} + {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config mountPath: /etc/datadog-agent/system-probe.yaml diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 636503362..d4ec7904f 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -3,6 +3,14 @@ emptyDir: {} - name: tmpdir emptyDir: {} +- name: s6-run + emptyDir: {} +{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} +- name: confd + configMap: + name: {{ include "agents.confd-configmap-name" . }} +{{- end }} +{{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc name: procdir @@ -14,7 +22,7 @@ path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file {{- end }} -{{- if or (and (eq (include "should-enable-system-probe" .) "true") .Values.datadog.systemProbe.enableDefaultOsReleasePaths) .Values.datadog.sbom.host.enabled }} +{{- if and (eq (include "should-add-host-path-for-os-release-paths" .) "true") (or (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-sbom-host-fs-collection" .) "true")) }} - hostPath: path: /etc/redhat-release name: etc-redhat-release @@ -58,13 +66,6 @@ type: DirectoryOrCreate name: apmsocket {{- end }} -- name: s6-run - emptyDir: {} -{{- if (or (.Values.datadog.confd) (.Values.datadog.autoconf)) }} -- name: confd - configMap: - name: {{ include "agents.confd-configmap-name" . }} -{{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: sysprobe-config configMap: @@ -80,6 +81,11 @@ - hostPath: path: /sys/kernel/debug name: debugfs +{{- if .Values.datadog.networkMonitoring.enabled }} +- hostPath: + path: /sys/fs/bpf + name: bpffs +{{- end }} - name: sysprobe-socket-dir emptyDir: {} {{- if and (eq (include "runtime-compilation-enabled" .) "true") .Values.datadog.systemProbe.enableDefaultKernelHeadersPaths }} @@ -137,7 +143,7 @@ name: btf-path {{- end }} {{- end }} -{{- if or .Values.datadog.processAgent.enabled (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true") }} +{{- if and (eq (include "should-add-host-path-for-etc-passwd" .) "true") (or (eq (include "process-checks-enabled" .) "true") (eq (include "should-run-process-checks-on-core-agent" .) "true") (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-security-agent" .) "true")) }} - hostPath: path: /etc/passwd name: passwd @@ -147,12 +153,15 @@ path: / name: hostroot {{- end }} -{{- if .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} +{{- if and (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} - hostPath: path: /var/lib/containerd name: host-containerd-dir +- hostPath: + path: /var/lib/docker + name: host-docker-dir {{- end }} -{{- if .Values.datadog.sbom.host.enabled }} +{{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - hostPath: path: /var/lib/apk name: host-apk-dir @@ -180,6 +189,12 @@ name: {{ .Values.datadog.securityAgent.runtime.policies.configMap }} {{- end }} {{- end }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} +- hostPath: + path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} + name: runtimesocketdir +{{- end }} +{{- end }} {{- if or .Values.datadog.logs.enabled .Values.datadog.logsEnabled }} - hostPath: path: {{ template "datadog.hostMountRoot" . }}/logs @@ -190,15 +205,15 @@ - hostPath: path: /var/log/containers name: logscontainerspath -{{- if not .Values.datadog.criSocketPath }} +{{- if and (not .Values.datadog.criSocketPath) (not .Values.providers.gke.gdc) }} - hostPath: path: /var/lib/docker/containers name: logdockercontainerpath {{- end }} {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} -- hostPath: - path: {{ dir (include "datadog.dockerOrCriSocketPath" .) }} - name: runtimesocketdir +{{- if .Values.providers.gke.gdc }} +- secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume {{- end }} {{- end -}} diff --git a/charts/datadog/templates/_daemonset-volumes-windows.yaml b/charts/datadog/templates/_daemonset-volumes-windows.yaml index 39598e91b..55a606065 100644 --- a/charts/datadog/templates/_daemonset-volumes-windows.yaml +++ b/charts/datadog/templates/_daemonset-volumes-windows.yaml @@ -21,7 +21,7 @@ path: C:/ProgramData name: logdockercontainerpath {{- end }} -{{- if .Values.datadog.containerRuntimeSupport.enabled }} +{{- if (eq (include "container-runtime-support-enabled" .) "true") }} - hostPath: path: {{ template "datadog.dockerOrCriSocketPath" . }} name: runtimesocket diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index a66fc4e10..0cebfd456 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -1,18 +1,24 @@ {{/* vim: set filetype=mustache: */}} -{{- define "check-version" -}} -{{- if not .Values.agents.image.doNotCheckTag -}} +{{/* + Returns node agent version based on image tag. This assumes `agents.image.doNotCheckTag` is false. +*/}} +{{- define "get-agent-version" -}} {{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} {{- $length := len (split "." $version) -}} {{- if and (eq $length 1) (eq $version "6") -}} -{{- $version = "6.36.0" -}} +{{- $version = "6.55.1" -}} {{- end -}} -{{- if and (eq $length 1) (eq $version "7") -}} -{{- $version = "7.36.0" -}} +{{- if and (eq $length 1) (or (eq $version "7") (eq $version "latest")) -}} +{{- $version = "7.59.0" -}} {{- end -}} -{{- if and (eq $length 1) (eq $version "latest") -}} -{{- $version = "7.36.0" -}} +{{- $version -}} {{- end -}} + + +{{- define "check-version" -}} +{{- if not .Values.agents.image.doNotCheckTag -}} +{{- $version := (include "get-agent-version" .) -}} {{- if not (semverCompare "^6.36.0-0 || ^7.36.0-0" $version) -}} {{- fail "This version of the chart requires an agent image 7.36.0 or greater. If you want to force and skip this check, use `--set agents.image.doNotCheckTag=true`" -}} {{- end -}} @@ -45,17 +51,7 @@ false {{- define "agent-has-env-ad" -}} {{- if not .Values.agents.image.doNotCheckTag -}} -{{- $version := .Values.agents.image.tag | toString | trimSuffix "-jmx" -}} -{{- $length := len (split "." $version) -}} -{{- if and (eq $length 1) (eq $version "6") -}} -{{- $version = "6.27.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "7") -}} -{{- $version = "7.27.0" -}} -{{- end -}} -{{- if and (eq $length 1) (eq $version "latest") -}} -{{- $version = "7.27.0" -}} -{{- end -}} +{{- $version := (include "get-agent-version" .) -}} {{- if semverCompare "^6.27.0-0 || ^7.27.0-0" $version -}} true {{- else -}} @@ -67,11 +63,12 @@ true {{- end -}} {{- define "check-cluster-name" }} -{{- $length := len .Values.datadog.clusterName -}} +{{- $clusterName := tpl .Values.datadog.clusterName . -}} +{{- $length := len $clusterName -}} {{- if (gt $length 80)}} {{- fail "Your `clusterName` isn’t valid it has to be below 81 chars." -}} {{- end}} -{{- if not (regexMatch "^([a-z]([a-z0-9\\-]*[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]*[a-z0-9])?)$" .Values.datadog.clusterName) -}} +{{- if not (regexMatch "^([a-z]([a-z0-9\\-]*[a-z0-9])?\\.)*([a-z]([a-z0-9\\-]*[a-z0-9])?)$" $clusterName) -}} {{- fail "Your `clusterName` isn’t valid. It must be dot-separated tokens where a token start with a lowercase letter followed by lowercase letters, numbers, or hyphens, can only end with a with [a-z0-9] and has to be below 80 chars." -}} {{- end -}} {{- end -}} @@ -109,6 +106,19 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Return true if the OTelAgent needs to be deployed +*/}} +{{- define "should-enable-otel-agent" -}} +{{- if and .Values.datadog.otelCollector.enabled (not .Values.providers.gke.gdc) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + + + {{/* Return secret name to be used based on provided values. */}} @@ -209,12 +219,26 @@ C:/ProgramData/Datadog {{- end -}} {{- end -}} +{{/* +Return agent config path +*/}} +{{- define "datadog.otelconfPath" -}} +{{- if eq .Values.targetSystem "linux" -}} +/etc/otel-agent +{{- end -}} +{{- if eq .Values.targetSystem "windows" -}} +C:/ProgramData/Datadog +{{- end -}} +{{- end -}} + {{/* Return agent host mount root */}} {{- define "datadog.hostMountRoot" -}} {{- if .Values.providers.gke.autopilot -}} /var/autopilot/addon/datadog +{{- else if .Values.providers.gke.gdc -}} +/var/datadog {{- else -}} /var/lib/datadog-agent {{- end -}} @@ -273,6 +297,8 @@ eu.gcr.io/datadoghq public.ecr.aws/datadog {{- else if eq .datadog.site "ap1.datadoghq.com" -}} asia.gcr.io/datadoghq +{{- else if eq .datadog.site "us3.datadoghq.com" -}} +datadoghq.azurecr.io {{- else -}} gcr.io/datadoghq {{- end -}} @@ -305,7 +331,7 @@ Return a remote image path based on `.Values` (passed as root) and `.` (any `.im Return true if a system-probe feature is enabled. */}} {{- define "system-probe-feature" -}} -{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled -}} +{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.discovery.enabled -}} true {{- else -}} false @@ -316,7 +342,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} true {{- else -}} false @@ -339,7 +365,7 @@ false Return true if the fips side car container should be created. */}} {{- define "should-enable-fips" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.fips.enabled -}} true {{- else -}} false @@ -361,7 +387,7 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} true {{- else -}} false @@ -372,7 +398,7 @@ false Return true if the compliance features should be enabled. */}} {{- define "should-enable-compliance" -}} -{{- if and (not .Values.providers.gke.autopilot) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") .Values.datadog.securityAgent.compliance.enabled -}} true {{- else -}} false @@ -383,7 +409,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -396,7 +422,7 @@ Return true if the hostPid features should be enabled for the Agent pod. {{- define "should-enable-host-pid" -}} {{- if eq .Values.targetSystem "windows" -}} false -{{- else if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} +{{- else if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} true {{- else -}} false @@ -442,7 +468,7 @@ false Return true if a trace-agent needs to be deployed. */}} {{- define "should-enable-trace-agent" -}} -{{- if or (eq (include "trace-agent-use-tcp-port" .) "true") (eq (include "trace-agent-use-uds" .) "true") -}} +{{- if or (eq (include "trace-agent-use-tcp-port" .) "true") (eq (include "trace-agent-use-uds" .) "true") (eq (include "trace-agent-use-local-service" .) "true") -}} true {{- else -}} false @@ -450,10 +476,10 @@ false {{- end -}} {{/* -Return true hostPath should be use for DSD socket. Return always false on GKE autopilot. +Return true hostPath should be use for DSD socket. Return always false on GKE autopilot or GDC. */}} {{- define "should-mount-hostPath-for-dsd-socket" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} {{- if .Values.datadog.dogstatsd.useSocketVolume -}} @@ -464,13 +490,13 @@ false {{- end -}} {{/* -Return true if a APM over UDS is configured. Return always false on GKE autopilot. +Return true if a APM over UDS is configured. Return always false on GKE Autopilot or Google Distributed Cloud. */}} {{- define "trace-agent-use-uds" -}} -{{- if or .Values.providers.gke.autopilot (eq .Values.targetSystem "windows") -}} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc (eq .Values.targetSystem "windows") -}} false {{- end -}} -{{- if or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume -}} +{{- if and (or .Values.datadog.apm.socketEnabled .Values.datadog.apm.useSocketVolume) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -478,9 +504,17 @@ false {{- end -}} {{/* -Return true if a traffic over TCP is configured for APM. +Return true if APM is configured to only use local service via the trace-agent's containerPort otherwise matches datadog.apm.portEnabled. */}} -{{- define "trace-agent-use-tcp-port" -}} +{{- define "trace-agent-use-local-service" -}} +{{- default (include "trace-agent-use-host-port" .) .Values.datadog.apm.useLocalService -}} +{{- end -}} + + +{{/* +Return true if a host port is desired for APM. +*/}} +{{- define "trace-agent-use-host-port" -}} {{- if or .Values.datadog.apm.portEnabled .Values.datadog.apm.enabled -}} true {{- else -}} @@ -488,6 +522,16 @@ false {{- end -}} {{- end -}} +{{/* +Return true if a traffic over TCP is configured for APM. +*/}} +{{- define "trace-agent-use-tcp-port" -}} +{{- if or (eq (include "trace-agent-use-host-port" .) "true") (eq (include "trace-agent-use-local-service" .) "true") -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} {{/* Return true if Kubernetes resource monitoring (orchestrator explorer) should be enabled. @@ -518,6 +562,9 @@ Returns provider kind {{- if .Values.providers.gke.autopilot -}} gke-autopilot {{- end -}} +{{- if .Values.providers.gke.gdc -}} +gke-gdc +{{- end -}} {{- end -}} {{/* @@ -573,6 +620,10 @@ datadog-agent-fips-config {{- end -}} {{- end -}} +{{- define "agents-install-otel-configmap-name" -}} +{{ template "datadog.fullname" . }}-otel-config +{{- end -}} + {{/* Common template labels */}} @@ -826,7 +877,7 @@ In 7.36, `--config` was deprecated and `--cfgpath` should be used instead. {{/* Returns whether or not the underlying OS is Google Container-Optimized-OS -Note: GKE Autopilot clusters only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) +Note: GKE Autopilot only use COS (see https://cloud.google.com/kubernetes-engine/docs/concepts/node-images) */}} {{- define "can-mount-host-usr-src" -}} {{- if or .Values.providers.gke.autopilot .Values.providers.gke.cos -}} @@ -840,7 +891,7 @@ false Returns whether Remote Configuration should be enabled in the agent */}} {{- define "datadog-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) -}} +{{- if and (.Values.remoteConfiguration.enabled) (.Values.datadog.remoteConfiguration.enabled) (not .Values.providers.gke.gdc) -}} true {{- else -}} false @@ -851,7 +902,7 @@ false Returns whether Remote Configuration should be enabled in the cluster agent */}} {{- define "clusterAgent-remoteConfiguration-enabled" -}} -{{- if and (.Values.remoteConfiguration.enabled) (.Values.clusterAgent.admissionController.remoteInstrumentation.enabled) -}} +{{- if and .Values.remoteConfiguration.enabled (or .Values.clusterAgent.admissionController.remoteInstrumentation.enabled (((.Values.datadog.autoscaling).workload).enabled)) (not .Values.providers.gke.gdc ) -}} true {{- else -}} false @@ -874,11 +925,22 @@ Create RBACs for custom resources {{- end }} {{- end }} +{{/* + Return true if Container Runtime Support is enabled +*/}} +{{- define "container-runtime-support-enabled" -}} + {{- if and .Values.datadog.containerRuntimeSupport.enabled (not .Values.providers.gke.gdc) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if container image collection is enabled */}} {{- define "should-enable-container-image-collection" -}} - {{- if and (not .Values.datadog.containerRuntimeSupport.enabled) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} + {{- if and (not (include "container-runtime-support-enabled" .)) (or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled) -}} {{- fail "Container runtime support has to be enabled for container image collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} {{- if or .Values.datadog.containerImageCollection.enabled .Values.datadog.sbom.containerImage.enabled -}} @@ -892,7 +954,7 @@ Create RBACs for custom resources Return true if SBOM collection for container image is enabled */}} {{- define "should-enable-sbom-container-image-collection" -}} - {{- if .Values.datadog.sbom.containerImage.enabled -}} + {{- if and (.Values.datadog.sbom.containerImage.enabled) (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) -}} {{- if not (eq (include "should-enable-container-image-collection" .) "true") -}} {{- fail "Container runtime support has to be enabled for SBOM collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} @@ -903,33 +965,125 @@ Create RBACs for custom resources {{- end -}} {{/* -Return all namespaces with enabled Single Step Instrumentation. If instrumentation.enabledNamespaces contains the namespace where Datadog is installed, -it will be removed. + Return true if SBOM collection for host filesystems is enabled */}} -{{- define "apmInstrumentation.enabledNamespaces" -}} -{{- if and .Values.datadog.apm .Values.datadog.apm.instrumentation -}} -{{- if and .Values.datadog.apm.instrumentation.enabledNamespaces (not .Values.datadog.apm.instrumentation.enabled) -}} -{{- if has .Release.Namespace .Values.datadog.apm.instrumentation.enabledNamespaces -}} -{{- $ns := mustWithout .Values.datadog.apm.instrumentation.enabledNamespaces .Release.Namespace -}} -{{- if $ns -}} -{{- $ns | toJson | quote -}} +{{- define "should-enable-sbom-host-fs-collection" -}} + {{- if and (.Values.datadog.sbom.host.enabled) (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} -{{- else -}} -{{- .Values.datadog.apm.instrumentation.enabledNamespaces | toJson | quote -}} + +{{/* + Return true if language detection feature is enabled +*/}} +{{- define "language-detection-enabled" -}} + {{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.language_detection.enabled -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} + +{{/* + Return true if any process-related check is enabled +*/}} +{{- define "process-checks-enabled" -}} + {{- if .Values.providers.gke.gdc }} + false + {{- end -}} + {{- if or .Values.datadog.processAgent.containerCollection .Values.datadog.processAgent.processCollection .Values.datadog.processAgent.processDiscovery (eq (include "language-detection-enabled" .) "true") -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} + +{{/* + Return value of "DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED" env var in core agent container. +*/}} +{{- define "get-process-checks-in-core-agent-envvar" -}} + {{- range .Values.agents.containers.agent.env -}} + {{- if eq .name "DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED" -}} + {{- .value -}} + {{- end -}} + {{- end -}} {{- end -}} + +{{/* + Returns true if process-related checks should run on the core agent. +*/}} +{{- define "should-run-process-checks-on-core-agent" -}} + {{- if or .Values.providers.gke.gdc .Values.providers.gke.autopilot -}} + false + {{- else if ne .Values.targetSystem "linux" -}} + false + {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} + {{- include "get-process-checks-in-core-agent-envvar" . -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.60.0-0" (include "get-agent-version" .)) -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} {{/* -Return all namespaces with disabled Single Step Instrumentation + Returns true if the process-agent container should be created. */}} -{{- define "apmInstrumentation.disabledNamespaces" -}} -{{- if and .Values.datadog.apm .Values.datadog.apm.instrumentation -}} -{{- if and .Values.datadog.apm.instrumentation.disabledNamespaces .Values.datadog.apm.instrumentation.enabled -}} -{{- append .Values.datadog.apm.instrumentation.disabledNamespaces .Release.Namespace | toJson | quote -}} -{{- else if .Values.datadog.apm.instrumentation.enabled -}} -{{- list .Release.Namespace | toJson | quote -}} +{{- define "should-enable-process-agent" -}} + {{- if .Values.providers.gke.gdc -}} + false + {{- end -}} + {{- if or .Values.datadog.networkMonitoring.enabled .Values.datadog.serviceMonitoring.enabled -}} + true + {{- else if and (not .Values.agents.image.doNotCheckTag) (eq (include "should-enable-k8s-resource-monitoring" .) "true") (semverCompare "<=7.51.0-0" (include "get-agent-version" .)) -}} + true + {{- else if (eq (include "should-run-process-checks-on-core-agent" .) "true") -}} + false + {{- else -}} + {{- include "process-checks-enabled" . -}} + {{- end -}} +{{- end -}} + + +{{- define "get-port-number-from-name" -}} +{{- $portName := .portName -}} +{{- range .ports -}} + {{- if eq .name $portName -}} + {{ .containerPort }} + {{- end -}} +{{- end -}} {{- end -}} + + +{{/* + Returns true if Host paths for default OS Release Paths need to be added to the volumes. +*/}} +{{- define "should-add-host-path-for-os-release-paths" -}} + {{- if ne .Values.targetSystem "linux" -}} + false + {{- else if .Values.providers.talos.enabled -}} + false + {{- else if (and .Values.datadog.systemProbe.enableDefaultOsReleasePaths (not .Values.datadog.disableDefaultOsReleasePaths)) -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} + + +{{/* + Returns true if the host file /etc/passwd should be mounted, else return false. +*/}} +{{- define "should-add-host-path-for-etc-passwd" -}} + {{- if ne .Values.targetSystem "linux" -}} + false + {{- else if .Values.providers.talos.enabled -}} + false + {{- else if not .Values.datadog.disablePasswdMount -}} + true + {{- else -}} + false + {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/_kubernetes_apiserver_config.yaml b/charts/datadog/templates/_kubernetes_apiserver_config.yaml index 0454838a2..208e21594 100644 --- a/charts/datadog/templates/_kubernetes_apiserver_config.yaml +++ b/charts/datadog/templates/_kubernetes_apiserver_config.yaml @@ -1,10 +1,13 @@ {{- define "kubernetes_apiserver-config" -}} -{{- if and .Values.datadog.collectEvents .Values.datadog.kubernetesEvents.unbundleEvents -}} +{{- if .Values.datadog.collectEvents -}} kubernetes_apiserver.yaml: |- init_config: instances: - - unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} + - filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} + unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} + {{- if .Values.datadog.kubernetesEvents.unbundleEvents }} collected_event_types: {{ .Values.datadog.kubernetesEvents.collectedEventTypes | toYaml | nindent 8 }} + {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/_language_detection_env.yaml b/charts/datadog/templates/_language_detection_env.yaml new file mode 100644 index 000000000..5ac676110 --- /dev/null +++ b/charts/datadog/templates/_language_detection_env.yaml @@ -0,0 +1,8 @@ +# The purpose of this template is to define a minimal set of environment +# variables to enable language detection +{{- define "language-detection-common-env" -}} +- name: DD_LANGUAGE_DETECTION_ENABLED + value: {{ include "language-detection-enabled" . | quote }} +- name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: {{ include "language-detection-enabled" . | quote }} +{{- end -}} diff --git a/charts/datadog/templates/_otel_agent_config.yaml b/charts/datadog/templates/_otel_agent_config.yaml new file mode 100644 index 000000000..f0edd35c3 --- /dev/null +++ b/charts/datadog/templates/_otel_agent_config.yaml @@ -0,0 +1,52 @@ +{{- define "otel-agent-config-configmap-content" -}} +otel-config.yaml: {{- if .Values.datadog.otelCollector.config }} {{ toYaml .Values.datadog.otelCollector.config | indent 4 }} + {{- else }} | + receivers: + prometheus: + config: + scrape_configs: + - job_name: "otelcol" + scrape_interval: 10s + static_configs: + - targets: ["0.0.0.0:8888"] + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:{{ include "get-port-number-from-name" (dict "ports" .Values.datadog.otelCollector.ports "portName" "otel-grpc") }} + http: + endpoint: 0.0.0.0:{{ include "get-port-number-from-name" (dict "ports" .Values.datadog.otelCollector.ports "portName" "otel-http") }} + exporters: + debug: + verbosity: detailed + datadog: + api: + key: ${env:DD_API_KEY} + site: {{ .Values.datadog.site | default "" | quote }} + processors: + infraattributes: + cardinality: 2 + batch: + timeout: 10s + connectors: + datadog/connector: + traces: + compute_top_level_by_span_kind: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true + service: + pipelines: + traces: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog, datadog/connector] + metrics: + receivers: [otlp, datadog/connector, prometheus] + processors: [infraattributes, batch] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog] +{{- end -}} +{{- end -}} + diff --git a/charts/datadog/templates/_processes-common-env.yaml b/charts/datadog/templates/_processes-common-env.yaml new file mode 100644 index 000000000..65fcd07f8 --- /dev/null +++ b/charts/datadog/templates/_processes-common-env.yaml @@ -0,0 +1,17 @@ +# Defines set of environment variables for Processes-related checks. +{{- define "processes-common-envs" -}} +{{- if not .Values.providers.gke.gdc }} +- name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: {{ .Values.datadog.processAgent.processCollection | quote }} +- name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: {{ .Values.datadog.processAgent.containerCollection | quote }} +- name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: {{ .Values.datadog.processAgent.processDiscovery | quote }} +- name: DD_STRIP_PROCESS_ARGS + value: {{ .Values.datadog.processAgent.stripProcessArguments | quote }} +{{- if and (eq .Values.targetSystem "linux") (eq (include "get-process-checks-in-core-agent-envvar" .) "") }} +- name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: {{ (include "should-run-process-checks-on-core-agent" .) | quote }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/datadog/templates/_system-probe-init.yaml b/charts/datadog/templates/_system-probe-init.yaml index 99b1f4fbf..cfea181fc 100644 --- a/charts/datadog/templates/_system-probe-init.yaml +++ b/charts/datadog/templates/_system-probe-init.yaml @@ -1,5 +1,8 @@ {{- define "system-probe-init" -}} - name: seccomp-setup +{{- if not .Values.providers.gke.autopilot }} +{{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} +{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: diff --git a/charts/datadog/templates/agent-cilium-network-policy.yaml b/charts/datadog/templates/agent-cilium-network-policy.yaml index 7e7a4c09a..480ac0a7e 100644 --- a/charts/datadog/templates/agent-cilium-network-policy.yaml +++ b/charts/datadog/templates/agent-cilium-network-policy.yaml @@ -89,6 +89,8 @@ specs: - matchName: "api.{{ $.Values.datadog.site }}" - matchName: "agent-intake.logs.{{ $.Values.datadog.site }}" - matchName: "agent-http-intake.logs.{{ $.Values.datadog.site }}" + - matchName: "contimage-intake.{{ $.Values.datadog.site }}" + - matchName: "contlcycle-intake.{{ $.Values.datadog.site }}" - matchName: "process.{{ $.Values.datadog.site }}" - matchName: "orchestrator.{{ $.Values.datadog.site }}" - matchName: "instrumentation-telemetry-intake.{{ $.Values.datadog.site }}" @@ -105,6 +107,8 @@ specs: - matchName: "api.datadoghq.com" - matchName: "agent-intake.logs.datadoghq.com" - matchName: "agent-http-intake.logs.datadoghq.com" + - matchName: "contimage-intake.datadoghq.com" + - matchName: "contlcycle-intake.datadoghq.com" - matchName: "process.datadoghq.com" - matchName: "orchestrator.datadoghq.com" - matchName: "instrumentation-telemetry-intake.datadoghq.com" diff --git a/charts/datadog/templates/agent-clusterchecks-deployment.yaml b/charts/datadog/templates/agent-clusterchecks-deployment.yaml index 235755719..306e53223 100644 --- a/charts/datadog/templates/agent-clusterchecks-deployment.yaml +++ b/charts/datadog/templates/agent-clusterchecks-deployment.yaml @@ -27,6 +27,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: clusterchecks-agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }}-clusterchecks {{- if .Values.clusterChecksRunner.additionalLabels }} {{ toYaml .Values.clusterChecksRunner.additionalLabels | indent 8 }} @@ -77,6 +78,10 @@ spec: command: ["bash", "-c"] args: - cp -r /etc/datadog-agent /opt +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /opt/datadog-agent @@ -93,6 +98,10 @@ spec: command: ["bash", "-c"] args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done +{{- if .Values.clusterChecksRunner.containers.initContainers.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.initContainers.securityContext | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /etc/datadog-agent @@ -116,7 +125,7 @@ spec: image: "{{ include "image-path" (dict "root" .Values "image" .Values.clusterChecksRunner.image) }}" command: ["bash", "-c"] args: - - rm -rf /etc/datadog-agent/conf.d && touch /etc/datadog-agent/datadog.yaml && exec agent run + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run imagePullPolicy: {{ .Values.clusterChecksRunner.image.pullPolicy }} {{- if .Values.clusterChecksRunner.ports }} ports: @@ -132,33 +141,12 @@ spec: {{- end }} {{- end }} env: + {{- include "components-common-env" . | nindent 10 }} - name: DD_API_KEY valueFrom: secretKeyRef: name: {{ template "datadog.apiSecretName" . }} key: api-key - {{- if .Values.datadog.secretBackend.command }} - - name: DD_SECRET_BACKEND_COMMAND - value: {{ .Values.datadog.secretBackend.command | quote }} - {{- end }} - {{- if .Values.datadog.secretBackend.arguments }} - - name: DD_SECRET_BACKEND_ARGUMENTS - value: {{ .Values.datadog.secretBackend.arguments | quote }} - {{- end }} - {{- if .Values.datadog.secretBackend.timeout }} - - name: DD_SECRET_BACKEND_TIMEOUT - value: {{ .Values.datadog.secretBackend.timeout | quote }} - {{- end }} - - name: KUBERNETES - value: "yes" - {{- if .Values.datadog.site }} - - name: DD_SITE - value: {{ .Values.datadog.site | quote }} - {{- end }} - {{- if .Values.datadog.dd_url }} - - name: DD_DD_URL - value: {{ .Values.datadog.dd_url | quote }} - {{- end }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL value: {{ .Values.datadog.logLevel | quote }} @@ -199,11 +187,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - {{- if .Values.datadog.clusterName }} - {{- template "check-cluster-name" . }} - - name: DD_CLUSTER_NAME - value: {{ .Values.datadog.clusterName | quote }} - {{- end }} {{- include "provider-env" . | nindent 10 }} {{- include "fips-envvar" . | nindent 10 }} {{- include "additional-env-entries" .Values.clusterChecksRunner.env | indent 10 }} @@ -213,6 +196,9 @@ spec: {{- include "default-cluster-check-runner-resources" . | indent 10 }} {{- else }} {{ toYaml .Values.clusterChecksRunner.resources | indent 10 }} +{{- if .Values.clusterChecksRunner.containers.agent.securityContext }} + securityContext: +{{ toYaml .Values.clusterChecksRunner.containers.agent.securityContext | indent 10 }} {{- end }} volumeMounts: - name: installinfo @@ -238,6 +224,9 @@ spec: readinessProbe: {{- $ready := .Values.clusterChecksRunner.readinessProbe }} {{ include "probe.http" (dict "settings" $ready "path" "/ready" "port" $healthPort) | indent 10 }} + startupProbe: +{{- $startup := .Values.clusterChecksRunner.startupProbe }} +{{ include "probe.http" (dict "settings" $startup "path" "/startup" "port" $healthPort) | indent 10 }} volumes: - name: installinfo configMap: diff --git a/charts/datadog/templates/agent-services.yaml b/charts/datadog/templates/agent-services.yaml index 491a87862..ce6080d04 100644 --- a/charts/datadog/templates/agent-services.yaml +++ b/charts/datadog/templates/agent-services.yaml @@ -100,5 +100,13 @@ spec: targetPort: {{ .Values.datadog.otlp.receiver.protocols.http.endpoint | regexFind ":[0-9]+$" | trimPrefix ":" }} name: otlphttpport {{- end }} +{{- if eq (include "should-enable-otel-agent" .) "true" }} +{{- range .Values.datadog.otelCollector.ports }} + - protocol: TCP + port: {{ .containerPort }} + targetPort: {{ .containerPort }} + name: {{ .name }} +{{- end }} +{{- end }} internalTrafficPolicy: Local {{ end }} diff --git a/charts/datadog/templates/cluster-agent-cilium-network-policy.yaml b/charts/datadog/templates/cluster-agent-cilium-network-policy.yaml index af98d78de..db2742802 100644 --- a/charts/datadog/templates/cluster-agent-cilium-network-policy.yaml +++ b/charts/datadog/templates/cluster-agent-cilium-network-policy.yaml @@ -189,4 +189,20 @@ specs: - port: {{ include "clusterAgent.metricsProvider.port" . | quote }} protocol: TCP {{- end }} +{{- if .Values.clusterAgent.admissionController.enabled }} + - description: Ingress from API server for admission controller + endpointSelector: + matchLabels: + app: {{ template "datadog.fullname" . }}-cluster-agent + {{- if .Values.clusterAgent.podLabels }} + {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} + {{- end }} + ingress: + - fromEntities: + - kube-apiserver + toPorts: + - ports: + - port: {{ .Values.clusterAgent.admissionController.port | quote }} + protocol: TCP +{{- end }} {{- end }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 3e3204209..7ccbea457 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -38,6 +38,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }}-cluster-agent {{- if .Values.clusterAgent.podLabels }} {{ toYaml .Values.clusterAgent.podLabels | indent 8 }} @@ -166,6 +167,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT {{- $healthPort := .Values.clusterAgent.healthPort }} value: {{ $healthPort | quote }} @@ -176,6 +181,7 @@ spec: key: api-key optional: true {{- include "components-common-env" . | nindent 10 }} + {{- include "language-detection-common-env" . | nindent 10 }} {{- if .Values.clusterAgent.metricsProvider.enabled }} - name: DD_APP_KEY valueFrom: @@ -208,6 +214,10 @@ spec: {{- if .Values.clusterAgent.admissionController.enabled }} - name: DD_ADMISSION_CONTROLLER_ENABLED value: {{ .Values.clusterAgent.admissionController.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: {{ .Values.clusterAgent.admissionController.validation.enabled | quote }} + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: {{ .Values.clusterAgent.admissionController.mutation.enabled | quote }} - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: {{ .Values.clusterAgent.admissionController.webhookName | quote }} - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -219,8 +229,10 @@ spec: value: {{ .Values.clusterAgent.admissionController.configMode }} {{- else if eq (include "trace-agent-use-uds" .) "true" }} value: socket - {{- else if or (eq (include "trace-agent-use-tcp-port" .) "true") ( .Values.providers.gke.autopilot )}} + {{- else if or (eq (include "trace-agent-use-host-port" .) "true") ( .Values.providers.gke.autopilot )}} value: hostip + {{- else if (eq (include "trace-agent-use-local-service" .) "true")}} + value: service {{- else if or (not .Values.datadog.apm.enabled ) (and (eq (include "trace-agent-use-tcp-port" .) "true") (eq (include "trace-agent-use-uds" .) "true")) }} value: socket {{- else }} @@ -237,28 +249,65 @@ spec: - name: DD_ADMISSION_CONTROLLER_PORT value: {{ .Values.clusterAgent.admissionController.port | quote }} {{- end }} - {{- if eq (include "clusterAgent-remoteConfiguration-enabled" .) "true" }} + {{- if .Values.clusterAgent.admissionController.remoteInstrumentation.enabled }} - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PATCHER_ENABLED value: "true" {{- end }} + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + {{- if .Values.clusterAgent.admissionController.containerRegistry }} + value: {{ .Values.clusterAgent.admissionController.containerRegistry | quote }} + {{- else }} + value: {{ include "registry" .Values | quote }} + {{- end }} + {{- if .Values.clusterAgent.admissionController.cwsInstrumentation.enabled }} + - name: DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_MODE + value: {{ .Values.clusterAgent.admissionController.cwsInstrumentation.mode | quote }} + {{- end }} + {{- if .Values.clusterAgent.admissionController.kubernetesAdmissionEvents.enabled }} + - name: DD_ADMISSION_CONTROLLER_KUBERNETES_ADMISSION_EVENTS_ENABLED + value: "true" + {{- end }} + {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} {{- if .Values.datadog.apm.instrumentation.enabled }} - name: DD_APM_INSTRUMENTATION_ENABLED - value: "true" + value: {{ .Values.datadog.apm.instrumentation.enabled | quote }} {{- end }} - {{- if ne (include "apmInstrumentation.enabledNamespaces" .) "" }} + {{- if .Values.datadog.apm.instrumentation.enabledNamespaces }} - name: DD_APM_INSTRUMENTATION_ENABLED_NAMESPACES - value: {{ include "apmInstrumentation.enabledNamespaces" . }} + value: {{ .Values.datadog.apm.instrumentation.enabledNamespaces | toJson | quote }} {{- end }} - {{- if ne (include "apmInstrumentation.disabledNamespaces" .) "" }} + {{- if .Values.datadog.apm.instrumentation.disabledNamespaces }} - name: DD_APM_INSTRUMENTATION_DISABLED_NAMESPACES - value: {{ include "apmInstrumentation.disabledNamespaces" . }} + value: {{ .Values.datadog.apm.instrumentation.disabledNamespaces | toJson | quote }} {{- end }} {{- if .Values.datadog.apm.instrumentation.libVersions }} - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} {{- end }} + {{- if .Values.datadog.apm.instrumentation.injector.imageTag }} + - name: DD_APM_INSTRUMENTATION_INJECTOR_IMAGE_TAG + value: {{ .Values.datadog.apm.instrumentation.injector.imageTag | quote }} + {{- end }} + {{- if .Values.datadog.asm.threats.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.asm.sca.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_SCA_ENABLED + value: "true" + {{- end }} + {{- if .Values.datadog.asm.iast.enabled }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_IAST_ENABLED + value: "true" + {{- end }} + {{- if not (eq .Values.datadog.profiling.enabled nil) }} + - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_PROFILING_ENABLED + value: {{ .Values.datadog.profiling.enabled | quote }} + {{- end }} {{- if .Values.datadog.clusterChecks.enabled }} - name: DD_CLUSTER_CHECKS_ENABLED value: {{ .Values.datadog.clusterChecks.enabled | quote }} @@ -290,6 +339,10 @@ spec: - name: DD_COLLECT_KUBERNETES_EVENTS value: {{ .Values.datadog.collectEvents | quote }} {{- end }} + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: {{ .Values.datadog.kubernetesUseEndpointSlices | quote }} + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: {{ .Values.datadog.kubernetesEvents.sourceDetectionEnabled | quote }} - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME value: {{ template "datadog.fullname" . }}-cluster-agent - name: DD_CLUSTER_AGENT_AUTH_TOKEN @@ -313,6 +366,8 @@ spec: - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED value: {{ .Values.datadog.orchestratorExplorer.container_scrubbing.enabled | quote }} {{- end }} + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: {{ include "language-detection-enabled" . | quote }} {{- if eq (include "should-enable-security-agent" .) "true" }} - name: DD_COMPLIANCE_CONFIG_ENABLED value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }} @@ -335,6 +390,10 @@ spec: value: {{ .Values.datadog.prometheusScrape.version | quote }} {{- end }} {{- end }} + {{- if (((.Values.datadog.autoscaling).workload).enabled) }} + - name: DD_AUTOSCALING_WORKLOAD_ENABLED + value: {{ (((.Values.datadog.autoscaling).workload).enabled) | quote }} + {{- end }} - name: DD_INSTRUMENTATION_INSTALL_TIME valueFrom: configMapKeyRef: @@ -359,6 +418,9 @@ spec: readinessProbe: {{- $ready := .Values.clusterAgent.readinessProbe }} {{ include "probe.http" (dict "path" "/ready" "port" $healthPort "settings" $ready) | indent 10 }} + startupProbe: +{{- $startup := .Values.clusterAgent.startupProbe }} +{{ include "probe.http" (dict "path" "/startup" "port" $healthPort "settings" $startup) | indent 10 }} {{- if .Values.clusterAgent.containers.clusterAgent.securityContext }} securityContext: {{ toYaml .Values.clusterAgent.containers.clusterAgent.securityContext | indent 10 }} @@ -431,7 +493,7 @@ spec: - key: helm.yaml path: helm.yaml {{- end }} -{{- if and .Values.datadog.collectEvents .Values.datadog.kubernetesEvents.unbundleEvents }} +{{- if .Values.datadog.collectEvents }} - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml {{- end }} diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 975098c8e..8bf355ebb 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -15,6 +15,7 @@ rules: - nodes - namespaces - componentstatuses + - limitranges verbs: - get - list @@ -28,6 +29,14 @@ rules: - list - watch - create +- apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch - apiGroups: ["quota.openshift.io"] resources: - clusterresourcequotas @@ -115,6 +124,17 @@ rules: - "get" - "watch" {{- end }} +{{- if and .Values.datadog.apm.instrumentation.enabled .Values.datadog.apm.instrumentation.language_detection.enabled }} +- apiGroups: + - "apps" + resources: + - deployments + verbs: + - list + - get + - watch + - patch +{{- end }} {{- if eq (include "should-enable-k8s-resource-monitoring" .) "true" }} - apiGroups: # to get the kube-system namespace UID and generate a cluster ID - "" @@ -155,7 +175,7 @@ rules: - list - get - watch -{{- if eq (include "clusterAgent-remoteConfiguration-enabled" .) "true" }} +{{- if .Values.clusterAgent.admissionController.remoteInstrumentation.enabled }} - patch {{- end }} - apiGroups: @@ -171,6 +191,7 @@ rules: - networking.k8s.io resources: - ingresses + - networkpolicies verbs: - list - get @@ -186,6 +207,14 @@ rules: - list - get - watch +- apiGroups: + - "storage.k8s.io" + resources: + - storageclasses + verbs: + - list + - get + - watch - apiGroups: - autoscaling.k8s.io resources: @@ -224,13 +253,15 @@ rules: - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations resourceNames: - {{ .Values.clusterAgent.admissionController.webhookName | quote }} - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: - admissionregistration.k8s.io resources: + - validatingwebhookconfigurations - mutatingwebhookconfigurations verbs: ["create"] - apiGroups: ["batch"] @@ -239,6 +270,11 @@ rules: - apiGroups: ["apps"] resources: ["statefulsets", "replicasets", "deployments", "daemonsets"] verbs: ["get"] +{{- if and .Values.clusterAgent.admissionController.cwsInstrumentation.enabled (eq .Values.clusterAgent.admissionController.cwsInstrumentation.mode "remote_copy") }} +- apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +{{- end }} {{- end }} {{- if eq (include "should-enable-security-agent" .) "true" }} {{- if .Values.datadog.securityAgent.compliance.enabled }} @@ -249,16 +285,17 @@ rules: - namespaces verbs: - list -{{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - apiGroups: - "policy" resources: + - poddisruptionbudgets + {{- if and .Values.clusterAgent.podSecurity.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} - podsecuritypolicies + {{- end }} verbs: - get - list - watch -{{- end }} - apiGroups: - rbac.authorization.k8s.io resources: @@ -401,3 +438,125 @@ subjects: name: {{ template "datadog.fullname" . }}-cluster-agent namespace: {{ .Release.Namespace }} {{- end -}} + +{{- if (((.Values.datadog.autoscaling).workload).enabled) }} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling + namespace: {{ .Release.Namespace }} +rules: +# Access to own CRD +- apiGroups: + - "datadoghq.com" + resources: + - "datadogpodautoscalers" + - "datadogpodautoscalers/status" + verbs: + - "*" +# Scale subresource for all resources +- apiGroups: + - "*" + resources: + - "*/scale" + verbs: + - 'update' + - 'get' +# Ability to generate events +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +# Patching POD to add annotations. TODO: Remove when we have a better way to generate single event +- apiGroups: + - "" + resources: + - pods + verbs: + - patch +# Triggering rollout on Deployments +- apiGroups: + - apps + resources: + - deployments + verbs: + - patch +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-cluster-agent-autoscaling +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +{{- end}} + +{{- if or .Values.datadog.kubernetesResourcesAnnotationsAsTags .Values.datadog.kubernetesResourcesLabelsAsTags}} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags + namespace: {{ .Release.Namespace }} + +{{- $groupedResources := dict }} +{{- $mergedResources := merge (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags) (default dict .Values.datadog.kubernetesResourcesLabelsAsTags)}} +{{- range $resource, $labels := $mergedResources }} + {{- $parts := split "." $resource }} + {{- $apiGroup := "" }} + {{- $resourceName := $resource }} + {{- if eq (len $parts) 2 }} + {{- $apiGroup = index $parts "_1" }} + {{- $resourceName = index $parts "_0" }} + {{- end }} + {{- $existing := index $groupedResources $apiGroup | default (list) }} + {{- $groupedResources = set $groupedResources $apiGroup (append $existing $resourceName) }} +{{- end }} + +rules: + +# Iterate through the apiGroups and create rules for each resource +{{- range $apiGroup, $resources := $groupedResources }} +- apiGroups: + - "{{ $apiGroup }}" + resources: + {{- range $resource := $resources }} + - {{ $resource }} + {{- end }} + verbs: + - get + - list + - watch +{{- end }} + +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + labels: +{{ include "datadog.labels" . | indent 4 }} + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-cluster-agent-annotations-and-labels-as-tags +subjects: + - kind: ServiceAccount + name: {{ template "datadog.fullname" . }}-cluster-agent + namespace: {{ .Release.Namespace }} +{{- end -}} \ No newline at end of file diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 5aba67ff2..45dc64663 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -9,7 +9,6 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" {{- if .Values.agents.additionalLabels }} {{ toYaml .Values.agents.additionalLabels | indent 4 }} {{- end }} @@ -30,6 +29,7 @@ spec: labels: {{ include "datadog.template-labels" . | indent 8 }} app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" app: {{ template "datadog.fullname" . }} {{- if .Values.agents.podLabels }} {{ toYaml .Values.agents.podLabels | indent 8 }} @@ -48,6 +48,9 @@ spec: checksum/autoconf-config: {{ tpl (toYaml .Values.datadog.autoconf) . | sha256sum }} checksum/confd-config: {{ tpl (toYaml .Values.datadog.confd) . | sha256sum }} checksum/checksd-config: {{ tpl (toYaml .Values.datadog.checksd) . | sha256sum }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + checksum/otel-config: {{ include "otel-agent-config-configmap-content" . | sha256sum }} + {{- end }} {{- if .Values.agents.customAgentConfig }} checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} @@ -59,7 +62,7 @@ spec: container.seccomp.security.alpha.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.seccomp }} {{- end }} {{- end }} - {{- if and .Values.agents.podSecurity.apparmor.enabled .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} + {{- if and .Values.agents.podSecurity.apparmor.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") .Values.datadog.sbom.containerImage.uncompressedLayersSupport }} container.apparmor.security.beta.kubernetes.io/agent: unconfined {{- end }} {{- if .Values.agents.podAnnotations }} @@ -70,7 +73,7 @@ spec: shareProcessNamespace: {{ .Values.agents.shareProcessNamespace }} {{- end }} {{- if .Values.datadog.securityContext -}} - {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version ) | nindent 6 }} + {{ include "generate-security-context" (dict "securityContext" .Values.datadog.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | nindent 6 }} {{- else if or .Values.agents.podSecurity.podSecurityPolicy.create .Values.agents.podSecurity.securityContextConstraints.create -}} {{- if .Values.agents.podSecurity.securityContext }} {{- if .Values.agents.podSecurity.securityContext.seLinuxOptions }} @@ -119,7 +122,7 @@ spec: {{- if eq (include "should-enable-fips" .) "true" }} {{- include "fips-proxy" . | nindent 6 }} {{- end }} - {{- if .Values.datadog.processAgent.enabled }} + {{- if eq (include "should-enable-process-agent" .) "true" }} {{- include "container-process-agent" . | nindent 6 }} {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} @@ -128,12 +131,15 @@ spec: {{- if eq (include "should-enable-security-agent" .) "true" }} {{- include "container-security-agent" . | nindent 6 }} {{- end }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + {{- include "container-otel-agent" . | nindent 6 }} + {{- end }} initContainers: {{- if eq .Values.targetSystem "windows" }} {{ include "containers-init-windows" . | nindent 6 }} {{- end }} {{- if eq .Values.targetSystem "linux" }} - {{ include "containers-init-linux" . | nindent 6 }} + {{- include "containers-init-linux" . | nindent 6 -}} {{- end }} {{- if and (eq (include "should-enable-system-probe" .) "true") (eq .Values.datadog.systemProbe.seccomp "localhost/system-probe") }} {{ include "system-probe-init" . | nindent 6 }} @@ -164,6 +170,14 @@ spec: {{- if eq .Values.targetSystem "linux" }} {{ include "daemonset-volumes-linux" . | nindent 6 }} {{- end }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: otelconfig + configMap: + name: {{ include "agents-install-otel-configmap-name" . }} + items: + - key: otel-config.yaml + path: otel-config.yaml + {{- end }} {{- if .Values.agents.volumes }} {{ toYaml .Values.agents.volumes | indent 6 }} {{- end }} diff --git a/charts/datadog/templates/kpi-telemetry-configmap.yaml b/charts/datadog/templates/kpi-telemetry-configmap.yaml index 1ab531945..fe46598dc 100644 --- a/charts/datadog/templates/kpi-telemetry-configmap.yaml +++ b/charts/datadog/templates/kpi-telemetry-configmap.yaml @@ -6,6 +6,11 @@ metadata: labels: {{ include "datadog.labels" . | indent 4 }} data: - install_id: {{ uuidv4 | quote }} install_type: k8s_manual + {{- if .Values.datadog.apm.instrumentation.skipKPITelemetry }} + install_id: "00000000-0000-0000-0000-000000000000" + install_time: "0" + {{- else }} + install_id: {{ uuidv4 | quote }} install_time: {{ now | unixEpoch | quote }} + {{- end }} diff --git a/charts/datadog/templates/otel-configmap.yaml b/charts/datadog/templates/otel-configmap.yaml new file mode 100644 index 000000000..0e7fbb162 --- /dev/null +++ b/charts/datadog/templates/otel-configmap.yaml @@ -0,0 +1,12 @@ +{{- if eq (include "should-enable-otel-agent" .) "true" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "agents-install-otel-configmap-name" . }} + namespace: {{ .Release.Namespace }} + labels: + {{ include "datadog.labels" . | nindent 4 }} + annotations: + checksum/otel-config: {{ printf "%s-%s" .Chart.Name .Chart.Version | sha256sum }} +data: {{ include "otel-agent-config-configmap-content" . | nindent 2 }} +{{- end }} diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index 233e18fda..d769235d2 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -43,9 +43,14 @@ data: conntrack_init_timeout: {{ $.Values.datadog.systemProbe.conntrackInitTimeout }} service_monitoring_config: enabled: {{ $.Values.datadog.serviceMonitoring.enabled }} + {{- if not (eq .Values.datadog.discovery.enabled nil) }} + discovery: + enabled: {{ $.Values.datadog.discovery.enabled }} + {{- end }} runtime_security_config: enabled: {{ $.Values.datadog.securityAgent.runtime.enabled }} fim_enabled: {{ $.Values.datadog.securityAgent.runtime.fimEnabled }} + use_secruntime_track: {{ $.Values.datadog.securityAgent.runtime.useSecruntimeTrack }} socket: /var/run/sysprobe/runtime-security.sock policies: dir: /etc/datadog-agent/runtime-security.d @@ -73,7 +78,7 @@ data: anomaly_detection: enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled }} auto_suppression: - enabled: false + enabled: {{ $.Values.datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled }} {{- if eq .Values.datadog.systemProbe.seccomp "localhost/system-probe" }} --- diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index af4973294..330a1bf67 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -18,12 +18,13 @@ targetSystem: "linux" commonLabels: {} # team_name: dev -# registry -- Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | public.ecr.aws/datadog] depending on datadog.site value) +# registry -- Registry to use for all Agent images (default to [gcr.io | eu.gcr.io | asia.gcr.io | datadoghq.azurecr.io | public.ecr.aws/datadog] depending on datadog.site value) ## Currently we offer Datadog Agent images on: ## GCR US - use gcr.io/datadoghq ## GCR Europe - use eu.gcr.io/datadoghq ## GCR Asia - use asia.gcr.io/datadoghq +## Azure - use datadoghq.azurecr.io ## AWS - use public.ecr.aws/datadog ## DockerHub - use docker.io/datadog registry: # gcr.io/datadoghq @@ -249,6 +250,33 @@ datadog: # env: environment # : + # datadog.namespaceAnnotationsAsTags -- Provide a mapping of Kubernetes Namespace Annotations to Datadog Tags + namespaceAnnotationsAsTags: {} + # env: environment + # : + + # datadog.kubernetesResourcesLabelsAsTags -- Provide a mapping of Kubernetes Resources Labels to Datadog Tags + kubernetesResourcesLabelsAsTags: {} + # pods: + # x-ref: reference + # namespaces: + # kubernetes.io/metadata.name: name-as-tag + # : + # : + + # datadog.kubernetesResourcesAnnotationsAsTags -- Provide a mapping of Kubernetes Resources Annotations to Datadog Tags + kubernetesResourcesAnnotationsAsTags: {} + # pods: + # x-ann: annotation-reference + # namespaces: + # stale-annotation: annotation-as-tag + # : + # : + + originDetectionUnified: + # datadog.originDetectionUnified.enabled -- Enabled enables unified mechanism for origin detection. Default: false. (Requires Agent 7.54.0+). + enabled: false + # datadog.tags -- List of static tags to attach to every metric, event and service check collected by this Agent. ## Learn more about tagging: https://docs.datadoghq.com/tagging/ @@ -280,6 +308,9 @@ datadog: # datadog.kubelet.podLogsPath -- Path (on host) where the PODs logs are located # @default -- /var/log/pods on Linux, C:\var\log\pods on Windows podLogsPath: + # datadog.kubelet.coreCheckEnabled -- Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) + # @default -- true + coreCheckEnabled: true # datadog.expvarPort -- Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 expvarPort: 6000 @@ -355,8 +386,15 @@ datadog: ## ref: https://docs.datadoghq.com/agent/kubernetes/#event-collection collectEvents: true + # datadog.kubernetesUseEndpointSlices -- Enable this to map Kubernetes services to endpointslices instead of endpoints. (Requires Cluster Agent 7.62.0+). + kubernetesUseEndpointSlices: false + # Configure Kubernetes events collection kubernetesEvents: + # datadog.kubernetesEvents.sourceDetectionEnabled -- Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). + sourceDetectionEnabled: false + # datadog.kubernetesEvents.filteringEnabled -- Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). + filteringEnabled: false # datadog.kubernetesEvents.unbundleEvents -- Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). unbundleEvents: false # datadog.kubernetesEvents.collectedEventTypes -- Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. @@ -402,7 +440,7 @@ datadog: remoteConfiguration: # datadog.remoteConfiguration.enabled -- Set to true to enable remote configuration. - # Consider using remoteConfiguration.enabled instead + # DEPRECATED: Consider using remoteConfiguration.enabled instead enabled: true ## Enable logs agent and provide custom configs @@ -442,6 +480,12 @@ datadog: ## ref: https://docs.datadoghq.com/agent/kubernetes/apm/ portEnabled: false + # datadog.apm.useLocalService -- Enable APM over TCP communication to use the local service only (requires Kubernetes v1.22+) + # Note: The hostPort 8126 is disabled when this is enabled. + + ## ref: https://docs.datadoghq.com/tracing/guide/setting_up_apm_with_kubernetes_service/?tab=helm + useLocalService: false + # datadog.apm.enabled -- Enable this to enable APM and tracing, on port 8126 # DEPRECATED. Use datadog.apm.portEnabled instead @@ -479,6 +523,39 @@ datadog: # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (beta). libVersions: {} + + # datadog.apm.instrumentation.skipKPITelemetry -- Disable generating Configmap for APM Instrumentation KPIs + skipKPITelemetry: false + + # Language detection currently only detects languages and adds them as annotations on deployments, but doesn't use these languages for injecting libraries to applicative pods. + # It requires Agent 7.52+ and Cluster Agent 7.52+ + language_detection: + # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (beta). + enabled: true + + # This feature is in preview. It requires Cluster Agent 7.57+. + injector: + # datadog.apm.instrumentation.injector.imageTag -- The image tag to use for the APM Injector (preview). + imageTag: "" + + ## Application Security Managment (ASM) configuration + ## + ## ASM is disabled by default and can be enabled by setting the various `enabled` fields to `true` under the `datadog.asm` section. + ## Manually adding the various environment variables to a pod will take precedence over the ones in the Helm chart. + ## These will only have an effect on containers that have Datadog client libraries installed, either manually or via Single Step Instrumentation (under the `datadog.apm.instrumentation` section). + ## It requires Datadog Cluster Agent 7.53.0+. + asm: + threats: + # datadog.asm.threats.enabled -- Enable Application Security Management Threats App & API Protection by injecting `DD_APPSEC_ENABLED=true` environment variable to all pods in the cluster + enabled: false + + sca: + # datadog.asm.sca.enabled -- Enable Application Security Management Software Composition Analysis by injecting `DD_APPSEC_SCA_ENABLED=true` environment variable to all pods in the cluster + enabled: false + + iast: + # datadog.asm.iast.enabled -- Enable Application Security Management Interactive Application Security Testing by injecting `DD_IAST_ENABLED=true` environment variable to all pods in the cluster + enabled: false ## OTLP ingest related configuration otlp: receiver: @@ -503,6 +580,43 @@ datadog: logs: # datadog.otlp.logs.enabled -- Enable logs support in the OTLP ingest endpoint enabled: false + ## OTel collector is currently in preview. Please reach out to your Datadog representative for more information. + ## OTLP Ingest is the GA feature for sending OTLP data to Datadog Agent. + ## OTel collector related configuration + otelCollector: + # datadog.otelCollector.enabled -- Enable the OTel Collector + enabled: false + # datadog.otelCollector.ports -- Ports that OTel Collector is listening + ports: + + # Default GRPC port of OTLP receiver + - containerPort: "4317" + name: otel-grpc + # Default HTTP port of OTLP receiver + - containerPort: "4318" + name: otel-http + # datadog.otelCollector.config -- OTel collector configuration + config: null + + ## Continuous Profiler configuration + ## + ## Continuous Profiler is disabled by default and can be enabled by setting the `enabled` field to + ## either `auto` or `true` value under the `datadog.profiling` section. + ## Manually adding the `DD_PROFILING_ENABLED` variable to a pod will take precedence over the + ## value in the Helm chart. + ## These will only have an effect on containers that have Datadog client libraries installed, + ## either manually or via Single Step Instrumentation (under the `datadog.apm.instrumentation` + ## section). + ## It requires Datadog Cluster Agent 7.57.0+. + profiling: + # datadog.profiling.enabled -- Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` + # environment variable with the same value to all pods in the cluster + # Valid values are: + # - false: Profiler is turned off and can not be turned on by other means. + # - null: Profiler is turned off, but can be turned on by other means. + # - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. + # - true: Profiler is turned on. + enabled: null # datadog.envFrom -- Set environment variables for all Agents directly from configMaps and/or secrets @@ -564,25 +678,36 @@ datadog: ## Enable process agent and provide custom configs processAgent: # datadog.processAgent.enabled -- Set this to true to enable live process monitoring agent - - ## Note: /etc/passwd is automatically mounted when `processCollection` or `processDiscovery` is enabled. + # DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. + ## Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset enabled: true - # datadog.processAgent.processCollection -- Set this to true to enable process collection in process monitoring agent - - ## Requires processAgent.enabled to be set to true to have any effect + # datadog.processAgent.processCollection -- Set this to true to enable process collection processCollection: false # datadog.processAgent.stripProcessArguments -- Set this to scrub all arguments from collected processes - - ## Requires processAgent.enabled and processAgent.processCollection to be set to true to have any effect + ## Requires datadog.processAgent.processCollection to be set to true to have any effect ## ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing stripProcessArguments: false # datadog.processAgent.processDiscovery -- Enables or disables autodiscovery of integrations processDiscovery: true + # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. + ## This requires Agent 7.60.0+ and Linux. + runInCoreAgent: true + + # datadog.processAgent.containerCollection -- Set this to true to enable container collection + ## ref: https://docs.datadoghq.com/infrastructure/containers/?tab=helm + containerCollection: true + + # datadog.disableDefaultOsReleasePaths -- Set this to true to disable mounting datadog.osReleasePath in all containers + disableDefaultOsReleasePaths: false + + # datadog.disablePasswdMount -- Set this to true to disable mounting /etc/passwd in all containers + disablePasswdMount: false + # datadog.osReleasePath -- Specify the path to your os-release file osReleasePath: /etc/os-release @@ -644,6 +769,7 @@ datadog: # datadog.systemProbe.conntrackInitTimeout -- the time to wait for conntrack to initialize before failing conntrackInitTimeout: 10s + # DEPRECATED. Use datadog.disableDefaultOsReleasePaths instead. # datadog.systemProbe.enableDefaultOsReleasePaths -- enable default os-release files mount enableDefaultOsReleasePaths: true @@ -703,6 +829,10 @@ datadog: # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring enabled: false + discovery: + # datadog.discovery.enabled -- (bool) Enable Service Discovery + enabled: # false + # Software Bill of Materials configuration sbom: containerImage: @@ -713,7 +843,12 @@ datadog: # This should be set to true when using EKS, GKE or if containerd is configured to # discard uncompressed layers. # This feature will cause the SYS_ADMIN capability to be added to the Agent container. - uncompressedLayersSupport: false + # Setting this to false could cause a high error rate when generating SBOMs due to missing uncompressed layer. + # See https://docs.datadoghq.com/security/cloud_security_management/troubleshooting/vulnerabilities/#uncompressed-container-image-layers + uncompressedLayersSupport: true + + # datadog.sbom.containerImage.overlayFSDirectScan -- Use experimental overlayFS direct scan + overlayFSDirectScan: false host: # datadog.sbom.host.enabled -- Enable SBOM collection for host filesystems @@ -735,9 +870,9 @@ datadog: xccdf: enabled: false - # datadog.securityAgent.compliance.host_benchmarks.enabled -- Set to true to enable host benchmarks (this feature is supported from Agent 7.47, and requires 160 MB extra memory for the `security-agent` container) + # datadog.securityAgent.compliance.host_benchmarks.enabled -- Set to false to disable host benchmarks. If enabled, this feature requires 160 MB extra memory for the `security-agent` container. (Requires Agent 7.47.0+) host_benchmarks: - enabled: false + enabled: true runtime: # datadog.securityAgent.runtime.enabled -- Set to true to enable Cloud Workload Security (CWS) @@ -746,6 +881,9 @@ datadog: # datadog.securityAgent.runtime.fimEnabled -- Set to true to enable Cloud Workload Security (CWS) File Integrity Monitoring fimEnabled: false + # datadog.securityAgent.runtime.useSecruntimeTrack -- Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer + useSecruntimeTrack: true + policies: # datadog.securityAgent.runtime.policies.configMap -- Contains CWS policies that will be used configMap: @@ -783,6 +921,10 @@ datadog: # datadog.securityAgent.runtime.securityProfile.anomalyDetection.enabled -- Set to true to enable CWS runtime drift events enabled: true + autoSuppression: + # datadog.securityAgent.runtime.securityProfile.autoSuppression.enabled -- Set to true to enable CWS runtime auto suppression + enabled: true + ## Manage NetworkPolicy networkPolicy: # datadog.networkPolicy.create -- If true, create NetworkPolicy for all the components @@ -887,7 +1029,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.50.3 + tag: 7.61.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1034,7 +1176,17 @@ clusterAgent: # clusterAgent.admissionController.enabled -- Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods enabled: true - # clusterAgent.admissionController.webhookName -- Name of the mutatingwebhookconfigurations created by the cluster-agent + # clusterAgent.admissionController.validation -- Validation Webhook configuration options + validation: + # clusterAgent.admissionController.validation.enabled -- Enabled enables the Admission Controller validation webhook. Default: true. (Requires Agent 7.59.0+). + enabled: true + + # clusterAgent.admissionController.mutation -- Mutation Webhook configuration options + mutation: + # clusterAgent.admissionController.mutation.enabled -- Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). + enabled: true + + # clusterAgent.admissionController.webhookName -- Name of the validatingwebhookconfiguration and mutatingwebhookconfiguration created by the cluster-agent webhookName: datadog-webhook # clusterAgent.admissionController.mutateUnlabelled -- Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' @@ -1045,6 +1197,7 @@ clusterAgent: ## If clusterAgent.admissionController.configMode is not set: ## * and datadog.apm.socketEnabled is true, the Admission Controller uses socket. ## * and datadog.apm.portEnabled is true, the Admission Controller uses hostip. + ## * and datadog.apm.useLocalService is true and the aformentioned two are false, the Admission Controller uses service. ## * Otherwise, the Admission Controller defaults to hostip. ## Note: "service" mode relies on the internal traffic service to target the agent running on the local node (requires Kubernetes v1.22+). ## ref: https://docs.datadoghq.com/agent/cluster_agent/admission_controller/#configure-apm-and-dogstatsd-communication-mode @@ -1056,6 +1209,12 @@ clusterAgent: ## Setting to Fail will require the admission controller to be present and pods to be injected before they are allowed to run. failurePolicy: Ignore + # clusterAgent.admissionController.containerRegistry -- Override the default registry for the admission controller. + + ## The clusterAgent uses this configuration for apm.instrumentation, agentSidecar, and cwsInstrumentation, if + ## not otherwise specified. + containerRegistry: + remoteInstrumentation: # clusterAgent.admissionController.remoteInstrumentation.enabled -- Enable polling and applying library injection using Remote Config. ## This feature is in beta, and enables Remote Config in the Cluster Agent. It also requires Cluster Agent version 7.43+. @@ -1065,6 +1224,68 @@ clusterAgent: # clusterAgent.admissionController.port -- Set port of cluster-agent admission controller service port: 8000 + cwsInstrumentation: + # clusterAgent.admissionController.cwsInstrumentation.enabled -- Enable the CWS Instrumentation admission controller endpoint. + enabled: false + + # clusterAgent.admissionController.cwsInstrumentation.mode -- Mode defines how the CWS Instrumentation should behave. + # Options are "remote_copy" or "init_container" + mode: remote_copy + + kubernetesAdmissionEvents: + # clusterAgent.admissionController.kubernetesAdmissionEvents.enabled -- Enable the Kubernetes Admission Events feature. + enabled: false + + agentSidecarInjection: + # clusterAgent.admissionController.agentSidecarInjection.enabled -- Enables Datadog Agent sidecar injection. + + ## When enabled, the admission controller mutating webhook will inject an Agent sidecar with minimal configuration in every pod meeting the configured criteria. + enabled: false + + # clusterAgent.admissionController.agentSidecarInjection.provider -- Used by the admission controller to add infrastructure provider-specific configurations to the Agent sidecar. + + ## Currently only "fargate" is supported. To use the feature in other environments (including local testing) omit the config. + ## ref: https://docs.datadoghq.com/integrations/eks_fargate + provider: + + # clusterAgent.admissionController.agentSidecarInjection.clusterAgentCommunicationEnabled -- Enable communication between Agent sidecars and the Cluster Agent. + clusterAgentCommunicationEnabled: true + + # clusterAgent.admissionController.agentSidecarInjection.containerRegistry -- Override the default registry for the sidecar Agent. + containerRegistry: + + # clusterAgent.admissionController.imageName -- Override the default agents.image.name for the Agent sidecar. + imageName: + + # clusterAgent.admissionController.imageTag -- Override the default agents.image.tag for the Agent sidecar. + imageTag: + + # clusterAgent.admissionController.agentSidecarInjection.selectors -- Defines the pod selector for sidecar injection, currently only one rule is supported. + selectors: [] + # - objectSelector: + # matchLabels: + # "podlabelKey1": podlabelValue1 + # "podlabelKey2": podlabelValue2 + # namespaceSelector: + # matchLabels: + # "nsLabelKey1": nsLabelValue1 + # "nsLabelKey2": nsLabelValue2 + + # clusterAgent.admissionController.agentSidecarInjection.profiles -- Defines the sidecar configuration override, currently only one profile is supported. + + ## This setting allows overriding the sidecar Agent configuration by adding environment variables and providing resource settings. + profiles: [] + # - env: + # - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + # value: "true" + # resources: + # requests: + # cpu: "1" + # memory: "512Mi" + # limits: + # cpu: "2" + # memory: "1024Mi" + # clusterAgent.confd -- Provide additional cluster check configurations. Each key will become a file in /conf.d. ## ref: https://docs.datadoghq.com/agent/autodiscovery/ @@ -1153,6 +1374,15 @@ clusterAgent: successThreshold: 1 failureThreshold: 6 + # clusterAgent.startupProbe -- Override default Cluster Agent startup probe settings + # @default -- Every 15s / 6 KO / 1 OK + startupProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + # clusterAgent.strategy -- Allow the Cluster Agent deployment to perform a rolling update on helm update ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy @@ -1280,7 +1510,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.1 + tag: 1.1.6 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent @@ -1323,7 +1553,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.50.3 + tag: 7.61.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1489,6 +1719,15 @@ agents: successThreshold: 1 failureThreshold: 6 + # agents.containers.agent.startupProbe -- Override default agent startup probe settings + # @default -- Every 15s / 6 KO / 1 OK + startupProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + # agents.containers.agent.securityContext -- Allows you to overwrite the default container SecurityContext for the agent container. securityContext: {} @@ -1529,6 +1768,35 @@ agents: # agents.containers.processAgent.ports -- Allows to specify extra ports (hostPorts for instance) for this container ports: [] + otelAgent: + # agents.containers.otelAgent.env -- Additional environment variables for the otel-agent container + env: [] + + # agents.containers.otelAgent.envFrom -- Set environment variables specific to otel-agent from configMaps and/or secrets + envFrom: [] + # - configMapRef: + # name: + # - secretRef: + # name: + + # agents.containers.otelAgent.envDict -- Set environment variables specific to otel-agent defined in a dict + envDict: {} + # : + + # agents.containers.otelAgent.resources -- Resource requests and limits for the otel-agent container + resources: {} + # requests: + # cpu: 100m + # memory: 200Mi + # limits: + # cpu: 100m + # memory: 200Mi + + # agents.containers.otelAgent.securityContext -- Allows you to overwrite the default container SecurityContext for the otel-agent container. + securityContext: {} + + # agents.containers.otelAgent.ports -- Allows to specify extra ports (hostPorts for instance) for this container + ports: [] traceAgent: # agents.containers.traceAgent.env -- Additional environment variables for the trace-agent container env: [] @@ -1791,7 +2059,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.50.3 + tag: 7.61.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1932,6 +2200,23 @@ clusterChecksRunner: successThreshold: 1 failureThreshold: 6 + # clusterChecksRunner.startupProbe -- Override default agent startup probe settings + # @default -- Every 15s / 6 KO / 1 OK + + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + # startupProbe: + # exec: + # command: ["/bin/true"] + # + startupProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + # clusterChecksRunner.deploymentAnnotations -- Annotations to add to the cluster-checks-runner's Deployment deploymentAnnotations: {} # key: "value" @@ -1985,6 +2270,14 @@ clusterChecksRunner: # clusterChecksRunner.securityContext -- Allows you to overwrite the default PodSecurityContext on the clusterchecks pods. securityContext: {} + containers: + agent: + # clusterChecksRunner.containers.agent.securityContext -- Specify securityContext on the agent container + securityContext: {} + initContainers: + # clusterChecksRunner.containers.initContainers.securityContext -- Specify securityContext on the init containers + securityContext: {} + # clusterChecksRunner.ports -- Allows to specify extra ports (hostPorts for instance) for this container ports: [] @@ -1992,6 +2285,8 @@ datadog-crds: crds: # datadog-crds.crds.datadogMetrics -- Set to true to deploy the DatadogMetrics CRD datadogMetrics: true + # datadog-crds.crds.datadogPodAutoscalers -- Set to true to deploy the DatadogPodAutoscalers CRD + datadogPodAutoscalers: true kube-state-metrics: # kube-state-metrics.image.repository -- Default kube-state-metrics image repository. @@ -2032,6 +2327,9 @@ providers: # providers.gke.cos -- Enables Datadog Agent deployment on GKE with Container-Optimized OS (COS) cos: false + # providers.gke.gdc -- Enables Datadog Agent deployment on GKE on Google Distributed Cloud (GDC) + gdc: false + eks: ec2: # providers.eks.ec2.useHostnameFromFile -- Use hostname from EC2 filesystem instead of fetching from metadata endpoint. @@ -2044,8 +2342,17 @@ providers: # providers.aks.enabled -- Activate all specificities related to AKS configuration. Required as currently we cannot auto-detect AKS. enabled: false + talos: + # providers.talos.enabled -- Activate all required specificities related to Talos.dev configuration, + # as currently the chart cannot auto-detect Talos.dev cluster. + # Note: The Agent deployment requires additional privileges that are not permitted by the default pod security policy. + # The annotation `pod-security.kubernetes.io/enforce=privileged` must be applied to the Datadog installation + # Kubernetes namespace. For more information on pod security policies in Talos.dev clusters, see: + # https://www.talos.dev/v1.8/kubernetes-guides/configuration/pod-security/ + enabled: false + remoteConfiguration: # remoteConfiguration.enabled -- Set to true to enable remote configuration on the Cluster Agent (if set) and the node agent. - # Can be overridden if `datadog.remoteConfiguration.enabled` or `clusterAgent.admissionController.remoteInstrumentation.enabled` is set to `false`. + # Can be overridden if `datadog.remoteConfiguration.enabled` # Preferred way to enable Remote Configuration. enabled: true diff --git a/charts/extended-daemon-set/CHANGELOG.md b/charts/extended-daemon-set/CHANGELOG.md index e4b46d670..bbeaaaaec 100644 --- a/charts/extended-daemon-set/CHANGELOG.md +++ b/charts/extended-daemon-set/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 0.3.2 + +* Add RBAC for the leader election lease. + +## 0.3.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 0.3.0 * Updated for EDS 0.8.0. diff --git a/charts/extended-daemon-set/Chart.yaml b/charts/extended-daemon-set/Chart.yaml index 4be6b294d..945339125 100644 --- a/charts/extended-daemon-set/Chart.yaml +++ b/charts/extended-daemon-set/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v0.8.0 description: Extended Daemonset Controller name: extendeddaemonset -version: v0.3.0 +version: v0.3.2 keywords: - monitoring - alerting diff --git a/charts/extended-daemon-set/README.md b/charts/extended-daemon-set/README.md index fe0c4a05d..3b6fe627c 100644 --- a/charts/extended-daemon-set/README.md +++ b/charts/extended-daemon-set/README.md @@ -1,6 +1,6 @@ # Extended DaemonSet -![Version: v0.3.0](https://img.shields.io/badge/Version-v0.3.0-informational?style=flat-square) ![AppVersion: v0.8.0](https://img.shields.io/badge/AppVersion-v0.8.0-informational?style=flat-square) +![Version: v0.3.2](https://img.shields.io/badge/Version-v0.3.2-informational?style=flat-square) ![AppVersion: v0.8.0](https://img.shields.io/badge/AppVersion-v0.8.0-informational?style=flat-square) This chart installs the Extended DaemonSet (EDS). It aims to provide a new implementation of the Kubernetes DaemonSet resource with key features: - Canary Deployment: Deploy a new DaemonSet version with only a few nodes. diff --git a/charts/extended-daemon-set/ci/kubeval-values.yaml b/charts/extended-daemon-set/ci/kubeconform-values.yaml similarity index 100% rename from charts/extended-daemon-set/ci/kubeval-values.yaml rename to charts/extended-daemon-set/ci/kubeconform-values.yaml diff --git a/charts/extended-daemon-set/templates/role.yaml b/charts/extended-daemon-set/templates/role.yaml index b24a5984a..5e0bac3a8 100644 --- a/charts/extended-daemon-set/templates/role.yaml +++ b/charts/extended-daemon-set/templates/role.yaml @@ -34,6 +34,22 @@ rules: - update - get - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - extendeddaemonset-lock + verbs: + - update + - get + - watch - apiGroups: - "" resources: diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 6021faef1..67f6ead8f 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,50 @@ # Changelog +## 2.2.3 + +* Official image `2.2.3` + +## 2.2.2 + +* Official image `2.2.2` + +## 2.2.1 + +* Official image `2.2.1` + +## 2.2.0 + +* Official image `2.2.0` + +## 2.1.2 + +* Official image `2.1.2` + +## 2.1.1 + +* Official image `2.1.1` + +## 2.1.0 + +* Official image `2.1.0` + +## 2.0.2 + +* Official image `2.0.2` + +## 2.0.1 + +* Official image `2.0.1` + +## 2.0.0 + +* GA release of Observability Pipelines Worker v2 +* Removed `datadog.remoteConfigurationEnabled` and `pipelineConfig` values + +## 1.8.1 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 1.8.0 * Official image `1.8.0` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index fa6f7a36f..68e606a8f 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "1.8.0" +version: "2.2.3" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "1.8.0" +appVersion: "2.2.3" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 5b82ccaf1..c269a1d37 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Version: 2.2.3](https://img.shields.io/badge/Version-2.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.3](https://img.shields.io/badge/AppVersion-2.2.3-informational?style=flat-square) ## How to use Datadog Helm repository @@ -93,7 +93,6 @@ The command removes all the Kubernetes components associated with the chart and | datadog.apiKeyExistingSecret | string | `""` | Specify a preexisting Secret that has your API key instead of creating a new one. The value must be stored under the `api-key`. | | datadog.dataDir | string | `"/var/lib/observability-pipelines-worker"` | The data directory for OPW to store runtime data in. | | datadog.pipelineId | string | `nil` | Specify your Datadog Observability Pipelines pipeline ID | -| datadog.remoteConfigurationEnabled | bool | `false` | Whether to allow remote configuration of the worker from Datadog. | | datadog.site | string | `"datadoghq.com"` | The [site](https://docs.datadoghq.com/getting_started/site/) of the Datadog intake to send data to. | | datadog.workerAPI.address | string | `"127.0.0.1:8686"` | Local address to bind the Worker's API to. | | datadog.workerAPI.enabled | bool | `false` | Whether to enable the Worker's API. | @@ -111,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"1.8.0"` | Specify the image tag to use. | +| image.tag | string | `"2.2.3"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | @@ -129,7 +128,6 @@ The command removes all the Kubernetes components associated with the chart and | persistence.selector | object | `{}` | Specify the selectors for PersistentVolumeClaims. | | persistence.size | string | `"10Gi"` | Specify the size of PersistentVolumeClaims. | | persistence.storageClassName | string | `nil` | Specify the storageClassName for PersistentVolumeClaims. | -| pipelineConfig | object | `{}` | This section supports using Helm templates to populate dynamic values. See Observability Pipelines' [configuration documentation](https://docs.datadoghq.com/observability_pipelines/reference/) for all options. | | podAnnotations | object | `{}` | Set annotations on Pods. | | podDisruptionBudget.enabled | bool | `false` | If **true**, create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/run-application/configure-pdb/). | | podDisruptionBudget.maxUnavailable | int | `nil` | Specify the number of Pods that can be unavailable after an eviction. | diff --git a/charts/observability-pipelines-worker/ci/all-values.yaml b/charts/observability-pipelines-worker/ci/all-values.yaml index b1591870f..6da629a1c 100644 --- a/charts/observability-pipelines-worker/ci/all-values.yaml +++ b/charts/observability-pipelines-worker/ci/all-values.yaml @@ -57,30 +57,6 @@ topologySpreadConstraints: topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} - persistence: enabled: true storageClassName: standard diff --git a/charts/observability-pipelines-worker/ci/api-values.yaml b/charts/observability-pipelines-worker/ci/api-values.yaml index 78c613a4c..0c1af1c16 100644 --- a/charts/observability-pipelines-worker/ci/api-values.yaml +++ b/charts/observability-pipelines-worker/ci/api-values.yaml @@ -4,33 +4,7 @@ datadog: enabled: true playground: false address: "127.0.0.1:1010" -pipelineConfig: - sources: - datadog_agents: - type: datadog_agent - address: 0.0.0.0:8282 - multiple_outputs: true - store_api_key: false - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - compression: gzip - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} + args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/dupe-ports-values.yaml b/charts/observability-pipelines-worker/ci/dupe-ports-values.yaml deleted file mode 100644 index 3d9671856..000000000 --- a/charts/observability-pipelines-worker/ci/dupe-ports-values.yaml +++ /dev/null @@ -1,25 +0,0 @@ -datadog: - pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -args: - - run - - --skip-key-validation -pipelineConfig: - sources: - syslog-tcp: - type: syslog - address: 0.0.0.0:514 - max_length: 102400 - mode: tcp - shutdown_timeout_secs: 30 - syslog-udp: - type: syslog - address: 0.0.0.0:514 - max_length: 102400 - mode: udp - shutdown_timeout_secs: 30 - sinks: - stdout: - type: console - inputs: ["syslog-*"] - encoding: - codec: json diff --git a/charts/observability-pipelines-worker/ci/extraContainers-and-extraVolumeMounts-values.yaml b/charts/observability-pipelines-worker/ci/extraContainers-and-extraVolumeMounts-values.yaml index ebc3898b8..fb25fa8a2 100644 --- a/charts/observability-pipelines-worker/ci/extraContainers-and-extraVolumeMounts-values.yaml +++ b/charts/observability-pipelines-worker/ci/extraContainers-and-extraVolumeMounts-values.yaml @@ -1,28 +1,5 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/ingress-values.yaml b/charts/observability-pipelines-worker/ci/ingress-values.yaml index cc629f3e1..238e2a82f 100644 --- a/charts/observability-pipelines-worker/ci/ingress-values.yaml +++ b/charts/observability-pipelines-worker/ci/ingress-values.yaml @@ -1,28 +1,5 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/initContainers-values.yaml b/charts/observability-pipelines-worker/ci/initContainers-values.yaml index fe16db03f..4d035ef83 100644 --- a/charts/observability-pipelines-worker/ci/initContainers-values.yaml +++ b/charts/observability-pipelines-worker/ci/initContainers-values.yaml @@ -1,28 +1,5 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/remote-config.yaml b/charts/observability-pipelines-worker/ci/kubeconform-values.yaml similarity index 74% rename from charts/observability-pipelines-worker/ci/remote-config.yaml rename to charts/observability-pipelines-worker/ci/kubeconform-values.yaml index 98c5c8342..0c510ecac 100644 --- a/charts/observability-pipelines-worker/ci/remote-config.yaml +++ b/charts/observability-pipelines-worker/ci/kubeconform-values.yaml @@ -1,6 +1,6 @@ +datadog: + pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" + args: - run - --skip-key-validation -datadog: - remoteConfigurationEnabled: true - pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" diff --git a/charts/observability-pipelines-worker/ci/kubeval-values.yaml b/charts/observability-pipelines-worker/ci/kubeval-values.yaml deleted file mode 100644 index 01af0509b..000000000 --- a/charts/observability-pipelines-worker/ci/kubeval-values.yaml +++ /dev/null @@ -1,32 +0,0 @@ -datadog: - pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - type: datadog_agent - address: 0.0.0.0:8282 - multiple_outputs: true - store_api_key: false - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - compression: gzip - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} - site: ${DD_SITE} -args: - - run - - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/manual-port-values.yaml b/charts/observability-pipelines-worker/ci/manual-port-values.yaml index 3d7db0a49..9225e54c9 100644 --- a/charts/observability-pipelines-worker/ci/manual-port-values.yaml +++ b/charts/observability-pipelines-worker/ci/manual-port-values.yaml @@ -1,28 +1,5 @@ datadog: pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} args: - run - --skip-key-validation diff --git a/charts/observability-pipelines-worker/ci/serviceHeadless-disabled.yaml b/charts/observability-pipelines-worker/ci/serviceHeadless-disabled.yaml index e6804456f..333ef8b63 100644 --- a/charts/observability-pipelines-worker/ci/serviceHeadless-disabled.yaml +++ b/charts/observability-pipelines-worker/ci/serviceHeadless-disabled.yaml @@ -3,29 +3,6 @@ datadog: args: - run - --skip-key-validation -pipelineConfig: - sources: - datadog_agents: - address: 0.0.0.0:8282 - type: datadog_agent - multiple_outputs: true - sinks: - datadog_logs: - type: datadog_logs - inputs: - - datadog_agents.logs - default_api_key: ${DD_API_KEY} - compression: gzip - datadog_metrics: - type: datadog_metrics - inputs: - - datadog_agents.metrics - default_api_key: ${DD_API_KEY} - datadog_traces: - type: datadog_traces - inputs: - - datadog_agents.traces - default_api_key: ${DD_API_KEY} service: enabled: true serviceHeadless: diff --git a/charts/observability-pipelines-worker/ci/templated-config-values.yaml b/charts/observability-pipelines-worker/ci/templated-config-values.yaml deleted file mode 100644 index 32061d163..000000000 --- a/charts/observability-pipelines-worker/ci/templated-config-values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -datadog: - pipelineId: "8799b5cc-c2c9-4be5-9660-f97a4eede7f7" -args: - - run - - --skip-key-validation -pipelineConfig: - sources: - demo_logs: - type: demo_logs - format: json - sinks: - s3: - type: aws_s3 - inputs: [demo_logs] - bucket: logs-archive - key_prefix: >- - {{ print "{{kubernetes.pod_labels.\"app.kubernetes.io/client-id\"}}/%Y/%m/%d/{{kubernetes.pod_name}}/" }} - compression: gzip - encoding: - codec: json - region: us-east-1 diff --git a/charts/observability-pipelines-worker/templates/_pod.tpl b/charts/observability-pipelines-worker/templates/_pod.tpl index 31b0ba0a7..a646f7553 100644 --- a/charts/observability-pipelines-worker/templates/_pod.tpl +++ b/charts/observability-pipelines-worker/templates/_pod.tpl @@ -57,8 +57,6 @@ containers: - name: DD_OP_DATA_DIR value: {{ . | quote }} {{- end }} - - name: DD_OP_REMOTE_CONFIGURATION_ENABLED - value: {{ .Values.datadog.remoteConfigurationEnabled | quote }} - name: DD_OP_API_ENABLED value: {{ .Values.datadog.workerAPI.enabled | quote }} - name: DD_OP_API_PLAYGROUND @@ -74,8 +72,6 @@ containers: ports: {{- if .Values.containerPorts }} {{ toYaml .Values.containerPorts | indent 6 }} -{{- else if .Values.pipelineConfig }} -{{- include "opw.containerPorts" . | indent 6 }} {{- end }} {{- if .Values.datadog.workerAPI.enabled }} {{ include "opw.api.containerPort" . | indent 6 }} @@ -95,11 +91,6 @@ containers: volumeMounts: - name: data mountPath: "{{ .Values.datadog.dataDir | default "/var/lib/observability-pipelines-worker" }}" - {{- if not .Values.datadog.remoteConfigurationEnabled }} - - name: config - mountPath: "/etc/observability-pipelines-worker/" - readOnly: true - {{- end }} {{- if .Values.extraVolumeMounts }} {{ toYaml .Values.extraVolumeMounts | indent 6 }} {{- end }} @@ -130,13 +121,6 @@ volumes: - name: data emptyDir: {} {{- end }} -{{- if not .Values.datadog.remoteConfigurationEnabled }} - - name: config - projected: - sources: - - configMap: - name: {{ template "opw.fullname" . }} -{{- end }} {{- if .Values.extraVolumes }} {{ toYaml .Values.extraVolumes | indent 2 }} {{- end }} diff --git a/charts/observability-pipelines-worker/templates/configmap.yaml b/charts/observability-pipelines-worker/templates/configmap.yaml deleted file mode 100644 index ea70044c5..000000000 --- a/charts/observability-pipelines-worker/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.datadog.remoteConfigurationEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "opw.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{ include "opw.labels" . | nindent 4 }} - annotations: - checksum/config: {{ tpl (toYaml .Values.pipelineConfig) . | sha256sum }} -data: - {{- if .Values.pipelineConfig }} - pipeline.yaml: | {{ tpl (toYaml .Values.pipelineConfig) . | nindent 4 }} - {{- else }} -{{ fail "A `pipelineConfig` must be specified, see https://docs.datadoghq.com/observability_pipelines/reference for all options" }} - {{- end -}} -{{- end }} diff --git a/charts/observability-pipelines-worker/templates/statefulset.yaml b/charts/observability-pipelines-worker/templates/statefulset.yaml index 1d7ebea5b..34d765a3a 100644 --- a/charts/observability-pipelines-worker/templates/statefulset.yaml +++ b/charts/observability-pipelines-worker/templates/statefulset.yaml @@ -22,7 +22,6 @@ spec: {{ toYaml .Values.podLabels | indent 8 }} {{- end }} annotations: - checksum/config: {{ tpl (toYaml .Values.pipelineConfig) . | sha256sum }} {{- if .Values.podAnnotations }} {{ tpl (toYaml .Values.podAnnotations) . | indent 8 }} {{- end }} diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index b882888d1..965f7c6f0 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -30,8 +30,6 @@ datadog: site: datadoghq.com # datadog.dataDir -- The data directory for OPW to store runtime data in. dataDir: "/var/lib/observability-pipelines-worker" - # datadog.remoteConfigurationEnabled -- Whether to allow remote configuration of the worker from Datadog. - remoteConfigurationEnabled: false workerAPI: # datadog.workerAPI.enabled -- Whether to enable the Worker's API. enabled: false @@ -44,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 1.8.0 + tag: 2.2.3 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: @@ -254,36 +252,6 @@ ingress: # hosts: # - chart-example.local -# pipelineConfig -- This section supports using Helm templates to populate dynamic values. See Observability Pipelines' -# [configuration documentation](https://docs.datadoghq.com/observability_pipelines/reference/) for all options. -pipelineConfig: {} -# sources: -# datadog_agents: -# type: datadog_agent -# address: 0.0.0.0:8282 -# multiple_outputs: true -# store_api_key: false -# sinks: -# datadog_logs: -# type: datadog_logs -# inputs: -# - datadog_agents.logs -# compression: gzip -# default_api_key: ${DD_API_KEY} -# site: ${DD_SITE} -# datadog_metrics: -# type: datadog_metrics -# inputs: -# - datadog_agents.metrics -# default_api_key: ${DD_API_KEY} -# site: ${DD_SITE} -# datadog_traces: -# type: datadog_traces -# inputs: -# - datadog_agents.traces -# default_api_key: ${DD_API_KEY} -# site: ${DD_SITE} - # extraVolumes -- Specify additional Volumes to use. extraVolumes: [] diff --git a/charts/private-action-runner/.helmignore b/charts/private-action-runner/.helmignore new file mode 100644 index 000000000..d618f3fcd --- /dev/null +++ b/charts/private-action-runner/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# Binaries +helm-docs diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md new file mode 100644 index 000000000..0307f7a95 --- /dev/null +++ b/charts/private-action-runner/CHANGELOG.md @@ -0,0 +1,98 @@ +# Datadog changelog + +## 0.15.4 + +* Update private action image version to `v0.1.10-beta` + +## 0.15.3 + +* Update private action image version to `v0.1.9-beta` + +## 0.15.2 + +* Update private action image version to `v0.1.8-beta` + +## 0.15.1 + +* Update private action image version to `v0.1.6-beta` + +## 0.15.0 + +* Update private action image version to `v0.1.5-beta` + +## 0.14.3 + +* Add GitLab private actions and fix image repository link. + +## 0.14.2 + +* Update private action image version to `v0.1.3-beta` + +## 0.14.1 + +* Update private action image version to `v0.1.2-beta` + +## 0.14.0 + +* Add support for `kubernetesActions`. + +## 0.13.0 + +* Update private action image version to `v0.1.1-beta` + +## 0.12.0 + +* Introduced `credentialFiles` key in `values.yaml` for secret management. Deprecated the `connectionCredentials` key +* Fixed issue where specifying connection secrets under `connectionCredentials` can result in the Helm chart generating malformed JSON + +## 0.11.0 + +* Added top level `port` configuration option, superseding `appBuilder.port`. Update the private action image to the beta image, `v0.1.0-beta`. + +### 0.10.0 + +* Update private action image version to `v0.0.1-alpha31`. + +### 0.9.1 + +* Added ability to configure connection credentials in `config.yaml`. + +### 0.9.0 + +* Update private action image version to `v0.0.1-alpha29`. + +### 0.8.1 + +* Minor tweaks to YAML formatting in the runner configuration + +### 0.8.0 + +* Send MANAGED_BY environment variable to container. Update private action image version to `v0.0.1-alpha28`. + +### 0.7.0 + +* Simplify README instructions to reflect the new Kubernetes UI. Split image value to be consistent with other charts. Fix bug requiring port for Workflow mode. + +### 0.6.0 + +* Update private action image version to `v0.0.1-alpha27`. + +### 0.5.0 + +* Update private action image version to `v0.0.1-alpha26`. + +### 0.4.0 + +* Revert private action image version to `v0.0.1-alpha24`, apply patch to fix labels in `deployments.yaml`, and add newlines to end of all yaml files. + +### 0.3.0 + +* Update private action image version to `v0.0.1-alpha25`. + +### 0.2.0 + +* Update private action image version to `v0.0.1-alpha24` and add port to example config. + +### 0.1.0 + +* Initial version diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml new file mode 100644 index 000000000..e0a6d1dc4 --- /dev/null +++ b/charts/private-action-runner/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: private-action-runner +description: A Helm chart to deploy the private action runner + +type: application +version: 0.15.4 +appVersion: "1.22.0" +keywords: +- app builder +- workflow automation +home: https://www.datadoghq.com +icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png +sources: +- https://docs.datadoghq.com/service_management/workflows/private_actions +- https://app.datadoghq.com/app-builder/private-action-runners +maintainers: +- name: Datadog + email: support@datadoghq.com diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md new file mode 100644 index 000000000..e95c90477 --- /dev/null +++ b/charts/private-action-runner/README.md @@ -0,0 +1,80 @@ +# Datadog Private Action Runner + +![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) + +This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. + +## How to use Datadog Helm repository + +You need to add this repository to your Helm repositories: + +``` +helm repo add datadog https://helm.datadoghq.com +helm repo update +``` + +## Requirements +* `kubectl` CLI is installed on my machine +* Helm is installed on my machine +* The permissions of my Kubernetes environment allow the Datadog Private Action Runner to read and write using a Kubernetes service account + +## Use this chart +1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Create a new Private Action Runner and follow the instructions for Kubernetes. + +## Use this chart with connection credentials +1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Create a new Private Action Runner and follow the instructions for Kubernetes. +3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `values.yaml`. + +## To use Kubernetes actions +1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). +2. Create a new connection, select your private action runner, and use **Service account authentication**. +3. Enable the actions you want in the Chart values using `kubernetesActions` (see [the example file](examples/values.yaml)). +4. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. + +## Going further +* Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). +* Deploy several runners with different permissions or create different connections according to your needs. +* Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.10-beta"}` | Current Datadog Private Action Runner image | +| credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | +| runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | +| runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | +| runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app | +| runners[0].config.modes | list | `["workflowAutomation","appBuilder"]` | Modes that the runner can run in | +| runners[0].config.port | int | `9016` | Port for HTTP server liveness checks and App Builder mode | +| runners[0].config.privateKey | string | `"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page | +| runners[0].config.urn | string | `"CHANGE_ME_URN_FROM_CONFIG"` | The runner's URN from the enrollment page | +| runners[0].kubernetesActions | object | `{"configMaps":[],"controllerRevisions":[],"cronJobs":[],"customObjects":[],"customResourceDefinitions":[],"daemonSets":[],"deployments":[],"endpoints":[],"events":[],"jobs":[],"limitRanges":[],"namespaces":[],"nodes":[],"persistentVolumeClaims":[],"persistentVolumes":[],"podTemplates":[],"pods":["get","list"],"replicaSets":[],"replicationControllers":[],"resourceQuotas":[],"serviceAccounts":[],"services":[],"statefulSets":[]}` | Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account | +| runners[0].kubernetesActions.configMaps | list | `[]` | Actions related to configMaps (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.controllerRevisions | list | `[]` | Actions related to controllerRevisions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.cronJobs | list | `[]` | Actions related to cronJobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.customObjects | list | `[]` | Actions related to customObjects (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple"). You also need to add appropriate `kubernetesPermissions`. | +| runners[0].kubernetesActions.customResourceDefinitions | list | `[]` | Actions related to customResourceDefinitions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.daemonSets | list | `[]` | Actions related to daemonSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.deployments | list | `[]` | Actions related to deployments (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart") | +| runners[0].kubernetesActions.endpoints | list | `[]` | Actions related to endpoints (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.events | list | `[]` | Actions related to events (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.jobs | list | `[]` | Actions related to jobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.limitRanges | list | `[]` | Actions related to limitRanges (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.namespaces | list | `[]` | Actions related to namespaces (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.nodes | list | `[]` | Actions related to nodes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.persistentVolumeClaims | list | `[]` | Actions related to persistentVolumeClaims (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.persistentVolumes | list | `[]` | Actions related to persistentVolumes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.podTemplates | list | `[]` | Actions related to podTemplates (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.pods | list | `["get","list"]` | Actions related to pods (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.replicaSets | list | `[]` | Actions related to replicaSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.replicationControllers | list | `[]` | Actions related to replicationControllers (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.resourceQuotas | list | `[]` | Actions related to resourceQuotas (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.serviceAccounts | list | `[]` | Actions related to serviceAccounts (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.services | list | `[]` | Actions related to services (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesActions.statefulSets | list | `[]` | Actions related to statefulSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") | +| runners[0].kubernetesPermissions | list | `[]` | Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) | +| runners[0].name | string | `"default"` | Name of the Datadog Private Action Runner | +| runners[0].replicas | int | `1` | Number of pod instances for the Datadog Private Action Runner | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl new file mode 100644 index 000000000..be874474a --- /dev/null +++ b/charts/private-action-runner/README.md.gotmpl @@ -0,0 +1,41 @@ +# Datadog Private Action Runner + +![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) + +This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. + +## How to use Datadog Helm repository + +You need to add this repository to your Helm repositories: + +``` +helm repo add datadog https://helm.datadoghq.com +helm repo update +``` + +## Requirements +* `kubectl` CLI is installed on my machine +* Helm is installed on my machine +* The permissions of my Kubernetes environment allow the Datadog Private Action Runner to read and write using a Kubernetes service account + +## Use this chart +1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Create a new Private Action Runner and follow the instructions for Kubernetes. + +## Use this chart with connection credentials +1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners). +2. Create a new Private Action Runner and follow the instructions for Kubernetes. +3. Configure [connection credentials](https://docs.datadoghq.com/service_management/workflows/private_actions/private_action_credentials) for the selected private actions via `values.yaml`. + +## To use Kubernetes actions +1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). +2. Create a new connection, select your private action runner, and use **Service account authentication**. +3. Enable the actions you want in the Chart values using `kubernetesActions` (see [the example file](examples/values.yaml)). +4. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. + +## Going further +* Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). +* Deploy several runners with different permissions or create different connections according to your needs. +* Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). + +{{ template "chart.valuesSection" . }} diff --git a/charts/private-action-runner/ci/kubeconform-values.yaml b/charts/private-action-runner/ci/kubeconform-values.yaml new file mode 100644 index 000000000..4522b0137 --- /dev/null +++ b/charts/private-action-runner/ci/kubeconform-values.yaml @@ -0,0 +1,9 @@ +runners: + - name: "default" + config: + # -- Base URL of the Datadog app + ddBaseURL: "https://app.datadoghq.com" + # -- The runner's URN from the enrollment page + urn: "urn:dd:apps:on-prem-runner:us1:2:runner-CI_TEST_ONLY" + # -- The runner's privateKey from the enrollment page + privateKey: "eyJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImtpZCI6IkxXbl9LLU9qbXQ4TFJ6TWdjbFY4dTRMYUVsdF9mZGpCN2RXdlJ2TkVhN2ciLCJjcnYiOiJQLTI1NiIsImFsZyI6IkVTMjU2IiwieCI6Imd3MVFKNVBQQXJmZk56XzdmWmZxX0xMYjhTV0MyaXhJUDFBbDh2SjJmVTgiLCJ5IjoiRjQ4VGRWZVhIRnpack05N1BwbnFMZFRUOG9iWDdKa2N5d3RzQ2RhLXRpayIsImQiOiJaczdDQ0MzMkRJQkpuaUZ5S1hFV0VvWThrZ1ZXMTVZbGdTYU9ISm5uX1drIn0" diff --git a/charts/private-action-runner/examples/values.yaml b/charts/private-action-runner/examples/values.yaml new file mode 100644 index 000000000..7d2106f39 --- /dev/null +++ b/charts/private-action-runner/examples/values.yaml @@ -0,0 +1,174 @@ +runners: + - name: "custom-runner" + # Replace this section with the output of the private action runner enrollment process with the `--enroll-and-print-config` flag + config: + ddBaseURL: "https://app.datadoghq.com" + urn: "CHANGE_ME_URN_FROM_CONFIG" + privateKey: "CHANGE_ME_PRIVATE_KEY_FROM_CONFIG" + modes: + - appBuilder + - workflowAutomation + port: 9016 + actionsAllowlist: + - com.datadoghq.http.request + # -- Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account + kubernetesActions: + controllerRevisions: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + daemonSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + deployments: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart"] + replicaSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + statefulSets: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + cronJobs: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + configMaps: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + endpoints: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + events: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + limitRanges: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + namespaces: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + nodes: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + persistentVolumes: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + persistentVolumeClaims: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + pods: ["get", "list" ] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + podTemplates: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + replicationControllers: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + resourceQuotas: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + services: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + serviceAccounts: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + customResourceDefinitions: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + jobs: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + customObjects: [] # select your actions among ["get", "list", "create", "update", "patch", "delete", "deleteMultiple"] + # -- Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) + kubernetesPermissions: + # CRD example +# - apiGroups: +# - "example.com" +# resources: +# - "tests" +# verbs: +# - "list" +# - "get" +# - "create" +# - "patch" +# - "update" +# - "delete" +# credential files provided here will be mounted in /etc/dd-action-runner/ +# it is safe to remove unneeded files from this section +credentialFiles: + - fileName: "http_basic_creds.json" + data: | + { + "auth_type": "Basic Auth", + "credentials": [ + { + "username": "USERNAME", + "password": "PASSWORD" + } + ] + } + - fileName: "http_token_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "TOKEN1", + "tokenValue": "VALUE1" + } + ] + } + - fileName: "jenkins_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "username": "localhost:7233", + "token": "TOKEN", + "domain": "DOMAIN" + } + ] + } + - fileName: "creds.pgpass" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "host", + "tokenValue": "HOST" + }, + { + "tokenName": "port", + "tokenValue": "5432" + }, + { + "tokenName": "user", + "tokenValue": "USER" + }, + { + "tokenName": "password", + "tokenValue": "PASSWORD" + }, + { + "tokenName": "database", + "tokenValue": "DATABASE" + }, + { + "tokenName": "sslmode", + "tokenValue": "verify-full" + }, + { + "tokenName": "applicationName", + "tokenValue": "OPTIONAL: application name" + }, + { + "tokenName": "searchPath", + "tokenValue": "OPTIONAL: search path" + } + ] + } + - fileName: "temporal_mtls_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "serverAddress", + "tokenValue": "SERVERADDRESS" + }, + { + "tokenName": "serverNameOverride", + "tokenValue": "SERVERNAMEOERRIDE" + }, + { + "tokenName": "serverRootCACertificate", + "tokenValue": "SERVERROOTCACERTIFICATE" + }, + { + "tokenName": "clientCertPairCrt", + "tokenValue": "CLIENTCERTPAIRCRT" + }, + { + "tokenName": "clientCertPairKey", + "tokenValue": "CLIENTCERTPAIRKEY" + } + ] + } + - fileName: "temporal_tls_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "serverAddress", + "tokenValue": "SERVERADDRESS" + }, + { + "tokenName": "serverNameOverride", + "tokenValue": "SERVERNAMEOERRIDE" + }, + { + "tokenName": "serverRootCACertificate", + "tokenValue": "CLIENTCERTPAIRKEY" + } + ] + } diff --git a/charts/synthetics-private-location/ci/kubeval-values.yaml b/charts/private-action-runner/templates/NOTES.txt similarity index 100% rename from charts/synthetics-private-location/ci/kubeval-values.yaml rename to charts/private-action-runner/templates/NOTES.txt diff --git a/charts/private-action-runner/templates/_helpers.tpl b/charts/private-action-runner/templates/_helpers.tpl new file mode 100644 index 000000000..34ffa291b --- /dev/null +++ b/charts/private-action-runner/templates/_helpers.tpl @@ -0,0 +1,205 @@ +{{- define "chart.deploymentName" }} "private-action-runner-{{.}}" {{ end }} +{{- define "chart.serviceAccountName" }} "private-action-runner-{{.}}-serviceaccount" {{ end }} +{{- define "chart.roleName" }} "private-action-runner-{{.}}-role" {{ end }} +{{- define "chart.roleBindingName" }} "private-action-runner-{{.}}-rolebinding" {{ end }} +{{- define "chart.serviceName" }} "private-action-runner-{{.}}-service" {{ end }} +{{- define "chart.secretName" }} "private-action-runner-{{.}}-secrets" {{ end }} + +{{- define "chart.credentialFiles" -}} +{{- if hasKey $.Values "credentialFiles" }} +{{- range $c := $.Values.credentialFiles }} +{{ $c.fileName }}: | +{{ $c.data | indent 2 }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chart.basicAuth" -}} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.basicAuth $.Values.connectionCredentials.basicAuth.credentials }} +{{- range $c := $.Values.connectionCredentials.basicAuth.credentials }} +{{ $c.fileName }}: | + { + "auth_type": "Basic Auth", + "credentials": [ + { + "username": {{ $c.username | quote }}, + "password": {{ $c.password | quote }} + } + ] + } +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chart.tokenAuth" -}} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.tokenAuth $.Values.connectionCredentials.tokenAuth.credentials }} +{{- range $c := $.Values.connectionCredentials.tokenAuth.credentials }} +{{ $c.fileName }}: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": {{ $c.tokenName | quote }}, + "tokenValue": {{ $c.tokenValue | quote }} + } + ] + } +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chart.jenkinsAuth" -}} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.jenkinsAuth $.Values.connectionCredentials.jenkinsAuth.credentials }} +{{- range $c := $.Values.connectionCredentials.jenkinsAuth.credentials }} +{{ $c.fileName }}: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "username": {{ $c.username | quote }}, + "token": {{ $c.token | quote }}, + "domain": {{ $c.domain | quote }} + } + ] + } +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "chart.postgresAuth" -}} +{{- if and $.Values.connectionCredentials $.Values.connectionCredentials.postgresAuth $.Values.connectionCredentials.postgresAuth.credentials }} +{{- range $c := $.Values.connectionCredentials.postgresAuth.credentials }} +{{ $c.fileName }}: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "host", + "tokenValue": {{ $c.host | quote }} + }, + { + "tokenName": "port", + "tokenValue": {{ $c.port | quote }} + }, + { + "tokenName": "user", + "tokenValue": {{ $c.user | quote }} + }, + { + "tokenName": "password", + "tokenValue": {{ $c.password | quote }} + }, + { + "tokenName": "database", + "tokenValue": {{ $c.database | quote }} + }, + { + "tokenName": "sslmode", + "tokenValue": {{ $c.sslMode | quote }} + }, + {{- if $c.applicationName }} + { + "tokenName": "applicationName", + "tokenValue": {{ $c.applicationName | quote }} + }, + {{ end }} + {{- if $c.searchPath }} + { + "tokenName": "searchPath", + "tokenValue": {{ $c.searchPath | quote }} + } + {{ end }} + ] + } +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Defines an RBAC rule for provided apiGroup, resource type and allowed verbs +*/}} +{{- define "rbacRule" }} +- apiGroups: + - {{ .apiGroup }} + resources: + - {{ .resource }} + verbs: +{{- range $_, $verb := (.verbs | uniq) }} + - {{ $verb }} +{{- end }} +{{- end }} + +{{/* +Map from plural(resourceName) to actionBundle +*/}} +{{- define "chart.k8sResourceMap" -}} +{{- $resourceMap := dict + "customResourceDefinitions" "apiextensions" + "controllerRevisions" "apps" + "daemonSets" "apps" + "deployments" "apps" + "replicaSets" "apps" + "statefulSets" "apps" + "cronJobs" "batch" + "jobs" "batch" + "configMaps" "core" + "endpoints" "core" + "events" "core" + "limitRanges" "core" + "namespaces" "core" + "nodes" "core" + "persistentVolumes" "core" + "persistentVolumeClaims" "core" + "pods" "core" + "podTemplates" "core" + "replicationControllers" "core" + "resourceQuotas" "core" + "services" "core" + "serviceAccounts" "core" +}} +{{- toYaml $resourceMap -}} +{{- end -}} + +{{/* +Turns a plural(resourceName) into a singular(resourceName) +*/}} +{{- define "chart.k8sResourceSingular" -}} +{{- $resource := . -}} +{{- if eq $resource "endpoints" -}} + {{- $resource -}} +{{- else -}} + {{- printf "%s" (trimSuffix "s" $resource) -}} +{{- end -}} +{{- end -}} + +{{/* +Returns the kubernetes apiGroup for the plural(resourceName) +*/}} +{{- define "chart.k8sApiGroup" -}} +{{- $bundle := . -}} +{{- if eq $bundle "apiextensions" -}} +apiextensions.k8s.io +{{- else if eq $bundle "core" -}} +"" +{{- else -}} + {{- $bundle -}} +{{- end -}} +{{- end -}} + +{{/* +Transform a list of actions into the list of k8s verbs that are required to perform those actions +*/}} +{{- define "chart.k8sVerbs" -}} +{{- $actions := . -}} +{{- $allVerbs := list -}} +{{- range $action := $actions }} + {{- if eq $action "deleteMultiple" -}} + {{- $allVerbs = concat $allVerbs (list "delete" "list") -}} + {{- else if eq $action "restart" -}} + {{- $allVerbs = append $allVerbs "patch" -}} + {{- else -}} + {{- $allVerbs = append $allVerbs $action -}} + {{- end -}} +{{- end -}} +{{- $allVerbs | toJson -}} +{{- end -}} diff --git a/charts/private-action-runner/templates/deployment.yaml b/charts/private-action-runner/templates/deployment.yaml new file mode 100644 index 000000000..b6a9ac64e --- /dev/null +++ b/charts/private-action-runner/templates/deployment.yaml @@ -0,0 +1,55 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "chart.deploymentName" $runner.name }} + namespace: {{ $.Release.Namespace }} + labels: + service: {{ include "chart.serviceName" $runner.name }} + app: {{ include "chart.deploymentName" $runner.name }} +spec: + minReadySeconds: 10 + replicas: {{ $runner.replicas }} + selector: + matchLabels: + app: {{ include "chart.deploymentName" $runner.name }} + template: + metadata: + labels: + app: {{ include "chart.deploymentName" $runner.name }} + service: {{ include "chart.serviceName" $runner.name }} + annotations: + config-hash: {{ $runner | toJson | sha256sum }} + spec: + serviceAccountName: {{ include "chart.serviceAccountName" $runner.name }} + tolerations: + - effect: NoSchedule + key: node + operator: Equal + value: nodeless + containers: + - name: runner + image: "{{ $.Values.common.image.repository }}:{{ $.Values.common.image.tag }}" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9016 + resources: + limits: + cpu: 250m + memory: 2Gi + requests: + cpu: 250m + memory: 2Gi + volumeMounts: + - name: secrets + mountPath: /etc/dd-action-runner + env: + - name: MANAGED_BY + value: "helm" + volumes: + - name: secrets + secret: + secretName: {{ include "chart.secretName" $runner.name }} +{{- end }} diff --git a/charts/private-action-runner/templates/role.yaml b/charts/private-action-runner/templates/role.yaml new file mode 100644 index 000000000..17e65e76e --- /dev/null +++ b/charts/private-action-runner/templates/role.yaml @@ -0,0 +1,19 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: {{ $.Release.Namespace }} + name: {{ include "chart.roleName" $runner.name }} +rules: +{{- if $runner.kubernetesPermissions }} +{{ $runner.kubernetesPermissions | toYaml }} +{{- end }} +{{- if $runner.kubernetesActions }} + {{- range $resourceType, $bundle := fromYaml (include "chart.k8sResourceMap" .) }} + {{- if index $runner.kubernetesActions $resourceType }} + {{- include "rbacRule" (dict "apiGroup" (include "chart.k8sApiGroup" $bundle) "resource" (lower $resourceType) "verbs" (fromJsonArray (include "chart.k8sVerbs" (index $runner.kubernetesActions $resourceType))))}} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/private-action-runner/templates/rolebinding.yaml b/charts/private-action-runner/templates/rolebinding.yaml new file mode 100644 index 000000000..213e421a2 --- /dev/null +++ b/charts/private-action-runner/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "chart.roleBindingName" $runner.name }} + namespace: {{ $.Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "chart.roleName" $runner.name }} +subjects: + - kind: ServiceAccount + name: {{ include "chart.serviceAccountName" $runner.name }} + namespace: {{ $.Release.Namespace }} +{{- end }} diff --git a/charts/private-action-runner/templates/secrets.yaml b/charts/private-action-runner/templates/secrets.yaml new file mode 100644 index 000000000..63c1d70b5 --- /dev/null +++ b/charts/private-action-runner/templates/secrets.yaml @@ -0,0 +1,48 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "chart.secretName" $runner.name }} + namespace: {{ $.Release.Namespace }} +stringData: + config.yaml: | + ddBaseURL: {{ $runner.config.ddBaseURL }} + urn: {{ $runner.config.urn }} + privateKey: {{ $runner.config.privateKey }} + modes: + {{- range $mode := $runner.config.modes }} + - {{ $mode }} + {{- end }} + {{- if $runner.config.port }} + port: {{ $runner.config.port }} + {{- else if $runner.config.appBuilder }} + port: {{ $runner.config.appBuilder.port }} + {{- end }} + {{- if $runner.config.httpServerWriteTimeout }} + httpServerWriteTimeout: {{ $runner.config.httpServerWriteTimeout }} + {{- end }} + actionsAllowlist: + {{- range $action := $runner.config.actionsAllowlist }} + - {{ $action }} + {{- end }} + {{- if $runner.kubernetesActions }} + {{- range $resourceType, $bundle := fromYaml (include "chart.k8sResourceMap" .) }} + {{- range $verb := (index $runner.kubernetesActions $resourceType) }} + - com.datadoghq.kubernetes.{{ $bundle }}.{{ $verb }}{{ upper (substr 0 1 $resourceType)}}{{ substr 1 -1 (include "chart.k8sResourceSingular" $resourceType) }}{{ if eq $verb "deleteMultiple" }}s{{ end }} + {{- end }} + {{- end }} + {{- end }} + {{- if $runner.kubernetesActions }} + {{- if $runner.kubernetesActions.customObjects }} + {{- range $verb := index $runner.kubernetesActions.customObjects }} + - com.datadoghq.kubernetes.customresources.{{ $verb }}CustomObject{{ if eq $verb "deleteMultiple" }}s{{ end }} + {{- end }} + {{- end}} + {{- end}} + {{- include "chart.credentialFiles" $ | indent 2 }} + {{- include "chart.basicAuth" $ | indent 2 }} + {{- include "chart.tokenAuth" $ | indent 2 }} + {{- include "chart.jenkinsAuth" $ | indent 2 }} + {{- include "chart.postgresAuth" $ | indent 2 }} +{{- end }} diff --git a/charts/private-action-runner/templates/service.yaml b/charts/private-action-runner/templates/service.yaml new file mode 100644 index 000000000..27d69cbb2 --- /dev/null +++ b/charts/private-action-runner/templates/service.yaml @@ -0,0 +1,15 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chart.serviceName" $runner.name }} + namespace: {{ $.Release.Namespace }} +spec: + selector: + service: {{ include "chart.serviceName" $runner.name }} + ports: + - name: http + port: 9016 + targetPort: 9016 +{{- end }} diff --git a/charts/private-action-runner/templates/serviceaccount.yaml b/charts/private-action-runner/templates/serviceaccount.yaml new file mode 100644 index 000000000..4b66d43f1 --- /dev/null +++ b/charts/private-action-runner/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- range $_, $runner := $.Values.runners }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.serviceAccountName" $runner.name }} + namespace: {{ $.Release.Namespace }} +{{- end }} diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml new file mode 100644 index 000000000..5fefaa9cf --- /dev/null +++ b/charts/private-action-runner/values.yaml @@ -0,0 +1,86 @@ +# Default values for private-action-runner. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +common: + # -- Current Datadog Private Action Runner image + image: + repository: gcr.io/datadoghq/private-action-runner + tag: v0.1.10-beta + +runners: + # runners[0].name -- Name of the Datadog Private Action Runner + - name: "default" + # -- Number of pod instances for the Datadog Private Action Runner + replicas: 1 + # -- Configuration for the Datadog Private Action Runner + config: + # -- Base URL of the Datadog app + ddBaseURL: "https://app.datadoghq.com" + # -- The runner's URN from the enrollment page + urn: "CHANGE_ME_URN_FROM_CONFIG" + # -- The runner's privateKey from the enrollment page + privateKey: "CHANGE_ME_PRIVATE_KEY_FROM_CONFIG" + # -- Modes that the runner can run in + modes: + - "workflowAutomation" + - "appBuilder" + # -- Port for HTTP server liveness checks and App Builder mode + port: 9016 + # -- List of actions that the Datadog Private Action Runner is allowed to execute + actionsAllowlist: [] + # -- Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account + kubernetesActions: + # -- Actions related to controllerRevisions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + controllerRevisions: [] + # -- Actions related to daemonSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + daemonSets: [] + # -- Actions related to deployments (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple", "restart") + deployments: [] + # -- Actions related to replicaSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + replicaSets: [] + # -- Actions related to statefulSets (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + statefulSets: [] + # -- Actions related to cronJobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + cronJobs: [] + # -- Actions related to configMaps (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + configMaps: [] + # -- Actions related to endpoints (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + endpoints: [] + # -- Actions related to events (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + events: [] + # -- Actions related to limitRanges (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + limitRanges: [] + # -- Actions related to namespaces (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + namespaces: [] + # -- Actions related to nodes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + nodes: [] + # -- Actions related to persistentVolumes (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + persistentVolumes: [] + # -- Actions related to persistentVolumeClaims (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + persistentVolumeClaims: [] + # -- Actions related to pods (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + pods: ["get", "list"] + # -- Actions related to podTemplates (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + podTemplates: [] + # -- Actions related to replicationControllers (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + replicationControllers: [] + # -- Actions related to resourceQuotas (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + resourceQuotas: [] + # -- Actions related to services (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + services: [] + # -- Actions related to serviceAccounts (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + serviceAccounts: [] + # -- Actions related to customResourceDefinitions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + customResourceDefinitions: [] + # -- Actions related to jobs (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") + jobs: [] + # -- Actions related to customObjects (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple"). You also need to add appropriate `kubernetesPermissions`. + customObjects: [] + # -- Kubernetes permissions to provide in addition to the one that will be inferred from `kubernetesActions` (useful for customObjects) + kubernetesPermissions: [] + +# -- List of credential files to be used by the Datadog Private Action Runner +credentialFiles: [] +# see examples/values.yaml for examples on how to specify secrets +# credential files provided here will be mounted in /etc/dd-action-runner/ diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 49cb64fc2..6e417352f 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,77 @@ # Datadog changelog +## 0.17.6 + +* Add optional annotations for service account. + +## 0.17.5 + +* Update private location image version to `1.54.0`. + +## 0.17.4 + +* Update private location image version to `1.53.0`. + +## 0.17.3 + +* Update private location image version to `1.52.0`. + +## 0.17.2 + +* Update private location image version to `1.51.0`. + +## 0.17.1 + +* Update private location image version to `1.50.0`. + +## 0.17.0 + +* Add `podDisruptionBudget` to allow creating and configuring PodDisruptionBudget for deployment. + +## 0.16.4 + +* Update private location image version to `1.49.0`. + +## 0.16.3 + +* Add dnsConfig to DD private location Pod + +## 0.16.2 + +* Update private location image version to `1.48.0`. + +## 0.16.1 + +* Update private location image version to `1.47.0`. + +## 0.16.0 + +* Add `podLabels` value to allow setting labels that only appear on the pods managed by the deployment. + +## 0.15.31 + +* Fix `env` indentation in Deployment template. + +## 0.15.30 + +* Fix `envFrom` indentation in Deployment template. + +## 0.15.29 + +* Update Kubernetes deployment template to set `DATADOG_WORKER_ENABLE_STATUS_PROBES` environment variable when `enableStatusProbes` value is defined. + +## 0.15.28 + +* Update private location image version to `1.46.0`. + +## 0.15.27 + +* Update private location image version to `1.45.0`. + +## 0.15.26 + +* Migrate from `kubeval` to `kubeconform` for ci chart validation. + ## 0.15.25 * Update private location image version to `1.44.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 467126e38..7d230dc66 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.15.25 -appVersion: 1.44.0 +version: 0.17.6 +appVersion: 1.54.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 098c16bc2..ca6824c55 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,8 +1,8 @@ # Datadog Synthetics Private Location -![Version: 0.15.25](https://img.shields.io/badge/Version-0.15.25-informational?style=flat-square) ![AppVersion: 1.44.0](https://img.shields.io/badge/AppVersion-1.44.0-informational?style=flat-square) +![Version: 0.17.6](https://img.shields.io/badge/Version-0.17.6-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). ## How to use Datadog Helm repository @@ -30,6 +30,7 @@ helm install datadog/synthetics-private-location --set-file confi | configConfigMap | string | `""` | Config Map that stores the configuration of the private location worker for the deployment | | configFile | string | `"{}"` | JSON string containing the configuration of the private location worker | | configSecret | string | `""` | Name of the secret that stores the configuration of the private location worker for the deployment. Use it only if you want to manage the secret outside of the Helm chart as using `configFile` will create a secret. The `data` inside the secret needs to have the key `synthetics-check-runner.json`. | +| dnsConfig | object | `{}` | DNS Config to set to the Datadog Synthetics Private Location PODs | | dnsPolicy | string | `"ClusterFirst"` | DNS Policy to set to the Datadog Synthetics Private Location PODs | | enableStatusProbes | bool | `false` | Enable both liveness and readiness probes (minimal private location image version required: 1.12.0) | | env | list | `[]` | Set environment variables | @@ -40,16 +41,19 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.44.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.54.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | | podAnnotations | object | `{}` | Annotations to set to Datadog Synthetics Private Location PODs | +| podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Allows to create and configure PodDisruptionBudget for Datadog Synthetics Private Location deployment | +| podLabels | object | `{}` | Labels to be placed on pods managed by the deployment | | podSecurityContext | object | `{}` | Security context to set to Datadog Synthetics Private Location PODs | | priorityClassName | string | `""` | Allows to specify PriorityClass for Datadog Synthetics Private Location PODs | | replicaCount | int | `1` | Number of instances of Datadog Synthetics Private Location | | resources | object | `{}` | Set resources requests/limits for Datadog Synthetics Private Location PODs | | securityContext | object | `{}` | Security context to set to the Datadog Synthetics Private Location container | +| serviceAccount.annotations | object | `{}` | Annotations for the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set name is generated using the fullname template | | tolerations | list | `[]` | Allows to schedule Datadog Synthetics Private Location on tainted nodes | diff --git a/charts/synthetics-private-location/README.md.gotmpl b/charts/synthetics-private-location/README.md.gotmpl index b828a93d4..d24fee838 100644 --- a/charts/synthetics-private-location/README.md.gotmpl +++ b/charts/synthetics-private-location/README.md.gotmpl @@ -2,7 +2,7 @@ {{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations). +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). ## How to use Datadog Helm repository diff --git a/charts/synthetics-private-location/ci/kubeconform-values.yaml b/charts/synthetics-private-location/ci/kubeconform-values.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/charts/synthetics-private-location/templates/_helpers.tpl b/charts/synthetics-private-location/templates/_helpers.tpl index 48469bb11..a053a40ce 100644 --- a/charts/synthetics-private-location/templates/_helpers.tpl +++ b/charts/synthetics-private-location/templates/_helpers.tpl @@ -63,3 +63,14 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Return the appropriate apiVersion for PodDisruptionBudget policy APIs. +*/}} +{{- define "policy.poddisruptionbudget.apiVersion" -}} +{{- if or (.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget") (semverCompare ">=1.21" .Capabilities.KubeVersion.Version) -}} +"policy/v1" +{{- else -}} +"policy/v1beta1" +{{- end -}} +{{- end -}} diff --git a/charts/synthetics-private-location/templates/deployment.yaml b/charts/synthetics-private-location/templates/deployment.yaml index 0926e953c..8a6115cf7 100644 --- a/charts/synthetics-private-location/templates/deployment.yaml +++ b/charts/synthetics-private-location/templates/deployment.yaml @@ -17,10 +17,17 @@ spec: {{- end }} labels: {{- include "synthetics-private-location.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{ if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy}} {{ end }} + {{- with .Values.dnsConfig }} + dnsConfig: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} @@ -65,14 +72,20 @@ spec: {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} -{{- if .Values.envFrom }} + {{- if .Values.envFrom }} envFrom: -{{ toYaml .Values.envFrom | indent 12 }} -{{- end }} -{{- if .Values.env }} + {{- toYaml .Values.envFrom | nindent 12 }} + {{- end }} + {{- if or (.Values.env) (.Values.enableStatusProbes) }} env: -{{ toYaml .Values.env | indent 12 }} -{{- end }} + {{- if .Values.enableStatusProbes }} + - name: DATADOG_WORKER_ENABLE_STATUS_PROBES + value: {{ .Values.enableStatusProbes | quote }} + {{- end }} + {{- if .Values.env }} + {{- toYaml .Values.env | nindent 12 }} + {{- end }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/synthetics-private-location/templates/pdb.yaml b/charts/synthetics-private-location/templates/pdb.yaml new file mode 100644 index 000000000..5cc5ed0ae --- /dev/null +++ b/charts/synthetics-private-location/templates/pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.podDisruptionBudget.enabled -}} +apiVersion: {{ template "policy.poddisruptionbudget.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "synthetics-private-location.fullname" . }} + labels: + {{- include "synthetics-private-location.labels" . | nindent 4 }} +spec: +{{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: {{- include "synthetics-private-location.selectorLabels" . | nindent 6 }} +{{- end -}} diff --git a/charts/synthetics-private-location/templates/service_account.yaml b/charts/synthetics-private-location/templates/service_account.yaml index e4b556b71..0f6caa868 100644 --- a/charts/synthetics-private-location/templates/service_account.yaml +++ b/charts/synthetics-private-location/templates/service_account.yaml @@ -5,4 +5,8 @@ metadata: name: {{ template "synthetics-private-location.serviceAccountName" . }} labels: {{ include "synthetics-private-location.labels" . | indent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end -}} diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index ac7c9705b..c92dfd539 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,10 +15,12 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.44.0 + tag: 1.54.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst +# dnsConfig -- DNS Config to set to the Datadog Synthetics Private Location PODs +dnsConfig: {} # imagePullSecrets -- Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) imagePullSecrets: [] @@ -32,6 +34,8 @@ serviceAccount: create: true # serviceAccount.name -- The name of the service account to use. If not set name is generated using the fullname template name: "" + # serviceAccount.annotations -- Annotations for the service account + annotations: {} # Create a ConfigMap containing the PEM files of your custom CA Root certificate # Then add it as an extra volume mounted on /etc/datadog/certs/ @@ -52,6 +56,9 @@ extraVolumeMounts: [] # podAnnotations -- Annotations to set to Datadog Synthetics Private Location PODs podAnnotations: {} +# podLabels -- Labels to be placed on pods managed by the deployment +podLabels: {} + # podSecurityContext -- Security context to set to Datadog Synthetics Private Location PODs podSecurityContext: {} # fsGroup: 2000 @@ -119,3 +126,9 @@ enableStatusProbes: false # priorityClassName -- Allows to specify PriorityClass for Datadog Synthetics Private Location PODs priorityClassName: "" + +# podDisruptionBudget -- Allows to create and configure PodDisruptionBudget for Datadog Synthetics Private Location deployment +podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 1 diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml new file mode 100644 index 000000000..5c4ed60b7 --- /dev/null +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -0,0 +1,430 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadogagentprofiles.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogAgentProfile + listKind: DatadogAgentProfileList + plural: datadogagentprofiles + shortNames: + - dap + singular: datadogagentprofile + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.valid + name: valid + type: string + - jsonPath: .status.applied + name: applied + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogAgentProfile is the Schema for the datadogagentprofiles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogAgentProfileSpec defines the desired state of DatadogAgentProfile + properties: + config: + properties: + override: + additionalProperties: + properties: + containers: + additionalProperties: + properties: + env: + description: |- + Specify additional environment variables in the container. + See also: https://docs.datadoghq.com/agent/guide/environment-variables/ + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + description: |- + Specify the Request and Limits of the pods. + To get guaranteed QoS class, specify requests and limits equal. + See also: http://kubernetes.io/docs/user-guide/compute-resources/ + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + description: |- + Configure the basic configurations for an Agent container + Valid Agent container names are: `agent` + type: object + labels: + additionalProperties: + type: string + description: Labels provide labels that are added to the Datadog Agent pods. + type: object + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + updateStrategy: + description: |- + The deployment strategy to use to replace existing pods with new ones. + Valid types are `RollingUpdate` or `OnDelete` for DaemonSets + properties: + rollingUpdate: + description: Configure the rolling update strategy of the Deployment or DaemonSet. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge behaves differently based on the Kubernetes resource. Refer to the + Kubernetes API documentation for additional details. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of pods that can be unavailable during the update. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Refer to the Kubernetes API documentation for additional details.. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type can be "RollingUpdate" or "OnDelete" for DaemonSets and "RollingUpdate" + or "Recreate" for Deployments + type: string + type: object + type: object + description: Override the default configurations of the node agent. + type: object + type: object + profileAffinity: + properties: + profileNodeAffinity: + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + type: object + type: object + status: + description: DatadogAgentProfileStatus defines the observed state of DatadogAgentProfile + properties: + applied: + description: Applied shows whether the DatadogAgentProfile conflicts with an existing DatadogAgentProfile. + type: string + conditions: + description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + createStrategy: + description: CreateStrategy is the state of the create strategy feature. + properties: + lastTransition: + description: LastTransition is the last time the status was updated. + format: date-time + type: string + maxUnavailable: + description: MaxUnavailable shows the number of pods that can be in an unready state. + format: int32 + type: integer + nodesLabeled: + description: NodesLabeled shows the number of nodes currently labeled. + format: int32 + type: integer + podsReady: + description: PodsReady shows the number of pods in the ready state. + format: int32 + type: integer + status: + description: Status shows the current state of the feature. + type: string + type: object + currentHash: + description: CurrentHash is the stored hash of the DatadogAgentProfile. + type: string + lastUpdate: + description: LastUpdate is the last time the status was updated. + format: date-time + type: string + valid: + description: Valid shows if the DatadogAgentProfile has a valid config spec. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index 5e46ad034..cd982f6df 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com spec: group: datadoghq.com @@ -19,9 +17,6 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - jsonPath: .status.agent.status name: agent type: string @@ -34,7 +29,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: age type: date - name: v1alpha1 + name: v2alpha1 schema: openAPIV3Schema: properties: @@ -46,205 +41,153 @@ spec: type: object spec: properties: - agent: + features: properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: + admissionController: properties: - nodeAffinity: + agentCommunicationMode: + type: string + agentSidecarInjection: properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: properties: - nodeSelectorTerms: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: items: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array + name: + default: "" + type: string type: object + x-kubernetes-map-type: atomic type: array - required: - - nodeSelectorTerms + tag: + type: string type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: + profiles: items: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: key: type: string - operator: + name: + default: "" type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: properties: key: type: string - operator: + name: + default: "" type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: properties: - matchExpressions: + claims: items: properties: - key: + name: type: string - operator: + request: type: string - values: - items: - type: string - type: array required: - - key - - operator + - name type: object type: array - matchLabels: + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: namespaceSelector: properties: matchExpressions: @@ -258,101 +201,20 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + x-kubernetes-map-type: atomic + objectSelector: properties: matchExpressions: items: @@ -365,1719 +227,923 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + mutation: + properties: + enabled: + type: boolean + type: object + registry: + type: string + serviceName: + type: string + validation: + properties: + enabled: + type: boolean type: object + webhookName: + type: string type: object apm: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic enabled: type: boolean - env: - items: - properties: - name: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: type: string - value: + type: array + x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object + libVersions: + additionalProperties: type: string - valueFrom: - properties: - configMapKeyRef: + type: object + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object - failureThreshold: + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: format: int32 type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: properties: - host: - type: string - httpHeaders: + items: items: properties: - name: + key: type: string - value: + mode: + format: int32 + type: integer + path: type: string required: - - name - - value + - key + - path type: object type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true type: object type: object - unixDomainSocket: + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: properties: enabled: type: boolean - hostFilepath: + path: type: string type: object - volumeMounts: + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + collectedEventTypes: items: properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + kind: type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic required: - - mountPath - - name + - kind + - reasons type: object type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object - config: + externalMetricsServer: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: + enabled: type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: + endpoint: properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: + credentials: properties: - configData: + apiKey: type: string - configMap: + apiSecret: properties: - fileKey: + keyName: type: string - name: + secretName: type: string + required: + - secretName type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: + appKey: type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object type: object + url: + type: string type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: format: int32 type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: type: boolean - livenessProbe: + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: + configData: + type: string + configMap: properties: - host: - type: string - httpHeaders: + items: items: properties: - name: + key: type: string - value: + mode: + format: int32 + type: integer + path: type: string required: - - name - - value + - key + - path type: object type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string type: object - podAnnotationsAsTags: - additionalProperties: + customResources: + items: type: string - type: object - podLabelsAsTags: - additionalProperties: + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: type: string - type: object - readinessProbe: + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + protocols: properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object type: object type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + global: + properties: + checksTagCardinality: + type: string + clusterAgentToken: + type: string + clusterAgentTokenSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + clusterName: + type: string + containerStrategy: + type: string + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + criSocketPath: + type: string + disableNonResourceRules: + type: boolean + dockerSocketPath: + type: string + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: properties: - localhostProfile: + keyName: type: string - type: + secretName: type: string required: - - type + - secretName type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: + appKey: + type: string + appSecret: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: + keyName: type: string - hostProcess: - type: boolean - runAsUserName: + secretName: type: string + required: + - secretName type: object type: object - tags: - items: + url: + type: string + type: object + env: + items: + properties: + name: type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: + value: + type: string + valueFrom: properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: + configMapKeyRef: properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: + key: type: string - kind: + name: + default: "" type: string - readOnly: + optional: type: boolean required: - - diskName - - diskURI + - key type: object - azureFile: + x-kubernetes-map-type: atomic + fieldRef: properties: - readOnly: - type: boolean - secretName: + apiVersion: type: string - shareName: + fieldPath: type: string required: - - secretName - - shareName + - fieldPath type: object - cephfs: + x-kubernetes-map-type: atomic + resourceFieldRef: properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: + containerName: type: string - secretRef: - properties: - name: - type: string - type: object - user: + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string required: - - monitors + - resource type: object - cinder: + x-kubernetes-map-type: atomic + secretKeyRef: properties: - fsType: + key: type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: + name: + default: "" type: string + optional: + type: boolean required: - - volumeID + - key type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: properties: - name: + key: type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: + mode: + format: int32 + type: integer + path: type: string + required: + - key + - path type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: properties: - claimName: + name: + default: "" type: string - readOnly: - type: boolean - required: - - claimName type: object - photonPersistentDisk: + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + claims: + items: properties: - fsType: + name: type: string - pdID: + request: type: string required: - - pdID + - name type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object type: object + useHTTPS: + type: boolean type: object - daemonsetName: - type: string - deploymentStrategy: + kubelet: properties: - canary: + agentCAPath: + type: string + host: properties: - autoFail: + configMapKeyRef: properties: - canaryTimeout: + key: type: string - enabled: + name: + default: "" + type: string + optional: type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: type: string + required: + - fieldPath type: object - autoPause: + x-kubernetes-map-type: atomic + resourceFieldRef: properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string + required: + - resource type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: + x-kubernetes-map-type: atomic + secretKeyRef: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string + x-kubernetes-map-type: atomic type: object - reconcileFrequency: + hostCAPath: type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: + tlsVerify: + type: boolean + type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: type: string + type: object type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: type: string + type: object type: object - keepAnnotations: - type: string - keepLabels: - type: string localService: properties: - forceLocalServiceEnable: + forceEnableLocalService: type: boolean - overrideName: + nameOverride: type: string type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string + logLevel: + type: string + namespaceAnnotationsAsTags: + additionalProperties: + type: string + type: object + namespaceLabelsAsTags: + additionalProperties: + type: string type: object networkPolicy: properties: @@ -2097,3860 +1163,1033 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic flavor: type: string type: object - otlp: + nodeLabelsAsTags: + additionalProperties: + type: string + type: object + originDetectionUnified: properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object + enabled: + type: boolean + type: object + podAnnotationsAsTags: + additionalProperties: + type: string + type: object + podLabelsAsTags: + additionalProperties: + type: string type: object - priorityClassName: + registry: type: string - process: + runProcessChecksInCoreAgent: + type: boolean + secretBackend: properties: args: - items: - type: string - type: array - x-kubernetes-list-type: atomic + type: string command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: + type: string + enableGlobalPermissions: type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: + roles: items: properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + namespace: type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set required: - - mountPath - - name + - namespace + - secrets type: object type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: + timeout: + format: int32 + type: integer + type: object + site: + type: string + tags: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + override: + additionalProperties: + properties: + affinity: + properties: + nodeAffinity: properties: - name: - type: string - value: - type: string - valueFrom: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name + x-kubernetes-map-type: atomic type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: + podAffinity: properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - operator: + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: type: string - name: + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: + type: array + x-kubernetes-list-type: atomic + namespaceSelector: properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: + matchExpressions: + items: properties: - apiGroup: - type: string - kind: + key: type: string - name: + operator: type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - features: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - failurePolicy: - type: string - mutateUnlabelled: - type: boolean - serviceName: - type: string - webhookName: + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: type: string - type: object - apm: - properties: - enabled: - type: boolean - hostPortConfig: + type: object + containers: + additionalProperties: properties: - enabled: - type: boolean - hostPort: + appArmorProfileName: + type: string + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + healthPort: format: int32 type: integer - type: object - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: type: string - type: object - type: object - clusterChecks: - properties: - enabled: - type: boolean - useClusterChecksRunners: - type: boolean - type: object - cspm: - properties: - checkInterval: - type: string - customBenchmarks: - properties: - configData: + name: type: string - configMap: + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: properties: - items: + claims: items: properties: - key: + name: type: string - mode: - format: int32 - type: integer - path: + request: type: string required: - - key - - path + - name type: object type: array x-kubernetes-list-map-keys: - - key + - name x-kubernetes-list-type: map - name: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + seccompConfig: + properties: + customProfile: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customRootPath: type: string type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + - mountPath + x-kubernetes-list-type: map type: object - enabled: - type: boolean - hostBenchmarks: - properties: - enabled: - type: boolean - type: object - type: object - cws: - properties: - customPolicies: + type: object + createPodDisruptionBudget: + type: boolean + createRbac: + type: boolean + customConfigurations: + additionalProperties: properties: configData: type: string @@ -5978,665 +2217,603 @@ spec: type: string type: object type: object - enabled: - type: boolean - network: - properties: - enabled: - type: boolean - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - securityProfiles: - properties: - enabled: - type: boolean - type: object - syscallMonitorEnabled: - type: boolean - type: object - dogstatsd: - properties: - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - mapperProfiles: - properties: - configData: + type: object + disabled: + type: boolean + dnsConfig: + properties: + nameservers: + items: type: string - configMap: + type: array + x-kubernetes-list-type: atomic + options: + items: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map name: type: string + value: + type: string type: object - type: object - originDetectionEnabled: - type: boolean - tagCardinality: - type: string - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: + type: array + x-kubernetes-list-type: atomic + searches: + items: type: string - type: object - type: object - ebpfCheck: - properties: - enabled: - type: boolean - type: object - eventCollection: - properties: - collectKubernetesEvents: - type: boolean - type: object - externalMetricsServer: - properties: - enabled: - type: boolean - endpoint: + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + env: + items: properties: - credentials: + name: + type: string + value: + type: string + valueFrom: properties: - apiKey: - type: string - apiSecret: + configMapKeyRef: properties: - keyName: + key: type: string - secretName: + name: + default: "" type: string + optional: + type: boolean required: - - secretName + - key type: object - appKey: - type: string - appSecret: + x-kubernetes-map-type: atomic + fieldRef: properties: - keyName: + apiVersion: type: string - secretName: + fieldPath: type: string required: - - secretName - type: object - type: object - url: - type: string - type: object - port: - format: int32 - type: integer - registerAPIService: - type: boolean - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - kubeStateMetricsCore: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - liveContainerCollection: - properties: - enabled: - type: boolean - type: object - liveProcessCollection: - properties: - enabled: - type: boolean - scrubProcessArguments: - type: boolean - stripProcessArguments: - type: boolean - type: object - logCollection: - properties: - containerCollectAll: - type: boolean - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - npm: - properties: - collectDNSStats: - type: boolean - enableConntrack: - type: boolean - enabled: - type: boolean - type: object - oomKill: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - conf: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: properties: - configData: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: type: string - configMap: + secretRef: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map name: + default: "" type: string + optional: + type: boolean type: object + x-kubernetes-map-type: atomic type: object - customResources: - items: - type: string - type: array - x-kubernetes-list-type: set - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubContainers: - type: boolean - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: + type: array + extraChecksd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: + items: + items: properties: - enabled: - type: boolean - endpoint: + key: + type: string + mode: + format: int32 + type: integer + path: type: string + required: + - key + - path type: object - http: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + extraConfd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: + items: + items: properties: - enabled: - type: boolean - endpoint: + key: + type: string + mode: + format: int32 + type: integer + path: type: string + required: + - key + - path type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + hostNetwork: + type: boolean + hostPID: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + default: "" + type: string type: object - type: object - type: object - processDiscovery: - properties: - enabled: - type: boolean - type: object - prometheusScrape: - properties: - additionalConfigs: + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + labels: + additionalProperties: type: string - enableServiceEndpoints: - type: boolean - enabled: - type: boolean - version: - type: integer - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - sbom: - properties: - containerImage: - properties: - analyzers: - items: + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + priorityClassName: + type: string + replicas: + format: int32 + type: integer + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - enabled: - type: boolean - host: - properties: - analyzers: - items: + gmsaCredentialSpecName: type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - type: object - tcpQueueLength: - properties: - enabled: - type: boolean - type: object - usm: - properties: - enabled: - type: boolean - type: object - type: object - global: - properties: - clusterAgentToken: - type: string - clusterAgentTokenSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - clusterName: - type: string - credentials: - properties: - apiKey: + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountAnnotations: + additionalProperties: type: string - apiSecret: + type: object + serviceAccountName: + type: string + tolerations: + items: properties: - keyName: + effect: type: string - secretName: + key: type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: + operator: type: string - secretName: + tolerationSeconds: + format: int64 + type: integer + value: type: string - required: - - secretName type: object - type: object - criSocketPath: - type: string - dockerSocketPath: - type: string - endpoint: - properties: - credentials: + type: array + x-kubernetes-list-type: atomic + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + volumes: + items: properties: - apiKey: - type: string - apiSecret: + awsElasticBlockStore: properties: - keyName: + fsType: type: string - secretName: + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: type: string required: - - secretName + - volumeID type: object - appKey: - type: string - appSecret: + azureDisk: properties: - keyName: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean secretName: type: string + shareName: + type: string required: - secretName + - shareName type: object - type: object - url: - type: string - type: object - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: + cephfs: properties: - key: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean - required: - - key type: object - fieldRef: + x-kubernetes-map-type: atomic + csi: properties: - apiVersion: + driver: type: string - fieldPath: + fsType: type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object required: - - fieldPath + - driver type: object - resourceFieldRef: + downwardAPI: properties: - containerName: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: type: string - divisor: + sizeLimit: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource type: object - secretKeyRef: + ephemeral: properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - localService: - properties: - forceEnableLocalService: - type: boolean - nameOverride: - type: string - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - registry: - type: string - site: - type: string - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - override: - additionalProperties: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + volumeClaimTemplate: properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array + metadata: type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: + spec: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: + accessModes: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object type: object - namespaceSelector: + selector: properties: matchExpressions: items: @@ -6649,617 +2826,461 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object - namespaces: - items: - type: string - type: array - topologyKey: + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: type: string - required: - - topologyKey type: object - weight: - format: int32 - type: integer required: - - podAffinityTerm - - weight + - spec type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + properties: + key: type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - containers: - additionalProperties: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string + x-kubernetes-map-type: atomic name: type: string optional: type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: + path: type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: + signerName: type: string required: - - resource + - path type: object - secretKeyRef: + configMap: properties: - key: - type: string + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean - required: - - key type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic name: + default: "" type: string - value: - type: string - required: - - name - - value + optional: + type: boolean type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - name: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: + x-kubernetes-map-type: atomic + serviceAccountToken: properties: - name: + audience: type: string - value: + expirationSeconds: + format: int64 + type: integer + path: type: string required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic type: object - seccompConfig: + quobyte: properties: - customProfile: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customRootPath: + group: + type: string + readOnly: + type: boolean + registry: type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume type: object - securityContext: + rbd: properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: + fsType: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + secretRef: properties: - localhostProfile: - type: string - type: + name: + default: "" type: string - required: - - type type: object - windowsOptions: + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: + name: + default: "" type: string type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - type: object - createRbac: - type: boolean - customConfigurations: - additionalProperties: - properties: - configData: - type: string - configMap: + secret: properties: + defaultMode: + format: int32 + type: integer items: items: properties: @@ -7275,71 +3296,42 @@ spec: - path type: object type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: type: string type: object - type: object - type: object - disabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: + storageos: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + fsType: + type: string + readOnly: + type: boolean + secretRef: properties: - key: - type: string name: + default: "" type: string - optional: - type: boolean - required: - - key type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath type: object required: - name @@ -7348,1019 +3340,957 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map - extraChecksd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - extraConfd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: + type: object + type: object + type: object + status: + properties: + agent: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: type: string - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: + daemonsetName: type: string - replicas: + desired: format: int32 type: integer - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccountName: + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic + clusterAgent: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + clusterChecksRunner: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time type: string - tolerations: - items: + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: + agentCommunicationMode: type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumes: - items: - properties: - awsElasticBlockStore: + agentSidecarInjection: properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: + clusterAgentCommunicationEnabled: type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: type: string - kind: + registry: type: string - readOnly: - type: boolean - required: - - diskName - - diskURI + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic type: object - azureFile: + cwsInstrumentation: properties: - readOnly: + enabled: type: boolean - secretName: - type: string - shareName: + mode: type: string - required: - - secretName - - shareName type: object - cephfs: + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + mutation: properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: + enabled: type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors type: object - cinder: + registry: + type: string + serviceName: + type: string + validation: properties: - fsType: - type: string - readOnly: + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID type: object - configMap: + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: properties: - defaultMode: + enabled: + type: boolean + hostPort: format: int32 type: integer - items: + type: object + instrumentation: + properties: + disabledNamespaces: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - name: - type: string - optional: + x-kubernetes-list-type: set + enabled: type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + languageDetection: properties: - name: - type: string + enabled: + type: boolean type: object - readOnly: - type: boolean - volumeAttributes: + libVersions: additionalProperties: type: string type: object - required: - - driver type: object - downwardAPI: + unixDomainSocketConfig: properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array + enabled: + type: boolean + path: + type: string type: object - emptyDir: + type: object + asm: + properties: + iast: properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + enabled: + type: boolean type: object - ephemeral: + sca: properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object + enabled: + type: boolean type: object - fc: + threats: properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: + enabled: type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array type: object - flexVolume: + type: object + autoscaling: + properties: + workload: properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: + enabled: type: boolean - secretRef: + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: type: string type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string type: object - gcePersistentDisk: + enabled: + type: boolean + hostBenchmarks: properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: + enabled: type: boolean - required: - - pdName type: object - gitRepo: + type: object + cws: + properties: + customPolicies: properties: - directory: - type: string - repository: - type: string - revision: + configData: type: string - required: - - repository + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object type: object - glusterfs: + enabled: + type: boolean + network: properties: - endpoints: - type: string - path: - type: string - readOnly: + enabled: type: boolean - required: - - endpoints - - path type: object - hostPath: + remoteConfiguration: properties: - path: - type: string - type: - type: string - required: - - path + enabled: + type: boolean type: object - iscsi: + securityProfiles: properties: - chapAuthDiscovery: + enabled: type: boolean - chapAuthSession: + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: + hostPort: format: int32 type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: type: string type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal type: object - name: + originDetectionEnabled: + type: boolean + tagCardinality: type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: + unixDomainSocketConfig: properties: - claimName: - type: string - readOnly: + enabled: type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: + path: type: string - required: - - pdID type: object - portworxVolume: + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: type: string - required: - - volumeID type: object - projected: + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: + configData: + type: string + configMap: + properties: + items: + items: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + key: type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean + required: + - key + - path type: object - serviceAccountToken: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: - audience: + key: type: string - expirationSeconds: - format: int64 + mode: + format: int32 type: integer path: type: string required: + - key - path type: object - type: object - type: array + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object type: object - quobyte: + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + type: object type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: items: type: string type: array - pool: - type: string - readOnly: + x-kubernetes-list-type: set + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: + overlayFSDirectScan: type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: + uncompressedLayersSupport: type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system type: object - secret: + enabled: + type: boolean + host: properties: - defaultMode: - format: int32 - type: integer - items: + analyzers: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: + x-kubernetes-list-type: set + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath type: object - required: - - name type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer + serviceDiscovery: + properties: + enabled: + type: boolean + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crds/datadoghq.com_datadogdashboards.yaml b/crds/datadoghq.com_datadogdashboards.yaml new file mode 100644 index 000000000..6c4f9252f --- /dev/null +++ b/crds/datadoghq.com_datadogdashboards.yaml @@ -0,0 +1,239 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadogdashboards.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogDashboard + listKind: DatadogDashboardList + plural: datadogdashboards + shortNames: + - ddd + singular: datadogdashboard + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogDashboard is the Schema for the datadogdashboards API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogDashboardSpec defines the desired state of DatadogDashboard + properties: + description: + description: Description is the description of the dashboard. + type: string + layoutType: + description: LayoutType is the layout type of the dashboard. + type: string + notifyList: + description: NotifyList is the list of handles of users to notify when changes are made to this dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + reflowType: + description: |- + Reflowtype is the reflow type for a 'new dashboard layout' dashboard. Set this only when layout type is 'ordered'. + If set to 'fixed', the dashboard expects all widgets to have a layout, and if it's set to 'auto', + widgets should not have layouts. + type: string + tags: + description: Tags is a list of team names representing ownership of a dashboard. + items: + type: string + type: array + x-kubernetes-list-type: set + templateVariablePresets: + description: TemplateVariablePresets is an array of template variables saved views. + items: + description: DashboardTemplateVariablePreset Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + templateVariables: + description: List of variables. + items: + description: DashboardTemplateVariablePresetValue Template variables saved views. + properties: + name: + description: The name of the variable. + type: string + values: + description: One or many template variable values within the saved view, which will be unioned together using `OR` if more than one is specified. Cannot be used in conjunction with `value`. + items: + type: string + type: array + x-kubernetes-list-type: set + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + templateVariables: + description: TemplateVariables is a list of template variables for this dashboard. + items: + description: DashboardTemplateVariable Template variable. + properties: + availableValues: + description: The list of values that the template variable drop-down is limited to. + items: + type: string + type: array + defaults: + description: One or many default values for template variables on load. If more than one default is specified, they will be unioned together with `OR`. Cannot be used in conjunction with `default`. + items: + type: string + type: array + x-kubernetes-list-type: set + name: + description: The name of the variable. + type: string + prefix: + description: The tag prefix associated with the variable. Only tags with this prefix appear in the variable drop-down. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + title: + description: Title is the title of the dashboard. + type: string + widgets: + description: Widgets is a JSON string representation of a list of Datadog API Widgets + type: string + type: object + status: + description: DatadogDashboardStatus defines the observed state of DatadogDashboard + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogDashboard. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the dashboard was created. + format: date-time + type: string + creator: + description: Creator is the identity of the dashboard creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogDashboardSpec to know + if the Spec has changed and needs an update. + type: string + id: + description: ID is the dashboard ID generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API dashboard was last force synced with the DatadogDashboard resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the dashboard state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/crds/datadoghq.com_datadogmetrics.yaml b/crds/datadoghq.com_datadogmetrics.yaml index 8510d1b0b..2aec4afbd 100644 --- a/crds/datadoghq.com_datadogmetrics.yaml +++ b/crds/datadoghq.com_datadogmetrics.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmetrics.datadoghq.com spec: group: datadoghq.com @@ -38,10 +36,19 @@ spec: description: DatadogMetric allows autoscaling on arbitrary Datadog query properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -52,7 +59,9 @@ spec: description: ExternalMetricName is reserved for internal use type: string maxAge: - description: MaxAge provides the max age for the metric query (overrides the default setting `external_metrics_provider.max_age`) + description: |- + MaxAge provides the max age for the metric query (overrides the default setting + `external_metrics_provider.max_age`) type: string query: description: Query is the raw datadog query @@ -111,9 +120,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index a7fdfadc4..dc58b1133 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmonitors.datadoghq.com spec: group: datadoghq.com @@ -42,10 +40,19 @@ spec: description: DatadogMonitor allows to define and manage Monitors from your Kubernetes Cluster properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -75,35 +82,83 @@ spec: description: A message to include with a re-notification. type: string evaluationDelay: - description: Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. + description: |- + Time (in seconds) to delay evaluation, as a non-negative integer. For example, if the value is set to 300 (5min), + the timeframe is set to last_5m and the time is 7:00, the monitor evaluates data from 6:50 to 6:55. + This is useful for AWS CloudWatch and other backfilled metrics to ensure the monitor always has data during evaluation. format: int64 type: integer + groupbySimpleMonitor: + description: A Boolean indicating whether the log alert monitor triggers a single alert or multiple alerts when any group breaches a threshold. + type: boolean includeTags: description: A Boolean indicating whether notifications from this monitor automatically inserts its triggering tags into the title. type: boolean locked: - description: Whether or not the monitor is locked (only editable by creator and admins). + description: 'DEPRECATED: Whether or not the monitor is locked (only editable by creator and admins). Use `restricted_roles` instead.' type: boolean newGroupDelay: - description: Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of monitor results. Should be a non negative integer. + description: |- + Time (in seconds) to allow a host to boot and applications to fully start before starting the evaluation of + monitor results. Should be a non negative integer. format: int64 type: integer noDataTimeframe: - description: The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe is used for metric alerts, and 24 hours is used for service checks. + description: |- + The number of minutes before a monitor notifies after data stops reporting. Datadog recommends at least 2x the + monitor timeframe for metric alerts or 2 minutes for service checks. If omitted, 2x the evaluation timeframe + is used for metric alerts, and 24 hours is used for service checks. format: int64 type: integer + notificationPresetName: + description: An enum that toggles the display of additional content sent in the monitor notification. + type: string notifyAudit: description: A Boolean indicating whether tagged users are notified on changes to this monitor. type: boolean + notifyBy: + description: |- + A string indicating the granularity a monitor alerts on. Only available for monitors with groupings. + For instance, a monitor grouped by cluster, namespace, and pod can be configured to only notify on each new + cluster violating the alert conditions by setting notify_by to ["cluster"]. Tags mentioned in notify_by must + be a subset of the grouping tags in the query. For example, a query grouped by cluster and namespace cannot + notify on region. Setting notify_by to [*] configures the monitor to notify as a simple-alert. + items: + type: string + type: array + x-kubernetes-list-type: set notifyNoData: description: A Boolean indicating whether this monitor notifies when data stops reporting. type: boolean + onMissingData: + description: |- + An enum that controls how groups or monitors are treated if an evaluation does not return data points. + The default option results in different behavior depending on the monitor query type. + For monitors using Count queries, an empty monitor evaluation is treated as 0 and is compared to the threshold conditions. + For monitors using any query type other than Count, for example Gauge, Measure, or Rate, the monitor shows the last known status. + This option is only available for APM Trace Analytics, Audit Trail, CI, Error Tracking, Event, Logs, and RUM monitors + type: string renotifyInterval: - description: The number of minutes after the last notification before a monitor re-notifies on the current status. It only re-notifies if it’s not resolved. + description: |- + The number of minutes after the last notification before a monitor re-notifies on the current status. + It only re-notifies if it’s not resolved. + format: int64 + type: integer + renotifyOccurrences: + description: The number of times re-notification messages should be sent on the current status at the provided re-notification interval. format: int64 type: integer + renotifyStatuses: + description: The types of statuses for which re-notification messages should be sent. Valid values are alert, warn, no data. + items: + description: MonitorRenotifyStatusType The different statuses for which renotification is supported. + type: string + type: array + x-kubernetes-list-type: set requireFullWindow: - description: A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. + description: |- + A Boolean indicating whether this monitor needs a full window of data before it’s evaluated. We highly + recommend you set this to false for sparse metrics, otherwise some evaluations are skipped. Default is false. type: boolean thresholdWindows: description: A struct of the alerting time window options. @@ -150,7 +205,10 @@ spec: description: Query is the Datadog monitor query type: string restrictedRoles: - description: RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). + description: |- + RestrictedRoles is a list of unique role identifiers to define which roles are allowed to edit the monitor. + `restricted_roles` is the successor of `locked`. For more information about `locked` and `restricted_roles`, + see the [monitor options docs](https://docs.datadoghq.com/monitors/guide/monitor_api_options/#permissions-options). items: type: string type: array @@ -209,14 +267,18 @@ spec: description: Creator is the identify of the monitor creator type: string currentHash: - description: CurrentHash tracks the hash of the current DatadogMonitorSpec to know if the Spec has changed and needs an update + description: |- + CurrentHash tracks the hash of the current DatadogMonitorSpec to know + if the Spec has changed and needs an update type: string downtimeStatus: description: DowntimeStatus defines whether the monitor is downtimed properties: - downtimeId: + downtimeID: + description: DowntimeID is the downtime ID. type: integer isDowntimed: + description: IsDowntimed shows the downtime status of the monitor. type: boolean type: object id: @@ -237,16 +299,20 @@ spec: description: MonitorStateLastUpdateTime is the last time the monitor state updated format: date-time type: string - primary: - description: Primary defines whether the monitor is managed by the Kubernetes custom resource (true) or outside Kubernetes (false) - type: boolean - syncStatus: + monitorStateSyncStatus: description: MonitorStateSyncStatus shows the health of syncing the monitor state to Datadog type: string + primary: + description: |- + Primary defines whether the monitor is managed by the Kubernetes custom + resource (true) or outside Kubernetes (false) + type: boolean triggeredState: description: TriggeredState only includes details for monitor groups that are triggering items: - description: DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data + description: |- + DatadogMonitorTriggeredState represents the details of a triggering DatadogMonitor + The DatadogMonitor is triggering if one of its groups is in Alert, Warn, or No Data properties: lastTransitionTime: format: date-time @@ -270,9 +336,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crds/datadoghq.com_datadogpodautoscalers.yaml b/crds/datadoghq.com_datadogpodautoscalers.yaml new file mode 100644 index 000000000..148d84206 --- /dev/null +++ b/crds/datadoghq.com_datadogpodautoscalers.yaml @@ -0,0 +1,603 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadogpodautoscalers.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogPodAutoscaler + listKind: DatadogPodAutoscalerList + plural: datadogpodautoscalers + shortNames: + - dpa + singular: datadogpodautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.policy.applyMode + name: Apply Mode + type: string + - jsonPath: .status.conditions[?(@.type=='Active')].status + name: Active + type: string + - jsonPath: .status.conditions[?(@.type=='Error')].status + name: In Error + type: string + - jsonPath: .status.horizontal.target.desiredReplicas + name: Desired Replicas + type: integer + - jsonPath: .status.horizontal.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='HorizontalAbleToScale')].status + name: Able to Scale + type: string + - jsonPath: .status.horizontal.lastAction.time + name: Last Scale + type: date + - jsonPath: .status.vertical.target.podCPURequest + name: Target CPU Req + type: string + - jsonPath: .status.vertical.target.podMemoryRequest + name: Target Memory Req + type: string + - jsonPath: .status.vertical.target.generatedAt + name: Generated + type: date + - jsonPath: .status.conditions[?(@.type=='VerticalAbleToApply')].status + name: Able to Apply + type: string + - jsonPath: .status.vertical.lastAction.time + name: Last Trigger + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogPodAutoscaler is the Schema for the datadogpodautoscalers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogPodAutoscalerSpec defines the desired state of DatadogPodAutoscaler + properties: + constraints: + description: Constraints defines constraints that should always be respected. + properties: + containers: + description: Containers defines constraints for the containers. + items: + description: |- + DatadogPodAutoscalerContainerConstraints defines constraints that should always be respected for a container. + If no constraints are set, it enables resources scaling for all containers without any constraints. + properties: + enabled: + description: Enabled false allows to disable resources autoscaling for the container. Default to true. + type: boolean + limits: + description: Limits defines the constraints for the limits of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests of the container. + type: object + type: object + name: + description: Name is the name of the container. Can be "*" to apply to all containers. + type: string + requests: + description: Requests defines the constraints for the requests of the container. + properties: + maxAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MaxAllowed is the upper limit for the requests of the container. + type: object + minAllowed: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: MinAllowed is the lower limit for the requests of the container. + type: object + type: object + required: + - name + type: object + type: array + maxReplicas: + description: MaxReplicas is the upper limit for the number of POD replicas. Needs to be >= minReplicas. + format: int32 + type: integer + minReplicas: + description: MinReplicas is the lower limit for the number of POD replicas. Needs to be >= 1. Default to 1. + format: int32 + minimum: 1 + type: integer + required: + - maxReplicas + type: object + owner: + description: |- + Owner defines the source of truth for this object (local or remote) + Value needs to be set when a DatadogPodAutoscaler object is created. + enum: + - Local + - Remote + type: string + policy: + default: {} + description: Policy defines how recommendations should be applied. + properties: + applyMode: + default: All + description: |- + ApplyMode determines recommendations that should be applied by the controller: + - All: Apply all recommendations (regular and manual). + - Manual: Apply only manual recommendations (recommendations manually validated by user in the Datadog app). + - None: Prevent the controller to apply any recommendations. + It's also possible to selectively deactivate upscale, downscale or update actions thanks to the `Upscale`, `Downscale` and `Update` fields. + enum: + - All + - Manual + - None + type: string + downscale: + description: Downscale defines the policy to scale down the target resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules for horizontal that should be true for a certain amount of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + update: + description: Update defines the policy to update target resource. + properties: + strategy: + description: Mode defines the mode of the update policy. + enum: + - Auto + - Disabled + type: string + type: object + upscale: + description: Upscale defines the policy to scale up the target resource. + properties: + rules: + description: |- + Rules is a list of potential scaling polices which can be used during scaling. + At least one policy must be specified, otherwise the DatadogPodAutoscalerScalingPolicy will be discarded as invalid + items: + description: DatadogPodAutoscalerScalingRule define rules for horizontal that should be true for a certain amount of time. + properties: + match: + description: |- + Match defines if the rule should be considered or not in the calculation. + Default to Always if not set. + enum: + - Always + - IfScalingEvent + type: string + periodSeconds: + description: |- + PeriodSeconds specifies the window of time for which the policy should hold true. + PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + format: int32 + maximum: 1800 + minimum: 1 + type: integer + type: + description: Type is used to specify the scaling policy. + enum: + - Pods + - Percent + type: string + value: + description: |- + Value contains the amount of change which is permitted by the policy. + Setting it to 0 will prevent any scaling in this direction and should not be used unless Match is set to IfScalingEvent. + format: int32 + minimum: 0 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + strategy: + description: |- + Strategy is used to specify which policy should be used. + If not set, the default value Max is used. + enum: + - Max + - Min + - Disabled + type: string + type: object + type: object + remoteVersion: + description: |- + RemoteVersion is the version of the .Spec currently store in this object. + Only set if the owner is Remote. + format: int64 + type: integer + targetRef: + description: TargetRef is the reference to the resource to scale. + properties: + apiVersion: + description: apiVersion is the API version of the referent + type: string + kind: + description: 'kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + required: + - kind + - name + type: object + targets: + description: |- + Targets are objectives to reach and maintain for the target resource. + Default to a single target to maintain 80% POD CPU utilization. + items: + description: DatadogPodAutoscalerTarget defines the objectives to reach and maintain for the target resource. + properties: + containerResource: + description: ContainerResource allows to set a container-level resource target. + properties: + container: + description: Container is the name of the container. + type: string + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - container + - name + - value + type: object + podResource: + description: PodResource allows to set a POD-level resource target. + properties: + name: + description: Name is the name of the resource. + enum: + - cpu + type: string + value: + description: Value is the value of the target. + properties: + absolute: + anyOf: + - type: integer + - type: string + description: Absolute defines the absolute value of the target (for instance 500 millicores). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: Type specifies how the value is expressed (Absolute or Utilization). + type: string + utilization: + description: Utilization defines a percentage of the target compared to requested resource + format: int32 + maximum: 100 + minimum: 0 + type: integer + required: + - type + type: object + required: + - name + - value + type: object + type: + description: Type sets the type of the target. + enum: + - PodResource + - ContainerResource + type: string + required: + - type + type: object + type: array + x-kubernetes-list-type: atomic + required: + - owner + - targetRef + type: object + status: + description: DatadogPodAutoscalerStatus defines the observed state of DatadogPodAutoscaler + properties: + conditions: + description: Conditions describe the current state of the DatadogPodAutoscaler operations. + items: + description: DatadogPodAutoscalerCondition describes the state of DatadogPodAutoscaler. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of DatadogMetric condition. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + currentReplicas: + description: CurrentReplicas is the current number of PODs for the targetRef observed by the controller. + format: int32 + type: integer + horizontal: + description: Horizontal is the status of the horizontal scaling, if activated. + properties: + lastActions: + description: LastActions are the last successful actions done by the controller + items: + description: DatadogPodAutoscalerHorizontalAction represents an horizontal action done by the controller + properties: + limitedReason: + description: LimitedReason is the reason why the action was limited (ToReplicas != RecommendedReplicas) + type: string + recommendedReplicas: + description: RecommendedReplicas is the original number of replicas recommended by Datadog + format: int32 + type: integer + replicas: + description: FromReplicas is the number of replicas before the action + format: int32 + type: integer + time: + description: Time is the timestamp of the action + format: date-time + type: string + toReplicas: + description: ToReplicas is the effective number of replicas after the action + format: int32 + type: integer + required: + - replicas + - time + - toReplicas + type: object + type: array + target: + description: Target is the current target of the horizontal scaling + properties: + desiredReplicas: + description: Replicas is the desired number of replicas for the resource + format: int32 + type: integer + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation was generated + format: date-time + type: string + source: + description: Source is the source of the value used to scale the target resource + type: string + required: + - desiredReplicas + - source + type: object + type: object + vertical: + description: Vertical is the status of the vertical scaling, if activated. + properties: + lastAction: + description: LastAction is the last successful action done by the controller + properties: + time: + description: Time is the timestamp of the action + format: date-time + type: string + type: + description: Type is the type of action + type: string + version: + description: Version is the recommendation version used for the action + type: string + required: + - time + - type + - version + type: object + target: + description: Target is the current target of the vertical scaling + properties: + desiredResources: + description: DesiredResources is the desired resources for containers + items: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Limits describes the maximum amount of compute resources allowed. + type: object + name: + description: Name is the name of the container + type: string + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: Requests describes target resources of compute resources allowed. + type: object + required: + - name + type: object + type: array + generatedAt: + description: GeneratedAt is the timestamp at which the recommendation was generated + format: date-time + type: string + podCPURequest: + anyOf: + - type: integer + - type: string + description: PODCPURequest is the sum of CPU requests for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podMemoryRequest: + anyOf: + - type: integer + - type: string + description: PODMemoryRequest is the sum of memory requests for all containers (used for display) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + scaled: + description: Scaled is the current number of PODs having desired resources + format: int32 + type: integer + source: + description: Source is the source of the value used to scale the target resource + type: string + version: + description: Version is the current version of the received recommendation + type: string + required: + - desiredResources + - podCPURequest + - podMemoryRequest + - source + - version + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/crds/datadoghq.com_datadogslos.yaml b/crds/datadoghq.com_datadogslos.yaml index 404c7c94b..1033ce065 100644 --- a/crds/datadoghq.com_datadogslos.yaml +++ b/crds/datadoghq.com_datadogslos.yaml @@ -1,11 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogslos.datadoghq.com spec: group: datadoghq.com @@ -34,10 +32,19 @@ spec: description: DatadogSLO allows a user to define and manage datadog SLOs from Kubernetes cluster. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -51,10 +58,15 @@ spec: type: boolean type: object description: - description: Description is a user-defined description of the service level objective. Always included in service level objective responses (but may be null). Optional in create/update requests. + description: |- + Description is a user-defined description of the service level objective. + Always included in service level objective responses (but may be null). Optional in create/update requests. type: string groups: - description: Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. Included in service level objective responses if it is not empty. Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. + description: |- + Groups is a list of (up to 100) monitor groups that narrow the scope of a monitor service level objective. + Included in service level objective responses if it is not empty. + Optional in create/update requests for monitor service level objectives, but may only be used when the length of the monitor_ids field is one. items: type: string type: array @@ -70,7 +82,9 @@ spec: description: Name is the name of the service level objective. type: string query: - description: Query is the query for a metric-based SLO. Required if type is metric. Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. + description: |- + Query is the query for a metric-based SLO. Required if type is metric. + Note that only the `sum by` aggregator is allowed, which sums all request counts. `Average`, `max`, nor `min` request aggregators are not supported. properties: denominator: description: Denominator is a Datadog metric query for total (valid) events. @@ -83,7 +97,10 @@ spec: - numerator type: object tags: - description: 'Tags is a list of tags to associate with your service level objective. This can help you categorize and filter service level objectives in the service level objectives page of the UI. Note: it''s not currently possible to filter by these tags when querying via the API.' + description: |- + Tags is a list of tags to associate with your service level objective. + This can help you categorize and filter service level objectives in the service level objectives page of the UI. + Note: it's not currently possible to filter by these tags when querying via the API. items: type: string type: array @@ -120,23 +137,35 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -149,7 +178,7 @@ spec: - Unknown type: string type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -172,7 +201,9 @@ spec: description: Creator is the identity of the SLO creator. type: string currentHash: - description: CurrentHash tracks the hash of the current DatadogSLOSpec to know if the Spec has changed and needs an update. + description: |- + CurrentHash tracks the hash of the current DatadogSLOSpec to know + if the Spec has changed and needs an update. type: string id: description: ID is the SLO ID generated in Datadog. @@ -190,9 +221,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/examples/datadog/agent_on_openshift_values.yaml b/examples/datadog/agent_on_openshift_values.yaml index a95bea8c3..11d696786 100644 --- a/examples/datadog/agent_on_openshift_values.yaml +++ b/examples/datadog/agent_on_openshift_values.yaml @@ -1,11 +1,10 @@ -# Datadog Agent with Logs, APM, Processes, and System Probe enabled +# Datadog Agent with Logs, APM, and Processes # with specific configurations to work on OpenShift 4. # When installing the chart, install onto a non-default namespace with # `helm install --namespace ` due to existing SecurityContextConstraints # on the default namespace. For more details about setting appropriate security # constraints, see https://docs.datadoghq.com/integrations/openshift/ and # https://www.datadoghq.com/blog/openshift-monitoring-with-datadog/ - targetSystem: "linux" datadog: # apiKey: @@ -15,20 +14,15 @@ datadog: appKeyExistingSecret: clusterName: tags: [] - criSocketPath: /var/run/crio/crio.sock # Depending on your DNS/SSL setup, it might not be possible to verify the Kubelet cert properly # If you have proper CA, you can switch it to true kubelet: tlsVerify: false - confd: - cri.yaml: |- - init_config: - instances: - - collect_disk: true logs: enabled: false apm: - portEnabled: false + portEnabled: true + socketEnabled: false processAgent: enabled: true processCollection: false @@ -49,10 +43,4 @@ agents: clusterAgent: podSecurity: securityContextConstraints: - create: true -clusterChecksRunner: - enabled: true - replicas: 2 -kube-state-metrics: - securityContext: - enabled: false + create: true \ No newline at end of file diff --git a/examples/datadog/agent_otel_collector.yaml b/examples/datadog/agent_otel_collector.yaml new file mode 100644 index 000000000..ca711e74b --- /dev/null +++ b/examples/datadog/agent_otel_collector.yaml @@ -0,0 +1,29 @@ +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "my-hostname" +datadog: + apiKey: $DD_API_KEY + otelCollector: + enabled: true + logs: + enabled: true + containerCollectAll: true + orchestratorExplorer: + enabled: true + processAgent: + enabled: true + processCollection: true + networkMonitoring: + enabled: true + apm: + portEnabled: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true + peer_service_aggregation: true diff --git a/examples/datadog/otel_collector_config.yaml b/examples/datadog/otel_collector_config.yaml new file mode 100644 index 000000000..00e691208 --- /dev/null +++ b/examples/datadog/otel_collector_config.yaml @@ -0,0 +1,58 @@ +receivers: + prometheus: + config: + scrape_configs: + - job_name: "otel-agent" + scrape_interval: 10s + static_configs: + - targets: ["0.0.0.0:8888"] + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:4317 + http: + endpoint: 0.0.0.0:4318 +exporters: + debug: + verbosity: detailed + datadog: + api: + key: ${env:DD_API_KEY} +processors: + infraattributes: + cardinality: 2 + probabilistic_sampler: + hash_seed: 22 + sampling_percentage: 15.3 + batch: + timeout: 10s +connectors: + datadog/connector: + traces: + compute_top_level_by_span_kind: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true +extensions: + health_check: +service: + extensions: [health_check] + telemetry: + logs: + level: debug + pipelines: + traces: + receivers: [otlp] + processors: [batch] + exporters: [datadog/connector] + traces/sampled: + receivers: [otlp] + processors: [probabilistic_sampler, infraattributes, batch] + exporters: [datadog] + metrics: + receivers: [otlp, datadog/connector, prometheus] + processors: [infraattributes, batch] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog] diff --git a/repository.datadog.yml b/repository.datadog.yml index ddd5aaca6..d7d2e4d3c 100644 --- a/repository.datadog.yml +++ b/repository.datadog.yml @@ -1,19 +1,20 @@ --- schema-version: v1 kind: mergequeue -gitlab_check_enable: false +gitlab_check_enable: true github_teams_restrictions: + - action-platform - agent-all - container-app - container-ecosystems - container-helm-chart-maintainers - container-integrations - container-t2 - - Synthetics - - Documentation - - Observability Pipelines - - Telemetry and Analytics - - Vector + - synthetics + - documentation + - observability-pipelines + - telemetry-and-analytics + - vector github_users_restrictions: - cahillsf - clamoriniere diff --git a/test/.gitignore b/test/.gitignore index 22d0d82f8..9563de822 100644 --- a/test/.gitignore +++ b/test/.gitignore @@ -1 +1,2 @@ vendor +private-action-runner/*.yaml diff --git a/test/common/common.go b/test/common/common.go index 07d25354d..c060ae173 100644 --- a/test/common/common.go +++ b/test/common/common.go @@ -37,7 +37,7 @@ func RenderChart(t *testing.T, cmd HelmCommand) (string, error) { ValuesFiles: cmd.Values, } - output, err := helm.RenderTemplateE(t, options, chartPath, cmd.ReleaseName, cmd.ShowOnly) + output, err := helm.RenderTemplateE(t, options, chartPath, cmd.ReleaseName, cmd.ShowOnly, "--debug") return output, err } @@ -80,6 +80,12 @@ func CreateSecretFromEnv(t *testing.T, kubectlOptions *k8s.KubectlOptions, apiKe } } +func ReadFile(t *testing.T, filepath string) string { + fileContent, err := os.ReadFile(filepath) + require.NoError(t, err, "can't load manifest from file", "path", filepath) + return string(fileContent) +} + func LoadFromFile[T any](t *testing.T, filepath string, destObj *T) string { fileContent, err := os.ReadFile(filepath) require.NoError(t, err, "can't load manifest from file", "path", filepath) diff --git a/test/common/common_e2e.go b/test/common/common_e2e.go index de23599e6..ab8c6f38c 100644 --- a/test/common/common_e2e.go +++ b/test/common/common_e2e.go @@ -9,10 +9,10 @@ import ( "os" "strings" - "github.com/DataDog/datadog-agent/test/new-e2e/utils/infra" + "github.com/DataDog/datadog-agent/test/new-e2e/pkg/utils/infra" "github.com/DataDog/test-infra-definitions/scenarios/aws/eks" - "github.com/DataDog/datadog-agent/test/new-e2e/runner" + "github.com/DataDog/datadog-agent/test/new-e2e/pkg/runner" "github.com/pulumi/pulumi/sdk/v3/go/auto" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -23,12 +23,13 @@ import ( "k8s.io/client-go/tools/remotecommand" ) -var defaultLocalPulumiConfigs = runner.ConfigMap{ +var defaultPulumiConfigs = runner.ConfigMap{ "ddinfra:aws/defaultKeyPairName": auto.ConfigValue{Value: os.Getenv("AWS_KEYPAIR_NAME")}, } var defaultCIPulumiConfigs = runner.ConfigMap{ - "aws:skipCredentialsValidation": auto.ConfigValue{Value: "true"}, - "aws:skipMetadataApiCheck": auto.ConfigValue{Value: "false"}, + "aws:skipCredentialsValidation": auto.ConfigValue{Value: "true"}, + "aws:skipMetadataApiCheck": auto.ConfigValue{Value: "false"}, + "ddinfra:aws/defaultPrivateKeyPath": auto.ConfigValue{Value: os.Getenv("AWS_PRIVATE_KEY_FILE")}, } type E2EEnv struct { @@ -101,6 +102,7 @@ func SetupConfig() (runner.ConfigMap, error) { res := runner.ConfigMap{} configs := parseE2EConfigParams() if os.Getenv("E2E_PROFILE") == "ci" { + res.Merge(defaultPulumiConfigs) res.Merge(defaultCIPulumiConfigs) } else { // use "local" E2E profile for local testing @@ -111,7 +113,7 @@ func SetupConfig() (runner.ConfigMap, error) { if !e2eApiKeyBool || !e2eAppKeyBool || !e2eAwsKeypairNameBool { return nil, fmt.Errorf("missing required environment variables. Must set `E2E_API_KEY`, `E2E_APP_KEY`, and `AWS_KEYPAIR_NAME` for the local E2E profile") } else { - res.Merge(defaultLocalPulumiConfigs) + res.Merge(defaultPulumiConfigs) } } diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index e1aefa046..0a364f99e 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -4,11 +4,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-1.3.0' + helm.sh/chart: 'datadogCRDs-2.3.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -24,9 +23,6 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - jsonPath: .status.agent.status name: agent type: string @@ -39,7 +35,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: age type: date - name: v1alpha1 + name: v2alpha1 schema: openAPIV3Schema: properties: @@ -51,205 +47,153 @@ spec: type: object spec: properties: - agent: + features: properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: + admissionController: properties: - nodeAffinity: + agentCommunicationMode: + type: string + agentSidecarInjection: properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: + clusterAgentCommunicationEnabled: + type: boolean + enabled: + type: boolean + image: properties: - nodeSelectorTerms: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: items: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array + name: + default: "" + type: string type: object + x-kubernetes-map-type: atomic type: array - required: - - nodeSelectorTerms + tag: + type: string type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: + profiles: items: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: key: type: string - operator: + name: + default: "" type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: properties: key: type: string - operator: + name: + default: "" type: string - values: - items: - type: string - type: array + optional: + type: boolean required: - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: properties: - matchExpressions: + claims: items: properties: - key: + name: type: string - operator: + request: type: string - values: - items: - type: string - type: array required: - - key - - operator + - name type: object type: array - matchLabels: + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: + type: string + registry: + type: string + selectors: + items: + properties: namespaceSelector: properties: matchExpressions: @@ -263,101 +207,20 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + x-kubernetes-map-type: atomic + objectSelector: properties: matchExpressions: items: @@ -370,1719 +233,923 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey + x-kubernetes-map-type: atomic type: object type: array + x-kubernetes-list-type: atomic + type: object + cwsInstrumentation: + properties: + enabled: + type: boolean + mode: + type: string + type: object + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + mutation: + properties: + enabled: + type: boolean + type: object + registry: + type: string + serviceName: + type: string + validation: + properties: + enabled: + type: boolean type: object + webhookName: + type: string type: object apm: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic enabled: type: boolean - env: - items: - properties: - name: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + instrumentation: + properties: + disabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + enabledNamespaces: + items: type: string - value: + type: array + x-kubernetes-list-type: set + languageDetection: + properties: + enabled: + type: boolean + type: object + libVersions: + additionalProperties: type: string - valueFrom: - properties: - configMapKeyRef: + type: object + type: object + unixDomainSocketConfig: + properties: + enabled: + type: boolean + path: + type: string + type: object + type: object + asm: + properties: + iast: + properties: + enabled: + type: boolean + type: object + sca: + properties: + enabled: + type: boolean + type: object + threats: + properties: + enabled: + type: boolean + type: object + type: object + autoscaling: + properties: + workload: + properties: + enabled: + type: boolean + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + hostBenchmarks: + properties: + enabled: + type: boolean + type: object + type: object + cws: + properties: + customPolicies: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string type: object - failureThreshold: + type: object + enabled: + type: boolean + network: + properties: + enabled: + type: boolean + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + securityProfiles: + properties: + enabled: + type: boolean + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: format: int32 type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: properties: - host: - type: string - httpHeaders: + items: items: properties: - name: + key: type: string - value: + mode: + format: int32 + type: integer + path: type: string required: - - name - - value + - key + - path type: object type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true type: object type: object - unixDomainSocket: + originDetectionEnabled: + type: boolean + tagCardinality: + type: string + unixDomainSocketConfig: properties: enabled: type: boolean - hostFilepath: + path: type: string type: object - volumeMounts: + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + collectedEventTypes: items: properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + kind: type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic required: - - mountPath - - name + - kind + - reasons type: object type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean type: object - config: + externalMetricsServer: properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: + enabled: type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: + endpoint: properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: + credentials: properties: - configData: + apiKey: type: string - configMap: + apiSecret: properties: - fileKey: + keyName: type: string - name: + secretName: type: string + required: + - secretName type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: + appKey: type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object type: object + url: + type: string type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: key: type: string - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean required: - key + - path type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: format: int32 type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: type: boolean - livenessProbe: + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: + configData: + type: string + configMap: properties: - host: - type: string - httpHeaders: + items: items: properties: - name: + key: type: string - value: + mode: + format: int32 + type: integer + path: type: string required: - - name - - value + - key + - path type: object type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string type: object - podAnnotationsAsTags: - additionalProperties: + customResources: + items: type: string - type: object - podLabelsAsTags: - additionalProperties: + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: type: string - type: object - readinessProbe: + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + protocols: properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object type: object type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + overlayFSDirectScan: + type: boolean + uncompressedLayersSupport: + type: boolean + type: object + enabled: + type: boolean + host: + properties: + analyzers: + items: + type: string + type: array + x-kubernetes-list-type: set + enabled: + type: boolean + type: object + type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object + global: + properties: + checksTagCardinality: + type: string + clusterAgentToken: + type: string + clusterAgentTokenSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + clusterName: + type: string + containerStrategy: + type: string + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + criSocketPath: + type: string + disableNonResourceRules: + type: boolean + dockerSocketPath: + type: string + endpoint: + properties: + credentials: + properties: + apiKey: + type: string + apiSecret: properties: - localhostProfile: + keyName: type: string - type: + secretName: type: string required: - - type + - secretName type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: + appKey: + type: string + appSecret: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: + keyName: type: string - hostProcess: - type: boolean - runAsUserName: + secretName: type: string + required: + - secretName type: object type: object - tags: - items: + url: + type: string + type: object + env: + items: + properties: + name: type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: + value: + type: string + valueFrom: properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: + configMapKeyRef: properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: + key: type: string - kind: + name: + default: "" type: string - readOnly: + optional: type: boolean required: - - diskName - - diskURI + - key type: object - azureFile: + x-kubernetes-map-type: atomic + fieldRef: properties: - readOnly: - type: boolean - secretName: + apiVersion: type: string - shareName: + fieldPath: type: string required: - - secretName - - shareName + - fieldPath type: object - cephfs: + x-kubernetes-map-type: atomic + resourceFieldRef: properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: + containerName: type: string - secretRef: - properties: - name: - type: string - type: object - user: + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string required: - - monitors + - resource type: object - cinder: + x-kubernetes-map-type: atomic + secretKeyRef: properties: - fsType: + key: type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: + name: + default: "" type: string + optional: + type: boolean required: - - volumeID + - key type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + fips: + properties: + customFIPSConfig: + properties: + configData: + type: string + configMap: + properties: + items: items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: properties: - name: + key: type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: + mode: + format: int32 + type: integer + path: type: string + required: + - key + - path type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: properties: - claimName: + name: + default: "" type: string - readOnly: - type: boolean - required: - - claimName type: object - photonPersistentDisk: + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + localAddress: + type: string + port: + format: int32 + type: integer + portRange: + format: int32 + type: integer + resources: + properties: + claims: + items: properties: - fsType: + name: type: string - pdID: + request: type: string required: - - pdID + - name type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object type: object + useHTTPS: + type: boolean type: object - daemonsetName: - type: string - deploymentStrategy: + kubelet: properties: - canary: + agentCAPath: + type: string + host: properties: - autoFail: + configMapKeyRef: properties: - canaryTimeout: + key: type: string - enabled: + name: + default: "" + type: string + optional: type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: type: string + required: + - fieldPath type: object - autoPause: + x-kubernetes-map-type: atomic + resourceFieldRef: properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: type: string + required: + - resource type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: + x-kubernetes-map-type: atomic + secretKeyRef: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string + x-kubernetes-map-type: atomic type: object - reconcileFrequency: + hostCAPath: type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: + tlsVerify: + type: boolean + type: object + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: type: string + type: object type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: type: string + type: object type: object - keepAnnotations: - type: string - keepLabels: - type: string localService: properties: - forceLocalServiceEnable: + forceEnableLocalService: type: boolean - overrideName: + nameOverride: type: string type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string + logLevel: + type: string + namespaceAnnotationsAsTags: + additionalProperties: + type: string + type: object + namespaceLabelsAsTags: + additionalProperties: + type: string type: object networkPolicy: properties: @@ -2102,3860 +1169,1033 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object + x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic flavor: type: string type: object - otlp: + nodeLabelsAsTags: + additionalProperties: + type: string + type: object + originDetectionUnified: properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object + enabled: + type: boolean + type: object + podAnnotationsAsTags: + additionalProperties: + type: string + type: object + podLabelsAsTags: + additionalProperties: + type: string type: object - priorityClassName: + registry: type: string - process: + runProcessChecksInCoreAgent: + type: boolean + secretBackend: properties: args: - items: - type: string - type: array - x-kubernetes-list-type: atomic + type: string command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: + type: string + enableGlobalPermissions: type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: + roles: items: properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + namespace: type: string + secrets: + items: + type: string + type: array + x-kubernetes-list-type: set required: - - mountPath - - name + - namespace + - secrets type: object type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: + timeout: + format: int32 + type: integer + type: object + site: + type: string + tags: + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + override: + additionalProperties: + properties: + affinity: + properties: + nodeAffinity: properties: - name: - type: string - value: - type: string - valueFrom: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name + x-kubernetes-map-type: atomic type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: + podAffinity: properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - operator: + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: type: string - name: + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: + type: array + x-kubernetes-list-type: atomic + namespaceSelector: properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: + matchExpressions: + items: properties: - apiGroup: - type: string - kind: + key: type: string - name: + operator: type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - features: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - failurePolicy: - type: string - mutateUnlabelled: - type: boolean - serviceName: - type: string - webhookName: + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + annotations: + additionalProperties: type: string - type: object - apm: - properties: - enabled: - type: boolean - hostPortConfig: + type: object + containers: + additionalProperties: properties: - enabled: - type: boolean - hostPort: + appArmorProfileName: + type: string + args: + items: + type: string + type: array + x-kubernetes-list-type: atomic + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + healthPort: format: int32 type: integer - type: object - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + logLevel: type: string - type: object - type: object - clusterChecks: - properties: - enabled: - type: boolean - useClusterChecksRunners: - type: boolean - type: object - cspm: - properties: - checkInterval: - type: string - customBenchmarks: - properties: - configData: + name: type: string - configMap: + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: properties: - items: + claims: items: properties: - key: + name: type: string - mode: - format: int32 - type: integer - path: + request: type: string required: - - key - - path + - name type: object type: array x-kubernetes-list-map-keys: - - key + - name x-kubernetes-list-type: map - name: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + seccompConfig: + properties: + customProfile: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + customRootPath: type: string type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + capabilities: + properties: + add: + items: + type: string + type: array + x-kubernetes-list-type: atomic + drop: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + recursiveReadOnly: + type: string + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + - mountPath + x-kubernetes-list-type: map type: object - enabled: - type: boolean - hostBenchmarks: - properties: - enabled: - type: boolean - type: object - type: object - cws: - properties: - customPolicies: + type: object + createPodDisruptionBudget: + type: boolean + createRbac: + type: boolean + customConfigurations: + additionalProperties: properties: configData: type: string @@ -5983,665 +2223,603 @@ spec: type: string type: object type: object - enabled: - type: boolean - network: - properties: - enabled: - type: boolean - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - securityProfiles: - properties: - enabled: - type: boolean - type: object - syscallMonitorEnabled: - type: boolean - type: object - dogstatsd: - properties: - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - mapperProfiles: - properties: - configData: + type: object + disabled: + type: boolean + dnsConfig: + properties: + nameservers: + items: type: string - configMap: + type: array + x-kubernetes-list-type: atomic + options: + items: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map name: type: string + value: + type: string type: object - type: object - originDetectionEnabled: - type: boolean - tagCardinality: - type: string - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: + type: array + x-kubernetes-list-type: atomic + searches: + items: type: string - type: object - type: object - ebpfCheck: - properties: - enabled: - type: boolean - type: object - eventCollection: - properties: - collectKubernetesEvents: - type: boolean - type: object - externalMetricsServer: - properties: - enabled: - type: boolean - endpoint: + type: array + x-kubernetes-list-type: atomic + type: object + dnsPolicy: + type: string + env: + items: properties: - credentials: + name: + type: string + value: + type: string + valueFrom: properties: - apiKey: - type: string - apiSecret: + configMapKeyRef: properties: - keyName: + key: type: string - secretName: + name: + default: "" type: string + optional: + type: boolean required: - - secretName + - key type: object - appKey: - type: string - appSecret: + x-kubernetes-map-type: atomic + fieldRef: properties: - keyName: + apiVersion: type: string - secretName: + fieldPath: type: string required: - - secretName - type: object - type: object - url: - type: string - type: object - port: - format: int32 - type: integer - registerAPIService: - type: boolean - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - kubeStateMetricsCore: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - liveContainerCollection: - properties: - enabled: - type: boolean - type: object - liveProcessCollection: - properties: - enabled: - type: boolean - scrubProcessArguments: - type: boolean - stripProcessArguments: - type: boolean - type: object - logCollection: - properties: - containerCollectAll: - type: boolean - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - npm: - properties: - collectDNSStats: - type: boolean - enableConntrack: - type: boolean - enabled: - type: boolean - type: object - oomKill: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - conf: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + envFrom: + items: properties: - configData: + configMapRef: + properties: + name: + default: "" + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: type: string - configMap: + secretRef: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map name: + default: "" type: string + optional: + type: boolean type: object + x-kubernetes-map-type: atomic type: object - customResources: - items: - type: string - type: array - x-kubernetes-list-type: set - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubContainers: - type: boolean - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: + type: array + extraChecksd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: + items: + items: properties: - enabled: - type: boolean - endpoint: + key: + type: string + mode: + format: int32 + type: integer + path: type: string + required: + - key + - path type: object - http: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + extraConfd: + properties: + configDataMap: + additionalProperties: + type: string + type: object + configMap: + properties: + items: + items: properties: - enabled: - type: boolean - endpoint: + key: + type: string + mode: + format: int32 + type: integer + path: type: string + required: + - key + - path type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + hostNetwork: + type: boolean + hostPID: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + default: "" + type: string type: object - type: object - type: object - processDiscovery: - properties: - enabled: - type: boolean - type: object - prometheusScrape: - properties: - additionalConfigs: + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + labels: + additionalProperties: type: string - enableServiceEndpoints: - type: boolean - enabled: - type: boolean - version: - type: integer - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - sbom: - properties: - containerImage: - properties: - analyzers: - items: + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + priorityClassName: + type: string + replicas: + format: int32 + type: integer + securityContext: + properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + properties: + gmsaCredentialSpec: type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - enabled: - type: boolean - host: - properties: - analyzers: - items: + gmsaCredentialSpecName: type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - type: object - tcpQueueLength: - properties: - enabled: - type: boolean - type: object - usm: - properties: - enabled: - type: boolean - type: object - type: object - global: - properties: - clusterAgentToken: - type: string - clusterAgentTokenSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - clusterName: - type: string - credentials: - properties: - apiKey: + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccountAnnotations: + additionalProperties: type: string - apiSecret: + type: object + serviceAccountName: + type: string + tolerations: + items: properties: - keyName: + effect: type: string - secretName: + key: type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: + operator: type: string - secretName: + tolerationSeconds: + format: int64 + type: integer + value: type: string - required: - - secretName type: object - type: object - criSocketPath: - type: string - dockerSocketPath: - type: string - endpoint: - properties: - credentials: + type: array + x-kubernetes-list-type: atomic + updateStrategy: + properties: + rollingUpdate: + properties: + maxSurge: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: + type: string + type: object + volumes: + items: properties: - apiKey: - type: string - apiSecret: + awsElasticBlockStore: properties: - keyName: + fsType: type: string - secretName: + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: type: string required: - - secretName + - volumeID type: object - appKey: - type: string - appSecret: + azureDisk: properties: - keyName: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + default: ext4 + type: string + kind: type: string + readOnly: + default: false + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean secretName: type: string + shareName: + type: string required: - secretName + - shareName type: object - type: object - url: - type: string - type: object - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: + cephfs: properties: - key: + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean - required: - - key type: object - fieldRef: + x-kubernetes-map-type: atomic + csi: properties: - apiVersion: + driver: type: string - fieldPath: + fsType: type: string + nodePublishSecretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object required: - - fieldPath + - driver type: object - resourceFieldRef: + downwardAPI: properties: - containerName: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + emptyDir: + properties: + medium: type: string - divisor: + sizeLimit: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource type: object - secretKeyRef: + ephemeral: properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - localService: - properties: - forceEnableLocalService: - type: boolean - nameOverride: - type: string - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - registry: - type: string - site: - type: string - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - override: - additionalProperties: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + volumeClaimTemplate: properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array + metadata: type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: + spec: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: + accessModes: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: + x-kubernetes-list-type: atomic + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + type: object + resources: properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + limits: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object type: object - namespaceSelector: + selector: properties: matchExpressions: items: @@ -6654,617 +2832,461 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object - namespaces: - items: - type: string - type: array - topologyKey: + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeAttributesClassName: + type: string + volumeMode: + type: string + volumeName: type: string - required: - - topologyKey type: object - weight: - format: int32 - type: integer required: - - podAffinityTerm - - weight + - spec type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + x-kubernetes-list-type: atomic + wwids: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + default: default + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + x-kubernetes-list-type: atomic + readOnly: + type: boolean + secretRef: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + clusterTrustBundle: + properties: + labelSelector: properties: - key: - type: string - operator: - type: string - values: + matchExpressions: items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + properties: + key: type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + operator: type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: array - required: - - key - - operator + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - containers: - additionalProperties: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string + x-kubernetes-map-type: atomic name: type: string optional: type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: + path: type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: + signerName: type: string required: - - resource + - path type: object - secretKeyRef: + configMap: properties: - key: - type: string + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean - required: - - key type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + x-kubernetes-list-type: atomic + type: object + secret: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic name: + default: "" type: string - value: - type: string - required: - - name - - value + optional: + type: boolean type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - name: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: + x-kubernetes-map-type: atomic + serviceAccountToken: properties: - name: + audience: type: string - value: + expirationSeconds: + format: int64 + type: integer + path: type: string required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object + - path + type: object + type: object + type: array + x-kubernetes-list-type: atomic type: object - seccompConfig: + quobyte: properties: - customProfile: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customRootPath: + group: + type: string + readOnly: + type: boolean + registry: type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume type: object - securityContext: + rbd: properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: + fsType: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + image: + type: string + keyring: + default: /etc/ceph/keyring + type: string + monitors: + items: + type: string + type: array + x-kubernetes-list-type: atomic + pool: + default: rbd + type: string + readOnly: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + secretRef: properties: - localhostProfile: - type: string - type: + name: + default: "" type: string - required: - - type type: object - windowsOptions: + x-kubernetes-map-type: atomic + user: + default: admin + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + default: xfs + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: + name: + default: "" type: string type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + default: ThinProvisioned + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - type: object - createRbac: - type: boolean - customConfigurations: - additionalProperties: - properties: - configData: - type: string - configMap: + secret: properties: + defaultMode: + format: int32 + type: integer items: items: properties: @@ -7280,71 +3302,42 @@ spec: - path type: object type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: + x-kubernetes-list-type: atomic + optional: + type: boolean + secretName: type: string type: object - type: object - type: object - disabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: + storageos: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: + fsType: + type: string + readOnly: + type: boolean + secretRef: properties: - key: - type: string name: + default: "" type: string - optional: - type: boolean - required: - - key type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath type: object required: - name @@ -7353,1019 +3346,957 @@ spec: x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map - extraChecksd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - extraConfd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: + type: object + type: object + type: object + status: + properties: + agent: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: + type: string + daemonsetName: + type: string + desired: + format: int32 + type: integer + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + agentList: + items: + properties: + available: + format: int32 + type: integer + current: + format: int32 + type: integer + currentHash: type: string - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: + daemonsetName: type: string - replicas: + desired: format: int32 type: integer - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccountName: + lastUpdate: + format: date-time + type: string + ready: + format: int32 + type: integer + state: + type: string + status: + type: string + upToDate: + format: int32 + type: integer + required: + - available + - current + - desired + - ready + - upToDate + type: object + type: array + x-kubernetes-list-type: atomic + clusterAgent: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + clusterChecksRunner: + properties: + availableReplicas: + format: int32 + type: integer + currentHash: + type: string + deploymentName: + type: string + generatedToken: + type: string + lastUpdate: + format: date-time + type: string + readyReplicas: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + status: + type: string + unavailableReplicas: + format: int32 + type: integer + updatedReplicas: + format: int32 + type: integer + type: object + conditions: + items: + properties: + lastTransitionTime: + format: date-time type: string - tolerations: - items: + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + remoteConfigConfiguration: + properties: + features: + properties: + admissionController: properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: + agentCommunicationMode: type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumes: - items: - properties: - awsElasticBlockStore: + agentSidecarInjection: properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: + clusterAgentCommunicationEnabled: type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: + enabled: + type: boolean + image: + properties: + jmxEnabled: + type: boolean + name: + type: string + pullPolicy: + type: string + pullSecrets: + items: + properties: + name: + default: "" + type: string + type: object + x-kubernetes-map-type: atomic + type: array + tag: + type: string + type: object + profiles: + items: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + default: "" + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + resources: + properties: + claims: + items: + properties: + name: + type: string + request: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + x-kubernetes-list-type: atomic + provider: type: string - kind: + registry: type: string - readOnly: - type: boolean - required: - - diskName - - diskURI + selectors: + items: + properties: + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + objectSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + x-kubernetes-list-type: atomic type: object - azureFile: + cwsInstrumentation: properties: - readOnly: + enabled: type: boolean - secretName: - type: string - shareName: + mode: type: string - required: - - secretName - - shareName type: object - cephfs: + enabled: + type: boolean + failurePolicy: + type: string + mutateUnlabelled: + type: boolean + mutation: properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: + enabled: type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors type: object - cinder: + registry: + type: string + serviceName: + type: string + validation: properties: - fsType: - type: string - readOnly: + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID type: object - configMap: + webhookName: + type: string + type: object + apm: + properties: + enabled: + type: boolean + hostPortConfig: properties: - defaultMode: + enabled: + type: boolean + hostPort: format: int32 type: integer - items: + type: object + instrumentation: + properties: + disabledNamespaces: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - name: - type: string - optional: + x-kubernetes-list-type: set + enabled: type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: + enabledNamespaces: + items: + type: string + type: array + x-kubernetes-list-type: set + languageDetection: properties: - name: - type: string + enabled: + type: boolean type: object - readOnly: - type: boolean - volumeAttributes: + libVersions: additionalProperties: type: string type: object - required: - - driver type: object - downwardAPI: + unixDomainSocketConfig: properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array + enabled: + type: boolean + path: + type: string type: object - emptyDir: + type: object + asm: + properties: + iast: properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + enabled: + type: boolean type: object - ephemeral: + sca: properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object + enabled: + type: boolean type: object - fc: + threats: properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: + enabled: type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array type: object - flexVolume: + type: object + autoscaling: + properties: + workload: properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: + enabled: type: boolean - secretRef: + type: object + type: object + clusterChecks: + properties: + enabled: + type: boolean + useClusterChecksRunners: + type: boolean + type: object + cspm: + properties: + checkInterval: + type: string + customBenchmarks: + properties: + configData: + type: string + configMap: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: type: string type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string type: object - gcePersistentDisk: + enabled: + type: boolean + hostBenchmarks: properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: + enabled: type: boolean - required: - - pdName type: object - gitRepo: + type: object + cws: + properties: + customPolicies: properties: - directory: - type: string - repository: - type: string - revision: + configData: type: string - required: - - repository + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object type: object - glusterfs: + enabled: + type: boolean + network: properties: - endpoints: - type: string - path: - type: string - readOnly: + enabled: type: boolean - required: - - endpoints - - path type: object - hostPath: + remoteConfiguration: properties: - path: - type: string - type: - type: string - required: - - path + enabled: + type: boolean type: object - iscsi: + securityProfiles: properties: - chapAuthDiscovery: + enabled: type: boolean - chapAuthSession: + type: object + syscallMonitorEnabled: + type: boolean + type: object + dogstatsd: + properties: + hostPortConfig: + properties: + enabled: type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: + hostPort: format: int32 type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + type: object + mapperProfiles: + properties: + configData: + type: string + configMap: properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map name: type: string type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal type: object - name: + originDetectionEnabled: + type: boolean + tagCardinality: type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: + unixDomainSocketConfig: properties: - claimName: - type: string - readOnly: + enabled: type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: + path: type: string - required: - - pdID type: object - portworxVolume: + type: object + ebpfCheck: + properties: + enabled: + type: boolean + type: object + eventCollection: + properties: + collectKubernetesEvents: + type: boolean + collectedEventTypes: + items: + properties: + kind: + type: string + reasons: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - kind + - reasons + type: object + type: array + x-kubernetes-list-type: atomic + unbundleEvents: + type: boolean + type: object + externalMetricsServer: + properties: + enabled: + type: boolean + endpoint: properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: + credentials: + properties: + apiKey: + type: string + apiSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + appKey: + type: string + appSecret: + properties: + keyName: + type: string + secretName: + type: string + required: + - secretName + type: object + type: object + url: type: string - required: - - volumeID type: object - projected: + port: + format: int32 + type: integer + registerAPIService: + type: boolean + useDatadogMetrics: + type: boolean + wpaController: + type: boolean + type: object + helmCheck: + properties: + collectEvents: + type: boolean + enabled: + type: boolean + valuesAsTags: + additionalProperties: + type: string + type: object + type: object + kubeStateMetricsCore: + properties: + conf: properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: + configData: + type: string + configMap: + properties: + items: + items: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + key: type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + mode: + format: int32 + type: integer + path: type: string - optional: - type: boolean + required: + - key + - path type: object - serviceAccountToken: + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + enabled: + type: boolean + type: object + liveContainerCollection: + properties: + enabled: + type: boolean + type: object + liveProcessCollection: + properties: + enabled: + type: boolean + scrubProcessArguments: + type: boolean + stripProcessArguments: + type: boolean + type: object + logCollection: + properties: + containerCollectAll: + type: boolean + containerCollectUsingFiles: + type: boolean + containerLogsPath: + type: string + containerSymlinksPath: + type: string + enabled: + type: boolean + openFilesLimit: + format: int32 + type: integer + podLogsPath: + type: string + tempStoragePath: + type: string + type: object + npm: + properties: + collectDNSStats: + type: boolean + enableConntrack: + type: boolean + enabled: + type: boolean + type: object + oomKill: + properties: + enabled: + type: boolean + type: object + orchestratorExplorer: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: properties: - audience: + key: type: string - expirationSeconds: - format: int64 + mode: + format: int32 type: integer path: type: string required: + - key - path type: object - type: object - type: array + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object type: object - quobyte: + customResources: + items: + type: string + type: array + x-kubernetes-list-type: set + ddUrl: + type: string + enabled: + type: boolean + extraTags: + items: + type: string + type: array + x-kubernetes-list-type: set + scrubContainers: + type: boolean + type: object + otlp: + properties: + receiver: properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume + protocols: + properties: + grpc: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + http: + properties: + enabled: + type: boolean + endpoint: + type: string + hostPortConfig: + properties: + enabled: + type: boolean + hostPort: + format: int32 + type: integer + type: object + type: object + type: object type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: + type: object + processDiscovery: + properties: + enabled: + type: boolean + type: object + prometheusScrape: + properties: + additionalConfigs: + type: string + enableServiceEndpoints: + type: boolean + enabled: + type: boolean + version: + type: integer + type: object + remoteConfiguration: + properties: + enabled: + type: boolean + type: object + sbom: + properties: + containerImage: + properties: + analyzers: items: type: string type: array - pool: - type: string - readOnly: + x-kubernetes-list-type: set + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: + overlayFSDirectScan: type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: + uncompressedLayersSupport: type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system type: object - secret: + enabled: + type: boolean + host: properties: - defaultMode: - format: int32 - type: integer - items: + analyzers: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: + x-kubernetes-list-type: set + enabled: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath type: object - required: - - name type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer + serviceDiscovery: + properties: + enabled: + type: boolean + type: object + tcpQueueLength: + properties: + enabled: + type: boolean + type: object + usm: + properties: + enabled: + type: boolean + type: object + type: object type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map type: object type: object served: true storage: true subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file + status: {} \ No newline at end of file diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml deleted file mode 100644 index 2130ebff3..000000000 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_with_certManager.yaml +++ /dev/null @@ -1,8382 +0,0 @@ ---- -# Source: datadog-operator/charts/datadogCRDs/templates/datadoghq.com_datadogagents_v1.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.6.1 - cert-manager.io/inject-ca-from: datadog-agent/datadog-operator-serving-cert - creationTimestamp: null - name: datadogagents.datadoghq.com - labels: - helm.sh/chart: 'datadogCRDs-1.3.0' - app.kubernetes.io/managed-by: 'Helm' - app.kubernetes.io/name: 'datadogCRDs' - app.kubernetes.io/instance: 'datadog-operator' -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: default - name: datadog-operator-webhook-service - path: /convert - conversionReviewVersions: - - v1 - group: datadoghq.com - names: - kind: DatadogAgent - listKind: DatadogAgentList - plural: datadogagents - shortNames: - - dd - singular: datadogagent - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Active')].status - name: active - type: string - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - agent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - apm: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - checksd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - criSocket: - properties: - criSocketPath: - type: string - dockerSocketPath: - type: string - type: object - ddUrl: - type: string - dogstatsd: - properties: - dogstatsdOriginDetection: - type: boolean - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - unixDomainSocket: - properties: - enabled: - type: boolean - hostFilepath: - type: string - type: object - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - hostPort: - format: int32 - type: integer - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - leaderElection: - type: boolean - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - daemonsetName: - type: string - deploymentStrategy: - properties: - canary: - properties: - autoFail: - properties: - canaryTimeout: - type: string - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxRestartsDuration: - type: string - type: object - autoPause: - properties: - enabled: - type: boolean - maxRestarts: - format: int32 - type: integer - maxSlowStartDuration: - type: string - type: object - duration: - type: string - noRestartsDuration: - type: string - nodeAntiAffinityKeys: - items: - type: string - type: array - x-kubernetes-list-type: set - nodeSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - replicas: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - validationMode: - enum: - - auto - - manual - type: string - type: object - reconcileFrequency: - type: string - rollingUpdate: - properties: - maxParallelPodCreation: - format: int32 - type: integer - maxPodSchedulerFailure: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartAdditiveIncrease: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - slowStartIntervalDuration: - type: string - type: object - updateStrategyType: - type: string - type: object - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - localService: - properties: - forceLocalServiceEnable: - type: boolean - overrideName: - type: string - type: object - log: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - priorityClassName: - type: string - process: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - processCollectionEnabled: - type: boolean - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - security: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - compliance: - properties: - checkInterval: - type: string - configDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - enabled: - type: boolean - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtime: - properties: - enabled: - type: boolean - policiesDir: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - syscallMonitor: - properties: - enabled: - type: boolean - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - systemProbe: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - bpfDebugEnabled: - type: boolean - collectDNSStats: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - conntrackEnabled: - type: boolean - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - debugPort: - format: int32 - type: integer - enableOOMKill: - type: boolean - enableTCPQueueLength: - type: boolean - enabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secCompCustomProfileConfigMap: - type: string - secCompProfileName: - type: string - secCompRootPath: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - useExtendedDaemonset: - type: boolean - type: object - clusterAgent: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - mutateUnlabelled: - type: boolean - serviceName: - type: string - type: object - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - clusterChecksEnabled: - type: boolean - collectEvents: - type: boolean - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - confd: - properties: - configMapName: - type: string - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - externalMetrics: - properties: - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - enabled: - type: boolean - endpoint: - type: string - port: - format: int32 - type: integer - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - healthPort: - format: int32 - type: integer - logLevel: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - keepAnnotations: - type: string - keepLabels: - type: string - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterChecksRunner: - properties: - additionalAnnotations: - additionalProperties: - type: string - type: object - additionalLabels: - additionalProperties: - type: string - type: object - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - config: - properties: - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - customConfig: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - deploymentName: - type: string - enabled: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - rbac: - properties: - create: - type: boolean - serviceAccountName: - type: string - type: object - replicas: - format: int32 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiKeyExistingSecret: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appKeyExistingSecret: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - token: - type: string - useSecretBackend: - type: boolean - type: object - features: - properties: - kubeStateMetricsCore: - properties: - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - logCollection: - properties: - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - logsConfigContainerCollectAll: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - networkMonitoring: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - additionalEndpoints: - type: string - clusterCheck: - type: boolean - conf: - properties: - configData: - type: string - configMap: - properties: - fileKey: - type: string - name: - type: string - type: object - type: object - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubbing: - properties: - containers: - type: boolean - type: object - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enabled: - type: boolean - serviceEndpoints: - type: boolean - type: object - type: object - registry: - type: string - site: - type: string - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.agent.status - name: agent - type: string - - jsonPath: .status.clusterAgent.status - name: cluster-agent - type: string - - jsonPath: .status.clusterChecksRunner.status - name: cluster-checks-runner - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - features: - properties: - admissionController: - properties: - agentCommunicationMode: - type: string - enabled: - type: boolean - failurePolicy: - type: string - mutateUnlabelled: - type: boolean - serviceName: - type: string - webhookName: - type: string - type: object - apm: - properties: - enabled: - type: boolean - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - clusterChecks: - properties: - enabled: - type: boolean - useClusterChecksRunners: - type: boolean - type: object - cspm: - properties: - checkInterval: - type: string - customBenchmarks: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - hostBenchmarks: - properties: - enabled: - type: boolean - type: object - type: object - cws: - properties: - customPolicies: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - network: - properties: - enabled: - type: boolean - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - securityProfiles: - properties: - enabled: - type: boolean - type: object - syscallMonitorEnabled: - type: boolean - type: object - dogstatsd: - properties: - hostPortConfig: - properties: - enabled: - type: boolean - hostPort: - format: int32 - type: integer - type: object - mapperProfiles: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - originDetectionEnabled: - type: boolean - tagCardinality: - type: string - unixDomainSocketConfig: - properties: - enabled: - type: boolean - path: - type: string - type: object - type: object - ebpfCheck: - properties: - enabled: - type: boolean - type: object - eventCollection: - properties: - collectKubernetesEvents: - type: boolean - type: object - externalMetricsServer: - properties: - enabled: - type: boolean - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - port: - format: int32 - type: integer - registerAPIService: - type: boolean - useDatadogMetrics: - type: boolean - wpaController: - type: boolean - type: object - kubeStateMetricsCore: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - enabled: - type: boolean - type: object - liveContainerCollection: - properties: - enabled: - type: boolean - type: object - liveProcessCollection: - properties: - enabled: - type: boolean - scrubProcessArguments: - type: boolean - stripProcessArguments: - type: boolean - type: object - logCollection: - properties: - containerCollectAll: - type: boolean - containerCollectUsingFiles: - type: boolean - containerLogsPath: - type: string - containerSymlinksPath: - type: string - enabled: - type: boolean - openFilesLimit: - format: int32 - type: integer - podLogsPath: - type: string - tempStoragePath: - type: string - type: object - npm: - properties: - collectDNSStats: - type: boolean - enableConntrack: - type: boolean - enabled: - type: boolean - type: object - oomKill: - properties: - enabled: - type: boolean - type: object - orchestratorExplorer: - properties: - conf: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customResources: - items: - type: string - type: array - x-kubernetes-list-type: set - ddUrl: - type: string - enabled: - type: boolean - extraTags: - items: - type: string - type: array - x-kubernetes-list-type: set - scrubContainers: - type: boolean - type: object - otlp: - properties: - receiver: - properties: - protocols: - properties: - grpc: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - http: - properties: - enabled: - type: boolean - endpoint: - type: string - type: object - type: object - type: object - type: object - processDiscovery: - properties: - enabled: - type: boolean - type: object - prometheusScrape: - properties: - additionalConfigs: - type: string - enableServiceEndpoints: - type: boolean - enabled: - type: boolean - version: - type: integer - type: object - remoteConfiguration: - properties: - enabled: - type: boolean - type: object - sbom: - properties: - containerImage: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - enabled: - type: boolean - host: - properties: - analyzers: - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - type: boolean - type: object - type: object - tcpQueueLength: - properties: - enabled: - type: boolean - type: object - usm: - properties: - enabled: - type: boolean - type: object - type: object - global: - properties: - clusterAgentToken: - type: string - clusterAgentTokenSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - clusterName: - type: string - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - criSocketPath: - type: string - dockerSocketPath: - type: string - endpoint: - properties: - credentials: - properties: - apiKey: - type: string - apiSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - appKey: - type: string - appSecret: - properties: - keyName: - type: string - secretName: - type: string - required: - - secretName - type: object - type: object - url: - type: string - type: object - kubelet: - properties: - agentCAPath: - type: string - host: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - hostCAPath: - type: string - tlsVerify: - type: boolean - type: object - localService: - properties: - forceEnableLocalService: - type: boolean - nameOverride: - type: string - type: object - logLevel: - type: string - namespaceLabelsAsTags: - additionalProperties: - type: string - type: object - networkPolicy: - properties: - create: - type: boolean - dnsSelectorEndpoints: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - type: array - x-kubernetes-list-type: atomic - flavor: - type: string - type: object - nodeLabelsAsTags: - additionalProperties: - type: string - type: object - podAnnotationsAsTags: - additionalProperties: - type: string - type: object - podLabelsAsTags: - additionalProperties: - type: string - type: object - registry: - type: string - site: - type: string - tags: - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - override: - additionalProperties: - properties: - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - type: object - containers: - additionalProperties: - properties: - appArmorProfileName: - type: string - args: - items: - type: string - type: array - x-kubernetes-list-type: atomic - command: - items: - type: string - type: array - x-kubernetes-list-type: atomic - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - healthPort: - format: int32 - type: integer - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - logLevel: - type: string - name: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - seccompConfig: - properties: - customProfile: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - customRootPath: - type: string - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - - mountPath - x-kubernetes-list-type: map - type: object - type: object - createRbac: - type: boolean - customConfigurations: - additionalProperties: - properties: - configData: - type: string - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - type: object - disabled: - type: boolean - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - extraChecksd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - extraConfd: - properties: - configDataMap: - additionalProperties: - type: string - type: object - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - name: - type: string - type: object - type: object - hostNetwork: - type: boolean - hostPID: - type: boolean - image: - properties: - jmxEnabled: - type: boolean - name: - type: string - pullPolicy: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - tag: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - priorityClassName: - type: string - replicas: - format: int32 - type: integer - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccountName: - type: string - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - x-kubernetes-list-type: atomic - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: object - type: object - status: - properties: - agent: - properties: - available: - format: int32 - type: integer - current: - format: int32 - type: integer - currentHash: - type: string - daemonsetName: - type: string - desired: - format: int32 - type: integer - lastUpdate: - format: date-time - type: string - ready: - format: int32 - type: integer - state: - type: string - status: - type: string - upToDate: - format: int32 - type: integer - required: - - available - - current - - desired - - ready - - upToDate - type: object - clusterAgent: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - clusterChecksRunner: - properties: - availableReplicas: - format: int32 - type: integer - currentHash: - type: string - deploymentName: - type: string - generatedToken: - type: string - lastUpdate: - format: date-time - type: string - readyReplicas: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - status: - type: string - unavailableReplicas: - format: int32 - type: integer - updatedReplicas: - format: int32 - type: integer - type: object - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - maxLength: 32768 - type: string - observedGeneration: - format: int64 - minimum: 0 - type: integer - reason: - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - enum: - - "True" - - "False" - - Unknown - type: string - type: - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index 3b4bc62ee..a1e2c5a8e 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.4.1 + helm.sh/chart: datadog-operator-2.5.1 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.3.0" + app.kubernetes.io/version: "1.11.1" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.3.0" + image: "gcr.io/datadoghq/operator:1.11.1" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -46,16 +46,21 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_TOOL_VERSION + value: helm args: - "-supportExtendedDaemonset=false" - "-logEncoder=json" - "-metrics-addr=:8383" - "-loglevel=info" - "-operatorMetricsEnabled=true" - - "-webhookEnabled=false" + - "-introspectionEnabled=false" + - "-datadogAgentProfileEnabled=false" - "-datadogMonitorEnabled=false" - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" + - "-datadogDashboardEnabled=false" + - "-remoteConfigEnabled=false" ports: - name: metrics containerPort: 8383 diff --git a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml b/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml deleted file mode 100644 index 6684fe392..000000000 --- a/test/datadog-operator/baseline/Operator_Deployment_with_certManager.yaml +++ /dev/null @@ -1,81 +0,0 @@ ---- -# Source: datadog-operator/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: datadog-operator - namespace: datadog-agent - labels: - app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-1.4.1 - app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.3.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: datadog-operator - app.kubernetes.io/instance: datadog-operator - template: - metadata: - labels: - app.kubernetes.io/name: datadog-operator - app.kubernetes.io/instance: datadog-operator - annotations: - ad.datadoghq.com/datadog-operator.check_names: '["openmetrics"]' - ad.datadoghq.com/datadog-operator.init_configs: '[{}]' - ad.datadoghq.com/datadog-operator.instances: | - [{ - "prometheus_url": "http://%%host%%:8383/metrics", - "namespace": "datadog.operator", - "metrics": ["*"] - }] - spec: - serviceAccountName: datadog-operator - containers: - - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.3.0" - imagePullPolicy: IfNotPresent - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - args: - - "-supportExtendedDaemonset=false" - - "-logEncoder=json" - - "-metrics-addr=:8383" - - "-loglevel=info" - - "-operatorMetricsEnabled=true" - - "-webhookEnabled=true" - - "-datadogMonitorEnabled=false" - - "-datadogAgentEnabled=true" - - "-datadogSLOEnabled=false" - ports: - - name: metrics - containerPort: 8383 - protocol: TCP - - name: webhook - containerPort: 9443 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz/ - port: 8081 - periodSeconds: 10 - resources: - {} - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: datadog-operator-webhook-server-cert \ No newline at end of file diff --git a/test/datadog-operator/baseline_test.go b/test/datadog-operator/baseline_test.go index ef2e4b984..46e863dbd 100644 --- a/test/datadog-operator/baseline_test.go +++ b/test/datadog-operator/baseline_test.go @@ -32,22 +32,6 @@ func Test_baseline_manifests(t *testing.T) { assertions: verifyOperatorDeployment, skipTest: SkipTest, }, - { - name: "Operator Deployment with cert manager enabled", - command: common.HelmCommand{ - ReleaseName: "datadog-operator", - ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{"templates/deployment.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.useCertManager": "true", - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "true", - }, - }, - baselineManifestPath: "./baseline/Operator_Deployment_with_certManager.yaml", - assertions: verifyOperatorDeployment, - skipTest: SkipTest, - }, { name: "DatadogAgent CRD default", command: common.HelmCommand{ @@ -62,23 +46,6 @@ func Test_baseline_manifests(t *testing.T) { assertions: verifyDatadogAgent, skipTest: SkipTest, }, - { - name: "DatadogAgent CRD with cert manager enabled", - command: common.HelmCommand{ - ReleaseName: "datadog-operator", - ChartPath: "../../charts/datadog-operator", - // datadogCRDs is an alias defined in the chart dependency - ShowOnly: []string{"charts/datadogCRDs/templates/datadoghq.com_datadogagents_v1.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.useCertManager": "true", - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "true", - }, - }, - baselineManifestPath: "./baseline/DatadogAgent_CRD_with_certManager.yaml", - assertions: verifyDatadogAgent, - skipTest: SkipTest, - }, } for _, tt := range tests { diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 45c3d3fa0..9c6ffa94c 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -3,10 +3,11 @@ package datadog_operator import ( "testing" - "github.com/DataDog/helm-charts/test/common" "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" + + "github.com/DataDog/helm-charts/test/common" ) // This test will produce two renderings for two versions of DatadogAgent. @@ -44,69 +45,60 @@ func Test_operator_chart(t *testing.T) { skipTest: SkipTest, }, { - name: "Verify Operator 1.0 cert secret name", + name: "Rendering all does not fail", command: common.HelmCommand{ - ReleaseName: "random-string-as-release-name", + ReleaseName: "datadog-operator", ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{"templates/deployment.yaml"}, + ShowOnly: []string{}, Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.useCertManager": "true", - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "true", - }, + Overrides: map[string]string{}, }, - assertions: verifyDeploymentCertSecretName, + assertions: verifyAll, skipTest: SkipTest, }, { - name: "Verify Operator 1.0 conversionWebhook.enabled=true", + name: "livenessProbe is correctly configured", command: common.HelmCommand{ - ReleaseName: "random-string-as-release-name", + ReleaseName: "datadog-operator", ChartPath: "../../charts/datadog-operator", ShowOnly: []string{"templates/deployment.yaml"}, Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "true", - }, + Overrides: map[string]string{}, }, - assertions: verifyConversionWebhookEnabledTrue, + assertions: verifyLivenessProbe, skipTest: SkipTest, }, { - name: "Verify Operator 1.0 conversionWebhook.enabled=false", + name: "livenessProbe is correctly overriden", command: common.HelmCommand{ - ReleaseName: "random-string-as-release-name", + ReleaseName: "datadog-operator", ChartPath: "../../charts/datadog-operator", ShowOnly: []string{"templates/deployment.yaml"}, Values: []string{"../../charts/datadog-operator/values.yaml"}, Overrides: map[string]string{ - "datadogCRDs.migration.datadogAgents.conversionWebhook.enabled": "false", + "livenessProbe.timeoutSeconds": "20", + "livenessProbe.periodSeconds": "20", + "livenessProbe.failureThreshold": "3", }, }, - assertions: verifyConversionWebhookEnabledFalse, - skipTest: SkipTest, - }, - { - name: "Verify Operator 1.0 conversionWebhook.enabled default", - command: common.HelmCommand{ - ReleaseName: "random-string-as-release-name", - ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{"templates/deployment.yaml"}, - Values: []string{"../../charts/datadog-operator/values.yaml"}, - }, - assertions: verifyConversionWebhookEnabledFalse, + assertions: verifyLivenessProbeOverride, skipTest: SkipTest, }, { - name: "Rendering all does not fail", + name: "Watch namespaces correctly set", command: common.HelmCommand{ ReleaseName: "datadog-operator", ChartPath: "../../charts/datadog-operator", - ShowOnly: []string{}, + ShowOnly: []string{"templates/deployment.yaml"}, Values: []string{"../../charts/datadog-operator/values.yaml"}, - Overrides: map[string]string{}, + Overrides: map[string]string{ + "watchNamespaces": "{common1,common2}", + "watchNamespacesAgent": "{dda-ns}", + "watchNamespacesMonitor": "{monitor-ns}", + "watchNamespacesSLO": "{}", + }, }, - assertions: verifyAll, + assertions: verifyWatchNamespaces, skipTest: SkipTest, }, } @@ -126,44 +118,60 @@ func Test_operator_chart(t *testing.T) { func verifyDeployment(t *testing.T, manifest string) { var deployment appsv1.Deployment common.Unmarshal(t, manifest, &deployment) - assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.3.0", operatorContainer.Image) - assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") + assert.Equal(t, "gcr.io/datadoghq/operator:1.11.1", operatorContainer.Image) + assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") + assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") +} + +func verifyAll(t *testing.T, manifest string) { + assert.True(t, manifest != "") } -func verifyDeploymentCertSecretName(t *testing.T, manifest string) { +func verifyLivenessProbe(t *testing.T, manifest string) { var deployment appsv1.Deployment common.Unmarshal(t, manifest, &deployment) - - var mode = int32(420) - assert.Contains(t, deployment.Spec.Template.Spec.Volumes, v1.Volume{ - Name: "cert", - VolumeSource: v1.VolumeSource{ - Secret: &v1.SecretVolumeSource{ - DefaultMode: &mode, - SecretName: "random-string-as-release-name-webhook-server-cert", - }, - }, - }) + assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) + operatorContainer := deployment.Spec.Template.Spec.Containers[0] + assert.Equal(t, "/healthz/", operatorContainer.LivenessProbe.HTTPGet.Path) } -func verifyConversionWebhookEnabledTrue(t *testing.T, manifest string) { +func verifyLivenessProbeOverride(t *testing.T, manifest string) { var deployment appsv1.Deployment common.Unmarshal(t, manifest, &deployment) + assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] - assert.Contains(t, operatorContainer.Args, "-webhookEnabled=true") + assert.Equal(t, "/healthz/", operatorContainer.LivenessProbe.HTTPGet.Path) + assert.Equal(t, int32(20), operatorContainer.LivenessProbe.PeriodSeconds) + assert.Equal(t, int32(20), operatorContainer.LivenessProbe.TimeoutSeconds) + assert.Equal(t, int32(3), operatorContainer.LivenessProbe.FailureThreshold) } -func verifyConversionWebhookEnabledFalse(t *testing.T, manifest string) { +func verifyWatchNamespaces(t *testing.T, manifest string) { var deployment appsv1.Deployment common.Unmarshal(t, manifest, &deployment) + assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] - assert.Contains(t, operatorContainer.Args, "-webhookEnabled=false") + watchNsEnv := FindEnvVarByName(operatorContainer.Env, "WATCH_NAMESPACE") + agentNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_AGENT_WATCH_NAMESPACE") + monitorNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_MONITOR_WATCH_NAMESPACE") + sloNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_SLO_WATCH_NAMESPACE") + dapNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_AGENT_PROFILE_WATCH_NAMESPACE") + + assert.Equal(t, "common1,common2", watchNsEnv.Value) + assert.Equal(t, "dda-ns", agentNsEnv.Value) + assert.Equal(t, "monitor-ns", monitorNsEnv.Value) + assert.Equal(t, "", sloNsEnv.Value) + assert.Nil(t, dapNsEnv) } -func verifyAll(t *testing.T, manifest string) { - assert.True(t, manifest != "") +func FindEnvVarByName(envs []v1.EnvVar, name string) *v1.EnvVar { + for i, env := range envs { + if env.Name == name { + return &envs[i] + } + } + return nil } diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml new file mode 100644 index 000000000..d14249794 --- /dev/null +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -0,0 +1,192 @@ +--- +# Source: datadog/templates/agent-clusterchecks-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-clusterchecks + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: clusterchecks-agent + +spec: + replicas: 2 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-clusterchecks + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: clusterchecks-agent + admission.datadoghq.com/enabled: "false" + app: datadog-clusterchecks + + name: datadog-clusterchecks + annotations: + checksum/clusteragent_token: 37a2772ca63263767c6e7068e0045e49adbc15740749bda902e911cd80f1b43a + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + spec: + serviceAccountName: datadog-cluster-checks + automountServiceAccountToken: true + imagePullSecrets: + [] + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for writing agent config files + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for writing datadog.yaml config file + resources: + {} + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.61.0" + command: ["bash", "-c"] + args: + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run + imagePullPolicy: IfNotPresent + env: + + - name: KUBERNETES + value: "yes" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks" + - name: DD_HEALTH_PORT + value: "5557" + # Cluster checks (cluster-agent communication) + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + # Safely run alongside the daemonset + - name: DD_ENABLE_METADATA_COLLECTION + value: "false" + # Expose CLC stats + - name: DD_CLC_RUNNER_ENABLED + value: "true" + - name: DD_CLC_RUNNER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DD_CLC_RUNNER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # Remove unused features + - name: DD_USE_DOGSTATSD + value: "false" + - name: DD_PROCESS_AGENT_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_APM_ENABLED + value: "false" + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + + + resources: + {} + volumeMounts: + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumes: + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the runners on different nodes if possible + # for better checks stability in case of node failure. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml new file mode 100644 index 000000000..54b4028fb --- /dev/null +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -0,0 +1,271 @@ +--- +# Source: datadog/templates/cluster-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: cluster-agent + +spec: + replicas: 1 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-cluster-agent + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + + name: datadog-cluster-agent + annotations: + checksum/clusteragent_token: 406b54942cb117c07edbdf779143465270e695ae181ac7cb1510d7f51938bcba + checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a + checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + spec: + serviceAccountName: datadog-cluster-agent + automountServiceAccountToken: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.61.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + containers: + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.61.0" + imagePullPolicy: IfNotPresent + resources: + {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" + + + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent + volumes: + - name: datadogrun + emptyDir: {} + - name: varlog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: confd + configMap: + name: datadog-cluster-agent-confd + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the cluster agents on different nodes + # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml new file mode 100644 index 000000000..e16a33377 --- /dev/null +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -0,0 +1,285 @@ +--- +# Source: datadog/templates/cluster-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: cluster-agent + +spec: + replicas: 1 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-cluster-agent + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + + name: datadog-cluster-agent + annotations: + checksum/clusteragent_token: 795ee1c256c20770693733bfa713d5614c1eea95d15e8141b6fa8a4894f81557 + checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a + checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + spec: + serviceAccountName: datadog-cluster-agent + automountServiceAccountToken: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.61.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + containers: + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.61.0" + imagePullPolicy: IfNotPresent + resources: + {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" + + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.52.0 + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"},{"name":"DD_TAGS","value":"key1:value1 key2:value2"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent + volumes: + - name: datadogrun + emptyDir: {} + - name: varlog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: confd + configMap: + name: datadog-cluster-agent-confd + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the cluster agents on different nodes + # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml new file mode 100644 index 000000000..90137e113 --- /dev/null +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -0,0 +1,281 @@ +--- +# Source: datadog/templates/cluster-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: cluster-agent + +spec: + replicas: 1 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-cluster-agent + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + + name: datadog-cluster-agent + annotations: + checksum/clusteragent_token: 4a9ef7efc38cb1ca3eebf80fe91e7447283866158f242d3e1f6f4fcde674bf0e + checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a + checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b + checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + spec: + serviceAccountName: datadog-cluster-agent + automountServiceAccountToken: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.61.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + containers: + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.61.0" + imagePullPolicy: IfNotPresent + resources: + {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" + + + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: fargate + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.61.0 + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent + volumes: + - name: datadogrun + emptyDir: {} + - name: varlog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: confd + configMap: + name: datadog-cluster-agent-confd + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the cluster agents on different nodes + # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml new file mode 100644 index 000000000..b664d3644 --- /dev/null +++ b/test/datadog/baseline/daemonset_default.yaml @@ -0,0 +1,427 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + + name: datadog + annotations: + checksum/clusteragent_token: c456fcb1ef3669e17f99562f9daff2c69a0b63a382b597db38525e2169dff3da + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + hostPID: true + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + - name: trace-agent + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + resources: + {} + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: "/var/run/datadog/apm.socket" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml new file mode 100644 index 000000000..c8612e188 --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -0,0 +1,280 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: bea41cde459ee76a26104fde88acde58e9cddfd64e19dde2f473bd471617a9bf + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..1a809c125 --- /dev/null +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,301 @@ +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + env.datadoghq.com/kind: gke-gdc +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + annotations: + checksum/clusteragent_token: b876b950a97ece20cb3ec3849c48e7b38822786a117db182b10fcef4fd038fcb + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks endpointschecks" + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + + - name: pointerdir + mountPath: /opt/datadog-agent/run + mountPropagation: None + readOnly: false # Need RW for logs pointer + - name: logpodpath + mountPath: /var/log/pods + mountPropagation: None + readOnly: true + - name: logscontainerspath + mountPath: /var/log/containers + mountPropagation: None + readOnly: true + - name: kubelet-cert-volume + mountPath: /certs + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - secret: + secretName: datadog-kubelet-cert + name: kubelet-cert-volume + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml new file mode 100644 index 000000000..f6b4161bc --- /dev/null +++ b/test/datadog/baseline/other_default.yaml @@ -0,0 +1,1693 @@ +--- +# Source: datadog/templates/agent-clusterchecks-pdb.yaml +apiVersion: "policy/v1" +kind: PodDisruptionBudget +metadata: + name: datadog-clusterchecks + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + maxUnavailable: 1 + selector: + matchLabels: + app: datadog-clusterchecks +--- +# Source: datadog/templates/cluster-agent-pdb.yaml +apiVersion: "policy/v1" +kind: PodDisruptionBudget +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + minAvailable: 1 + selector: + matchLabels: + app: datadog-cluster-agent +--- +# Source: datadog/templates/agent-clusterchecks-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app: "datadog" + chart: "datadog-3.88.0" + heritage: "Helm" + release: "datadog" + name: datadog-cluster-checks + namespace: datadog-agent +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + labels: + app: "datadog" + chart: "datadog-3.88.0" + heritage: "Helm" + release: "datadog" + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +--- +# Source: datadog/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" # end range $role := .Values.datadog.secretBackend.roles +--- +# Source: datadog/templates/secret-cluster-agent-token.yaml +apiVersion: v1 +kind: Secret +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +type: Opaque +data: + token: "T0UwV1F3NzlTTjlVaDJzekhrSGdZczc1VnQzYThTMnY=" +--- +# Source: datadog/templates/cluster-agent-confd-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: datadog-cluster-agent-confd + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + annotations: + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a +data: + kubernetes_state_core.yaml.default: |- + cluster_check: true + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + skip_leader_election: true + labels_as_tags: + {} + annotations_as_tags: + {} + kubernetes_apiserver.yaml: |- + init_config: + instances: + - filtering_enabled: false + unbundle_events: false +--- +# Source: datadog/templates/install_info-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: datadog-installinfo + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + annotations: + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 +data: + install_info: | + --- + install_method: + tool: helm + tool_version: Helm + installer_version: datadog-3.88.0 +--- +# Source: datadog/templates/kpi-telemetry-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +data: + install_type: k8s_manual + install_id: "3e55a44e-ebf1-4c36-9d60-8d5a88c2c279" + install_time: "1736806509" +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRole +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: +- apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: ["quota.openshift.io"] + resources: + - clusterresourcequotas + verbs: + - get + - list +- apiGroups: + - "autoscaling" + resources: + - horizontalpodautoscalers + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadogtoken # Kubernetes event collection state + - datadogtoken # Kept for backward compatibility with agent <7.37.0 + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - datadog-leader-election # Leader election token + - datadog-leader-election # Kept for backward compatibility with agent <7.37.0 + verbs: + - get + - update +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + resourceNames: + - datadog-leader-election # Leader election token + verbs: + - get + - update +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create +- apiGroups: # To create the leader election token and hpa events + - "" + resources: + - configmaps + - events + verbs: + - create +- nonResourceURLs: + - "/version" + - "/healthz" + verbs: + - get +- apiGroups: # to get the kube-system namespace UID and generate a cluster ID + - "" + resources: + - namespaces + resourceNames: + - "kube-system" + verbs: + - get +- apiGroups: # To create the cluster-id configmap + - "" + resources: + - configmaps + resourceNames: + - "datadog-cluster-id" + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch +- apiGroups: + - "apps" + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch +- apiGroups: + - "batch" + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch +- apiGroups: + - "rbac.authorization.k8s.io" + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch +- apiGroups: + - "storage.k8s.io" + resources: + - storageclasses + verbs: + - list + - get + - watch +- apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + resourceNames: + - "datadog-webhook" + verbs: ["get", "list", "watch", "update", "delete"] +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: ["create"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["get"] +- apiGroups: ["apps"] + resources: ["statefulsets", "replicasets", "deployments", "daemonsets"] + verbs: ["get"] +- apiGroups: + - "security.openshift.io" + resources: + - securitycontextconstraints + verbs: + - use + resourceNames: + - datadog-cluster-agent + - hostnetwork +--- +# Source: datadog/templates/kube-state-metrics-core-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRole +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +# Source: datadog/templates/rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRole +metadata: + name: datadog + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +rules: +- nonResourceURLs: + - "/metrics" + - "/metrics/slis" + verbs: + - get +- apiGroups: # Kubelet connectivity + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get +- apiGroups: # leader election check + - "" + resources: + - endpoints + verbs: + - get +- apiGroups: + - "security.openshift.io" + resources: + - securitycontextconstraints + verbs: + - use + resourceNames: + - datadog + - hostaccess + - privileged +- apiGroups: # leader election check + - "coordination.k8s.io" + resources: + - leases + verbs: + - get +--- +# Source: datadog/templates/agent-clusterchecks-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-checks +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog-cluster-checks + namespace: datadog-agent +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +# Source: datadog/templates/kube-state-metrics-core-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-checks + namespace: datadog-agent +--- +# Source: datadog/templates/rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: ClusterRoleBinding +metadata: + name: datadog + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: Role +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "update", "create"] +--- +# Source: datadog/templates/dca-helm-values-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: Role +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +# Source: datadog/templates/cluster-agent-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: RoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: "datadog-cluster-agent-main" + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +# Source: datadog/templates/dca-helm-values-rbac.yaml +apiVersion: "rbac.authorization.k8s.io/v1" +kind: RoleBinding +metadata: + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +# Source: datadog/templates/agent-services.yaml +apiVersion: v1 +kind: Service +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + type: ClusterIP + selector: + app: datadog-cluster-agent + ports: + - port: 5005 + name: agentport + protocol: TCP +--- +# Source: datadog/templates/agent-services.yaml +apiVersion: v1 +kind: Service +metadata: + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent + labels: + app: "datadog" + chart: "datadog-3.88.0" + release: "datadog" + heritage: "Helm" + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + selector: + app: datadog-cluster-agent + ports: + - port: 443 + targetPort: 8000 + name: datadog-webhook + protocol: TCP +--- +# Source: datadog/templates/agent-services.yaml +apiVersion: v1 +kind: Service + +metadata: + name: datadog + namespace: datadog-agent + labels: + app: "datadog" + chart: "datadog-3.88.0" + release: "datadog" + heritage: "Helm" + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" +spec: + selector: + app: datadog + ports: + - protocol: UDP + port: 8125 + targetPort: 8125 + name: dogstatsdport + - protocol: TCP + port: 8126 + targetPort: 8126 + name: traceport + internalTrafficPolicy: Local +--- +# Source: datadog/templates/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: datadog + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: agent + +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: agent + admission.datadoghq.com/enabled: "false" + app: datadog + + name: datadog + annotations: + checksum/clusteragent_token: 8b856ec67f8792fa8141d5d88a721a5155de2227792a4c61fd221b5c6689df5d + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b + checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a + spec: + + securityContext: + runAsUser: 0 + hostPID: true + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["agent", "run"] + + resources: + {} + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + + + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: "low" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "endpointschecks" + + - name: DD_IGNORE_AUTOCONF + value: "kubernetes_state" + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + volumeMounts: + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW to write to /tmp directory + + - name: os-release-file + mountPath: /host/etc/os-release + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW to mount to config path + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: false # Need RW to write auth token + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + - name: trace-agent + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] + resources: + {} + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: "/var/run/datadog/apm.socket" + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: true + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: auth-token + mountPath: /etc/datadog-agent/auth + readOnly: true + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: None + readOnly: true + - name: tmpdir + mountPath: /tmp + readOnly: false # Need RW for tmp directory + - name: dsdsocket + mountPath: /var/run/datadog + readOnly: false # Need RW for UDS DSD socket + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for config path + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: + - bash + - -c + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + - name: logdatadog + mountPath: /var/log/datadog + readOnly: false # Need RW to write logs + - name: procdir + mountPath: /host/proc + mountPropagation: None + readOnly: true + + - name: runtimesocketdir + mountPath: /host/var/run + mountPropagation: None + readOnly: true + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + + resources: + {} + volumes: + - name: auth-token + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + + - name: logdatadog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: s6-run + emptyDir: {} + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + tolerations: + affinity: + {} + serviceAccountName: "datadog" + automountServiceAccountToken: true + nodeSelector: + kubernetes.io/os: linux + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +# Source: datadog/templates/agent-clusterchecks-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-clusterchecks + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: clusterchecks-agent + +spec: + replicas: 2 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-clusterchecks + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: clusterchecks-agent + admission.datadoghq.com/enabled: "false" + app: datadog-clusterchecks + + name: datadog-clusterchecks + annotations: + checksum/clusteragent_token: 3653c2cfb1aae823a7f36aedc8380741670bfb9f18758132cb208d45d1cd0b6b + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + spec: + serviceAccountName: datadog-cluster-checks + automountServiceAccountToken: true + imagePullSecrets: + [] + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - cp -r /etc/datadog-agent /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + readOnly: false # Need RW for writing agent config files + resources: + {} + - name: init-config + image: "gcr.io/datadoghq/agent:7.61.0" + imagePullPolicy: IfNotPresent + command: ["bash", "-c"] + args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + volumeMounts: + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for writing datadog.yaml config file + resources: + {} + containers: + - name: agent + image: "gcr.io/datadoghq/agent:7.61.0" + command: ["bash", "-c"] + args: + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run + imagePullPolicy: IfNotPresent + env: + + - name: KUBERNETES + value: "yes" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "clusterchecks" + - name: DD_HEALTH_PORT + value: "5557" + # Cluster checks (cluster-agent communication) + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + # Safely run alongside the daemonset + - name: DD_ENABLE_METADATA_COLLECTION + value: "false" + # Expose CLC stats + - name: DD_CLC_RUNNER_ENABLED + value: "true" + - name: DD_CLC_RUNNER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DD_CLC_RUNNER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + # Remove unused features + - name: DD_USE_DOGSTATSD + value: "false" + - name: DD_PROCESS_AGENT_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_APM_ENABLED + value: "false" + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + + + resources: + {} + volumeMounts: + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: config + mountPath: /etc/datadog-agent + readOnly: false # Need RW for config path + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumes: + - name: installinfo + configMap: + name: datadog-installinfo + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the runners on different nodes if possible + # for better checks stability in case of node failure. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux +--- +# Source: datadog/templates/cluster-agent-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: datadog-cluster-agent + namespace: datadog-agent + labels: + helm.sh/chart: 'datadog-3.88.0' + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "7" + app.kubernetes.io/component: cluster-agent + +spec: + replicas: 1 + revisionHistoryLimit: 10 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + selector: + matchLabels: + app: datadog-cluster-agent + template: + metadata: + labels: + app.kubernetes.io/name: "datadog" + app.kubernetes.io/instance: "datadog" + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: cluster-agent + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + + name: datadog-cluster-agent + annotations: + checksum/clusteragent_token: 42324d7b2e100268673aa3a6b356ff7b191a437d121680f69bd6f00761336c22 + checksum/clusteragent-configmap: c0fbaef09d8f108962e862318211303e8039aed3e6e95697fc23cb2c3894e5ea + checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 + spec: + serviceAccountName: datadog-cluster-agent + automountServiceAccountToken: true + initContainers: + - name: init-volume + image: "gcr.io/datadoghq/cluster-agent:7.61.0" + imagePullPolicy: IfNotPresent + command: + - cp + - -r + args: + - /etc/datadog-agent + - /opt + volumeMounts: + - name: config + mountPath: /opt/datadog-agent + containers: + - name: cluster-agent + image: "gcr.io/datadoghq/cluster-agent:7.61.0" + imagePullPolicy: IfNotPresent + resources: + {} + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + name: "datadog-secret" + key: api-key + optional: true + + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: "datadog-webhook" + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: "Ignore" + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: "gcr.io/datadoghq" + + + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: "kube_endpoints kube_services" + - name: DD_EXTRA_LISTENERS + value: "kube_endpoints kube_services" + - name: DD_LOG_LEVEL + value: "INFO" + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: "configmap" + - name: DD_LEADER_LEASE_DURATION + value: "15" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: datadog-cluster-agent + key: token + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: "datadog" + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_time + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_id + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + name: datadog-kpi-telemetry-configmap + key: install_type + + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - name: datadogrun + mountPath: /opt/datadog-agent/run + readOnly: false + - name: varlog + mountPath: /var/log/datadog + readOnly: false + - name: tmpdir + mountPath: /tmp + readOnly: false + - name: installinfo + subPath: install_info + mountPath: /etc/datadog-agent/install_info + readOnly: true + - name: confd + mountPath: /conf.d + readOnly: true + - name: config + mountPath: /etc/datadog-agent + volumes: + - name: datadogrun + emptyDir: {} + - name: varlog + emptyDir: {} + - name: tmpdir + emptyDir: {} + - name: installinfo + configMap: + name: datadog-installinfo + - name: confd + configMap: + name: datadog-cluster-agent-confd + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + - name: config + emptyDir: {} + affinity: + # Prefer scheduling the cluster agents on different nodes + # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + nodeSelector: + kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go new file mode 100644 index 000000000..baf66fe53 --- /dev/null +++ b/test/datadog/baseline_test.go @@ -0,0 +1,231 @@ +package datadog + +import ( + "bufio" + "io" + "strings" + "testing" + + "github.com/DataDog/helm-charts/test/common" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/yaml" +) + +func Test_baseline_manifests(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + baselineManifestPath string + assertions func(t *testing.T, baselineManifestPath, manifest string) + }{ + { + name: "Daemonset default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + }, + }, + baselineManifestPath: "./baseline/daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "DCA Deployment default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{}, + }, + baselineManifestPath: "./baseline/cluster-agent-deployment_default.yaml", + assertions: verifyDeployment, + }, + { + name: "DCA Deployment default with minimal AC sidecar injection", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_fargateMinimal.yaml"}, + Overrides: map[string]string{}, + }, + baselineManifestPath: "./baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml", + assertions: verifyDeployment, + }, + { + name: "DCA Deployment default with advanced AC sidecar injection", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_advanced.yaml"}, + Overrides: map[string]string{}, + }, + baselineManifestPath: "./baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml", + assertions: verifyDeployment, + }, + { + name: "CLC Deployment default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/agent-clusterchecks-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.kubeStateMetricsCore.useClusterCheckRunners": "true", + "datadog.clusterChecks.enabled": "true", + "clusterChecksRunner.enabled": "true", + }}, + baselineManifestPath: "./baseline/agent-clusterchecks-deployment_default.yaml", + assertions: verifyDeployment, + }, + { + name: "Other resources, skips Deployment, DaemonSet, Secret; creates PDBs", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.kubeStateMetricsCore.useClusterCheckRunners": "true", + "datadog.clusterChecks.enabled": "true", + "clusterChecksRunner.enabled": "true", + // Create PDB for DCA and CLC + "clusterAgent.createPodDisruptionBudget": "true", + "clusterChecksRunner.createPodDisruptionBudget": "true", + }}, + baselineManifestPath: "./baseline/other_default.yaml", + assertions: verifyUntypedResources, + }, + { + name: "GDC DaemonSet default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", + assertions: verifyDaemonset, + }, + { + name: "GDC DaemonSet logs collection enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", + assertions: verifyDaemonset, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + t.Log("update baselines", common.UpdateBaselines) + if common.UpdateBaselines { + common.WriteToFile(t, tt.baselineManifestPath, manifest) + } + tt.assertions(t, tt.baselineManifestPath, manifest) + }) + } +} + +func verifyDaemonset(t *testing.T, baselineManifestPath, manifest string) { + verifyBaseline(t, baselineManifestPath, manifest, appsv1.DaemonSet{}, appsv1.DaemonSet{}) +} + +func verifyDeployment(t *testing.T, baselineManifestPath, manifest string) { + verifyBaseline(t, baselineManifestPath, manifest, appsv1.Deployment{}, appsv1.Deployment{}) +} + +func verifyBaseline[T any](t *testing.T, baselineManifestPath, manifest string, baseline, actual T) { + common.Unmarshal(t, manifest, &actual) + common.LoadFromFile(t, baselineManifestPath, &baseline) + + // Exclude + // - "helm.sh/chart" label + // - checksum annotations + // - Image + // to avoid frequent baseline update and CI failures. + ops := make(cmp.Options, 0) + ops = append(ops, cmpopts.IgnoreMapEntries(func(k, v string) bool { + return k == "helm.sh/chart" || k == "checksum/clusteragent_token" || strings.Contains(k, "checksum") + })) + ops = append(ops, cmpopts.IgnoreFields(corev1.Container{}, "Image")) + + assert.True(t, cmp.Equal(baseline, actual, ops), cmp.Diff(baseline, actual)) +} + +func verifyUntypedResources(t *testing.T, baselineManifestPath, actual string) { + baselineManifest := common.ReadFile(t, baselineManifestPath) + + rB := bufio.NewReader(strings.NewReader(baselineManifest)) + baselineReader := yaml.NewYAMLReader(rB) + rA := bufio.NewReader(strings.NewReader(actual)) + expectedReader := yaml.NewYAMLReader(rA) + + for { + baselineResource, errB := baselineReader.Read() + actualResource, errA := expectedReader.Read() + if errB == io.EOF || errA == io.EOF { + break + } + require.NoError(t, errB, "couldn't read resource from manifest", baselineManifest) + require.NoError(t, errA, "couldn't read resource from manifest", actual) + + // unmarshal as map since this can be any resource + var expected, actual map[string]interface{} + yaml.Unmarshal(baselineResource, &expected) + yaml.Unmarshal(actualResource, &actual) + + assert.Equal(t, expected["kind"], actual["kind"]) + kind := expected["kind"] + if kind == "Deployment" || kind == "DaemonSet" || kind == "Secret" { + continue + } + + ops := make(cmp.Options, 0) + ops = append(ops, cmpopts.IgnoreMapEntries(func(k string, v any) bool { + // skip these as these change frequently + t.Log(k, v) + return k == "helm.sh/chart" || k == "token" || strings.Contains(k, "checksum") || + k == "Image" || k == "install_id" || k == "install_time" + })) + + assert.True(t, cmp.Equal(expected, actual, ops), cmp.Diff(expected, actual)) + } +} diff --git a/test/datadog/dca_AC_sidecar_test.go b/test/datadog/dca_AC_sidecar_test.go new file mode 100644 index 000000000..d2c483956 --- /dev/null +++ b/test/datadog/dca_AC_sidecar_test.go @@ -0,0 +1,164 @@ +package datadog + +import ( + "encoding/json" + "testing" + + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/DataDog/helm-charts/test/common" +) + +const ( + DDSidecarEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED" + DDSidecarClusterAgentEnabled = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED" + DDSidecarProvider = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER" + DDSidecarRegistry = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY" + DDSidecarImageName = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME" + DDSidecarImageTag = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG" + DDSidecarSelectors = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS" + DDSidecarProfiles = "DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES" +) + +func Test_admissionControllerConfig(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "AC sidecar injection, minimal Fargate config", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_fargateMinimal.yaml"}, + Overrides: map[string]string{ + // "clusterAgent.admissionController.enabled": "true", + // "clusterAgent.admissionController.agentSidecarInjection.enabled": "true", + }, + }, + assertions: verifyDeploymentFargateMinimal, + }, + { + name: "AC sidecar injection, advanced config", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", + "./manifests/dca_AC_sidecar_advanced.yaml"}, + Overrides: map[string]string{}, + }, + assertions: verifyDeploymentAdvancedConfig, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +// V1 structs are for the current scope +type Selector struct { + ObjectSelector metav1.LabelSelector `json:"objectSelector,omitempty"` + NamespaceSelector metav1.LabelSelector `json:"namespaceSelector,omitempty"` +} + +type ProfileOverride struct { + EnvVars []corev1.EnvVar `json:"env,omitempty"` + ResourceRequirements corev1.ResourceRequirements `json:"resources,omitempty"` +} + +func verifyDeploymentFargateMinimal(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + dcaContainer := deployment.Spec.Template.Spec.Containers[0] + + acConfigEnv := selectEnvVars(dcaContainer.Env) + + assert.Equal(t, "true", acConfigEnv[DDSidecarEnabled]) + assert.Equal(t, "true", acConfigEnv[DDSidecarClusterAgentEnabled]) + assert.Equal(t, "fargate", acConfigEnv[DDSidecarProvider]) + // Default will be set by DCA + assert.Empty(t, acConfigEnv[DDSidecarRegistry]) + assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) + // chart default, so commenting out + // assert.Equal(t, "7.55.1", acConfigEnv[DDSidecarImageTag]) + assert.Empty(t, acConfigEnv[DDSidecarSelectors]) + assert.Empty(t, acConfigEnv[DDSidecarProfiles]) +} + +func verifyDeploymentAdvancedConfig(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + dcaContainer := deployment.Spec.Template.Spec.Containers[0] + + acConfigEnv := selectEnvVars(dcaContainer.Env) + + assert.Equal(t, "true", acConfigEnv[DDSidecarEnabled]) + assert.Equal(t, "false", acConfigEnv[DDSidecarClusterAgentEnabled]) + assert.Empty(t, acConfigEnv[DDSidecarProvider]) + assert.Equal(t, "gcr.io/datadoghq", acConfigEnv[DDSidecarRegistry]) + assert.Equal(t, "agent", acConfigEnv[DDSidecarImageName]) + assert.Equal(t, "7.52.0", acConfigEnv[DDSidecarImageTag]) + assert.NotEmpty(t, acConfigEnv[DDSidecarSelectors]) + assert.NotEmpty(t, acConfigEnv[DDSidecarProfiles]) + + selectorsAsString := acConfigEnv[DDSidecarSelectors] + profilesAsString := acConfigEnv[DDSidecarProfiles] + + var selectors []Selector + err := json.Unmarshal([]byte(selectorsAsString), &selectors) + assert.Nil(t, err) + selector := selectors[0] + assert.Equal(t, "nodeless", selector.ObjectSelector.MatchLabels["runsOn"]) + assert.Equal(t, "nginx", selector.ObjectSelector.MatchLabels["app"]) + assert.Equal(t, "true", selector.NamespaceSelector.MatchLabels["agentSidecars"]) + + var profiles []ProfileOverride + err = json.Unmarshal([]byte(profilesAsString), &profiles) + assert.Nil(t, err) + profile := profiles[0] + assert.Equal(t, "DD_ORCHESTRATOR_EXPLORER_ENABLED", profile.EnvVars[0].Name) + assert.Equal(t, "false", profile.EnvVars[0].Value) + assert.Equal(t, "DD_TAGS", profile.EnvVars[1].Name) + // Agent expects space-separated pairs + assert.Equal(t, "key1:value1 key2:value2", profile.EnvVars[1].Value) + assert.Equal(t, "1", profile.ResourceRequirements.Requests.Cpu().String()) + assert.Equal(t, "512Mi", profile.ResourceRequirements.Requests.Memory().String()) + assert.Equal(t, "2", profile.ResourceRequirements.Limits.Cpu().String()) + assert.Equal(t, "1Gi", profile.ResourceRequirements.Limits.Memory().String()) +} + +func selectEnvVars(envVars []corev1.EnvVar) map[string]string { + acConfoigNames := []string{ + DDSidecarEnabled, + DDSidecarClusterAgentEnabled, + DDSidecarProvider, + DDSidecarRegistry, + DDSidecarImageName, + DDSidecarImageTag, + DDSidecarSelectors, + DDSidecarProfiles, + } + + selection := map[string]string{} + + for _, envVar := range envVars { + for _, name := range acConfoigNames { + if envVar.Name == name { + selection[name] = envVar.Value + } + } + } + return selection +} diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go new file mode 100644 index 000000000..b8b2ecf98 --- /dev/null +++ b/test/datadog/gdc_test.go @@ -0,0 +1,90 @@ +package datadog + +import ( + "fmt" + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "testing" +) + +var allowedHostPaths = map[string]interface{}{ + "/var/datadog/logs": nil, + "/var/log/pods": nil, + "/var/log/containers": nil, +} + +func Test_gdcConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.logs.enabled": "true", + "agents.image.doNotCheckTag": "true", + "datadog.logs.containerCollectAll": "true", + "datadog.logs.containerCollectUsingFiles": "true", + "datadog.logs.autoMultiLineDetection": "true", + "providers.gke.gdc": "true", + }, + }, + assertions: verifyDaemonsetGDCMinimal, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { + var ds appsv1.DaemonSet + common.Unmarshal(t, manifest, &ds) + agentContainer := &corev1.Container{} + + assert.Equal(t, 1, len(ds.Spec.Template.Spec.Containers)) + + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Name == "agent" { + agentContainer = &container + } + } + + assert.NotNil(t, agentContainer) + + var validHostPath = true + for _, volume := range ds.Spec.Template.Spec.Volumes { + if volume.HostPath != nil { + _, validHostPath = allowedHostPaths[volume.HostPath.Path] + assert.True(t, validHostPath, fmt.Sprintf("DaemonSet has restricted hostPath mounted: %s ", volume.HostPath.Path)) + } + } + + validPorts := true + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Ports != nil { + for _, port := range container.Ports { + if port.HostPort > 0 { + validPorts = false + break + } + } + } + } + assert.True(t, validPorts, "Daemonset has restricted hostPort mounted.") +} diff --git a/test/datadog/manifests/dca_AC_sidecar_advanced.yaml b/test/datadog/manifests/dca_AC_sidecar_advanced.yaml new file mode 100644 index 000000000..10404420b --- /dev/null +++ b/test/datadog/manifests/dca_AC_sidecar_advanced.yaml @@ -0,0 +1,31 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + agentSidecarInjection: + enabled: true + clusterAgentCommunicationEnabled: false + containerRegistry: gcr.io/datadoghq + imageName: agent + imageTag: 7.52.0 + selectors: + - objectSelector: + matchLabels: + "runsOn": nodeless + "app": nginx + namespaceSelector: + matchLabels: + agentSidecars: "true" + profiles: + - env: + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "false" + - name: DD_TAGS + value: "key1:value1 key2:value2" + resources: + requests: + cpu: "1" + memory: "512Mi" + limits: + cpu: "2" + memory: "1024Mi" \ No newline at end of file diff --git a/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml b/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml new file mode 100644 index 000000000..9dbd3a20a --- /dev/null +++ b/test/datadog/manifests/dca_AC_sidecar_fargateMinimal.yaml @@ -0,0 +1,8 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + clusterAgentCommunicationEnabled: false + agentSidecarInjection: + enabled: true + provider: fargate diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go new file mode 100644 index 000000000..10946f82d --- /dev/null +++ b/test/datadog/process_agent_test.go @@ -0,0 +1,487 @@ +package datadog + +import ( + "testing" + + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + + "github.com/DataDog/helm-charts/test/common" +) + +const ( + DDProcessCollectionEnabled = "DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED" + DDContainerCollectionEnabled = "DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED" + DDProcessDiscoveryEnabled = "DD_PROCESS_AGENT_DISCOVERY_ENABLED" + DDStripProcessArgs = "DD_STRIP_PROCESS_ARGS" + DDProcessRunInCoreAgentEnabled = "DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED" + DDSystemProbeEnabled = "DD_SYSTEM_PROBE_ENABLED" + DDNetworkMonitoringEnabled = "DD_SYSTEM_PROBE_NETWORK_ENABLED" + DDOrchestratorEnabled = "DD_ORCHESTRATOR_EXPLORER_ENABLED" + DDLanguageDetectionEnabled = "DD_LANGUAGE_DETECTION_ENABLED" +) + +func Test_processAgentConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "checks in process agent -- linux", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + }, + }, + assertions: verifyDaemonsetProcessAgentChecks, + }, + { + name: "checks in process agent -- windows", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "targetSystem": "windows", + }, + }, + assertions: verifyDaemonsetWindowsProcessAgentChecks, + }, + { + name: "no checks -- linux", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.processCollection": "false", + "datadog.processAgent.containerCollection": "false", + "datadog.processAgent.processDiscovery": "false", + "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.processAgent.runInCoreAgent": "false", + }, + }, + assertions: verifyChecksOff, + }, + { + name: "only network monitoring enabled", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.processCollection": "false", + "datadog.processAgent.containerCollection": "false", + "datadog.processAgent.processDiscovery": "false", + "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.networkMonitoring.enabled": "true", + "datadog.processAgent.runInCoreAgent": "false", + }, + }, + assertions: verifyOnlyNetworkMonitoringEnabled, + }, + { + name: "enable process checks in core agent -- linux", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.60.0", + }, + }, + assertions: verifyLinuxRunInCoreAgent, + }, + { + name: "enable process checks in core agent -- windows", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "targetSystem": "windows", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.60.0", + }, + }, + assertions: verifyDaemonsetWindowsProcessAgentChecks, + }, + { + name: "orchestrator enabled - latest version", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.processCollection": "false", + "datadog.processAgent.containerCollection": "false", + "datadog.processAgent.processDiscovery": "false", + "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.orchestratorExplorer.enabled": "true", + "datadog.processAgent.runInCoreAgent": "false", + }, + }, + assertions: verifyOrchestratorEnabledLatest, + }, + { + name: "orchestrator enabled - old version", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.processCollection": "false", + "datadog.processAgent.containerCollection": "false", + "datadog.processAgent.processDiscovery": "false", + "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.orchestratorExplorer.enabled": "true", + "agents.image.tag": "7.50.0", + }, + }, + assertions: verifyOrchestratorEnabledOld, + }, + { + name: "enable process checks in core agent -- old version", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.52.0", + }, + }, + assertions: verifyLinuxRunInCoreAgentOld, + }, + { + name: "enable process checks in core agent -- do not check image tag", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.doNotCheckTag": "true", + }, + }, + assertions: verifyLinuxRunInCoreAgentOld, + }, + { + name: "enable process checks in core agent -- env var override", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml", "values/process-run-in-core-envvars.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + "agents.image.doNotCheckTag": "true", + "datadog.processAgent.processCollection": "true", + }, + }, + assertions: verifyLinuxRunInCoreAgent, + }, + { + name: "language detection on process agent", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.56", + "datadog.apm.instrumentation.language_detection.enabled": "true", + "datadog.apm.instrumentation.enabled": "true", + }, + }, + assertions: verifyLanguageDetectionInProcessAgent, + }, + { + name: "language detection on core agent", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "datadog.processAgent.processCollection": "true", + "agents.image.tag": "7.60.0", + "datadog.apm.instrumentation.language_detection.enabled": "true", + "datadog.apm.instrumentation.enabled": "true", + }, + }, + assertions: verifyLanguageDetectionInCoreAgent, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetProcessAgentChecks(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled]) + assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func verifyDaemonsetWindowsProcessAgentChecks(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "", coreEnvs[DDProcessRunInCoreAgentEnabled]) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "", processEnvs[DDProcessRunInCoreAgentEnabled]) +} + +func verifyLinuxRunInCoreAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "true", coreEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", coreEnvs[DDStripProcessArgs]) + assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyLanguageDetectionInCoreAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "true", coreEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", coreEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", coreEnvs[DDStripProcessArgs]) + assert.Equal(t, "true", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", coreEnvs[DDLanguageDetectionEnabled]) + assert.True(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyLanguageDetectionInProcessAgent(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assert.Equal(t, "true", processEnvs[DDContainerCollectionEnabled]) + assert.Equal(t, "true", processEnvs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", processEnvs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", processEnvs[DDStripProcessArgs]) + assert.Equal(t, "false", processEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", processEnvs[DDLanguageDetectionEnabled]) + assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func verifyChecksOff(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertFalseCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyOnlyNetworkMonitoringEnabled(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertFalseCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertFalseCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", processEnvs[DDSystemProbeEnabled]) + assert.Equal(t, "true", processEnvs[DDNetworkMonitoringEnabled]) + assert.False(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func verifyOrchestratorEnabledLatest(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertFalseCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", coreEnvs[DDOrchestratorEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + _, ok = getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.False(t, ok) +} + +func verifyOrchestratorEnabledOld(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertFalseCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", coreEnvs[DDOrchestratorEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertFalseCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.Equal(t, "true", processEnvs[DDOrchestratorEnabled]) + assert.False(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func verifyLinuxRunInCoreAgentOld(t *testing.T, manifest string) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(coreAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, coreEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.False(t, getPasswdMount(t, coreAgentContainer.VolumeMounts)) + + processAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "process-agent") + assert.True(t, ok) + processEnvs := getEnvVarMap(processAgentContainer.Env) + assertDefaultCommonProcessEnvs(t, processEnvs) + assert.Equal(t, "false", coreEnvs[DDProcessRunInCoreAgentEnabled]) + assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) +} + +func getContainer(t *testing.T, containers []corev1.Container, name string) (corev1.Container, bool) { + for _, container := range containers { + if container.Name == name { + return container, true + } + } + return corev1.Container{}, false +} + +func assertDefaultCommonProcessEnvs(t *testing.T, envs map[string]string) { + assert.Equal(t, "true", envs[DDContainerCollectionEnabled]) + assert.Equal(t, "false", envs[DDProcessCollectionEnabled]) + assert.Equal(t, "true", envs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", envs[DDStripProcessArgs]) +} + +func assertFalseCommonProcessEnvs(t *testing.T, envs map[string]string) { + assert.Equal(t, "false", envs[DDContainerCollectionEnabled]) + assert.Equal(t, "false", envs[DDProcessCollectionEnabled]) + assert.Equal(t, "false", envs[DDProcessDiscoveryEnabled]) + assert.Equal(t, "false", envs[DDStripProcessArgs]) +} + +func getPasswdMount(t *testing.T, volumeMounts []corev1.VolumeMount) bool { + for _, vm := range volumeMounts { + if vm.Name == "passwd" { + return true + } + } + return false +} + +func getEnvVarMap(envVars []corev1.EnvVar) map[string]string { + envVarMap := map[string]string{} + for _, envVar := range envVars { + envVarMap[envVar.Name] = envVar.Value + } + return envVarMap +} diff --git a/test/datadog/testdatadog_test.go b/test/datadog/testmain_test.go similarity index 100% rename from test/datadog/testdatadog_test.go rename to test/datadog/testmain_test.go diff --git a/test/datadog/values/process-run-in-core-envvars.yaml b/test/datadog/values/process-run-in-core-envvars.yaml new file mode 100644 index 000000000..3401bac9a --- /dev/null +++ b/test/datadog/values/process-run-in-core-envvars.yaml @@ -0,0 +1,10 @@ +agents: + containers: + agent: + env: + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + processAgent: + env: + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" diff --git a/test/datadog/e2e_eks_test.go b/test/e2e/datadog/e2e_eks_test.go similarity index 80% rename from test/datadog/e2e_eks_test.go rename to test/e2e/datadog/e2e_eks_test.go index 20252896d..0bf2e1f4f 100644 --- a/test/datadog/e2e_eks_test.go +++ b/test/e2e/datadog/e2e_eks_test.go @@ -1,17 +1,21 @@ +//go:build e2e +// +build e2e + package datadog import ( "fmt" "testing" - "github.com/DataDog/datadog-agent/test/new-e2e/runner" - "github.com/DataDog/helm-charts/test/common" + "github.com/DataDog/datadog-agent/test/new-e2e/pkg/runner" "github.com/pulumi/pulumi/sdk/v3/go/auto" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" + + "github.com/DataDog/helm-charts/test/common" ) const namespace = "datadog" @@ -30,8 +34,6 @@ func Test_E2E_AgentOnEKS(t *testing.T) { "ddtestworkload:deploy": auto.ConfigValue{Value: "false"}, "ddinfra:aws/eks/linuxBottlerocketNodeGroup": auto.ConfigValue{Value: "false"}, "ddinfra:aws/eks/windowsNodeGroup": auto.ConfigValue{Value: "false"}, - // TODO: remove when upstream eks-pulumi bug is fixed https://github.com/pulumi/pulumi-eks/pull/886 - "pulumi:disable-default-providers": auto.ConfigValue{Value: "[]"}, } stackConfig.Merge(config) @@ -48,14 +50,14 @@ func Test_E2E_AgentOnEKS(t *testing.T) { kc := kubeconfig.Value.(map[string]interface{}) _, restConfig, k8sClient, err = common.NewClientFromKubeconfig(kc) if err == nil { - verifyPods(t) + t.Run("Agent pods should be created", verifyPods) } } else { err = fmt.Errorf("could not create Kubernetes client, cluster kubeconfig is nil") } } if err != nil { - t.Skipf("Skipping test. Encountered problem creating or updating E2E stack: %s", err) + t.Errorf("Skipping tests. Encountered problem creating or updating E2E stack: %s", err) } } @@ -79,10 +81,15 @@ func verifyPods(t *testing.T) { RestConfig: restConfig, } - assertPodStatus(t, podExec, ddaPodList, "agent") - assertPodStatus(t, podExec, dcaPodList, "cluster-agent") - assertPodStatus(t, podExec, ccPodList, "agent") - + t.Run("exec `agent status` for `agent` pod should not error", func(t *testing.T) { + assertPodStatus(t, podExec, ddaPodList, "agent") + }) + t.Run("`exec `agent status` for `cluster-agent` pod should not error", func(t *testing.T) { + assertPodStatus(t, podExec, dcaPodList, "cluster-agent") + }) + t.Run("exec `agent status` for `cluster-check-runner` pod should not error", func(t *testing.T) { + assertPodStatus(t, podExec, ccPodList, "agent") + }) } func assertPodStatus(t *testing.T, podExec common.K8sExec, podList *v1.PodList, containerName string) { diff --git a/test/e2e/datadog/testdatadog_test.go b/test/e2e/datadog/testdatadog_test.go new file mode 100644 index 000000000..8610597a8 --- /dev/null +++ b/test/e2e/datadog/testdatadog_test.go @@ -0,0 +1,13 @@ +package datadog + +import ( + "os" + "testing" + + "github.com/DataDog/helm-charts/test/common" +) + +func TestMain(m *testing.M) { + common.ParseArgs() + os.Exit(m.Run()) +} diff --git a/test/go.mod b/test/go.mod index f1ab19e33..a74f5e3ac 100644 --- a/test/go.mod +++ b/test/go.mod @@ -1,78 +1,94 @@ module github.com/DataDog/helm-charts/test -go 1.20 +go 1.21 require ( - github.com/DataDog/datadog-agent/test/new-e2e v0.0.0-20230629135515-95256463c610 - github.com/DataDog/test-infra-definitions v0.0.0-20230629072331-ca7799ab15ca - github.com/google/go-cmp v0.5.9 - github.com/gruntwork-io/terratest v0.43.0 - github.com/pulumi/pulumi/sdk/v3 v3.73.0 - github.com/stretchr/testify v1.8.4 - k8s.io/api v0.27.3 + github.com/DataDog/datadog-agent/test/new-e2e v0.50.2 + github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49 + github.com/google/go-cmp v0.6.0 + github.com/gruntwork-io/terratest v0.46.16 + github.com/pulumi/pulumi/sdk/v3 v3.99.0 + github.com/stretchr/testify v1.9.0 + k8s.io/api v0.28.4 k8s.io/apiextensions-apiserver v0.23.5 - k8s.io/apimachinery v0.27.3 - k8s.io/client-go v0.27.3 + k8s.io/apimachinery v0.28.4 + k8s.io/client-go v0.28.4 ) require ( + dario.cat/mergo v1.0.0 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 // indirect - github.com/acomagu/bufpipe v1.0.4 // indirect + github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect - github.com/alessio/shellescape v1.4.1 // indirect + github.com/alessio/shellescape v1.4.2 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect - github.com/aws/aws-sdk-go v1.44.122 // indirect - github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.27 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect - github.com/aws/aws-sdk-go-v2/service/ecs v1.27.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect - github.com/aws/aws-sdk-go-v2/service/ssm v1.36.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect - github.com/aws/smithy-go v1.13.5 // indirect + github.com/atotto/clipboard v0.1.4 // indirect + github.com/aws/aws-sdk-go v1.44.298 // indirect + github.com/aws/aws-sdk-go-v2 v1.24.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.25.10 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.16.8 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ecs v1.35.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect + github.com/aws/aws-sdk-go-v2/service/ssm v1.44.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.18.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.26.1 // indirect + github.com/aws/smithy-go v1.19.0 // indirect + github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/charmbracelet/bubbles v0.16.1 // indirect + github.com/charmbracelet/bubbletea v0.24.2 // indirect + github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/cheggaaa/pb v1.0.29 // indirect - github.com/cloudflare/circl v1.3.3 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect + github.com/cloudflare/circl v1.3.7 // indirect + github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/djherbis/times v1.5.0 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect + github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.4.1 // indirect - github.com/go-git/go-git/v5 v5.7.0 // indirect - github.com/go-logr/logr v1.2.3 // indirect + github.com/go-git/go-billy/v5 v5.5.0 // indirect + github.com/go-git/go-git/v5 v5.12.0 // indirect + github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-sql-driver/mysql v1.4.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/glog v1.1.1 // indirect + github.com/golang/glog v1.1.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/gonvenience/bunt v1.3.5 // indirect + github.com/gonvenience/neat v1.3.12 // indirect + github.com/gonvenience/term v1.0.2 // indirect + github.com/gonvenience/text v1.0.7 // indirect + github.com/gonvenience/wrap v1.1.2 // indirect + github.com/gonvenience/ytbx v1.4.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/uuid v1.5.0 // indirect github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect - github.com/gruntwork-io/go-commons v0.8.0 // indirect + github.com/gruntwork-io/go-commons v0.17.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/hcl/v2 v2.17.0 // indirect + github.com/homeport/dyff v1.6.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -80,74 +96,91 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect + github.com/kr/fs v0.1.0 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-runewidth v0.0.14 // indirect - github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect + github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-localereader v0.0.1 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mattn/go-zglob v0.0.3 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/mitchellh/hashstructure v1.1.0 // indirect github.com/moby/spdystream v0.2.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect + github.com/muesli/cancelreader v0.2.2 // indirect + github.com/muesli/reflow v0.3.0 // indirect + github.com/muesli/termenv v0.15.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nxadm/tail v1.4.8 // indirect github.com/opentracing/basictracer-go v1.1.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect + github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/pkg/sftp v1.13.6 // indirect github.com/pkg/term v1.1.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/otp v1.2.0 // indirect - github.com/pulumi/pulumi-aws/sdk/v5 v5.41.0 // indirect - github.com/pulumi/pulumi-awsx/sdk v1.0.2 // indirect - github.com/pulumi/pulumi-command/sdk v0.7.2 // indirect + github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect + github.com/pulumi/esc v0.6.2 // indirect + github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0 // indirect + github.com/pulumi/pulumi-awsx/sdk v1.0.6 // indirect + github.com/pulumi/pulumi-command/sdk v0.9.2 // indirect github.com/pulumi/pulumi-docker/sdk/v3 v3.6.1 // indirect - github.com/pulumi/pulumi-eks/sdk v1.0.1 // indirect - github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.29.1 // indirect - github.com/pulumi/pulumi-random/sdk/v4 v4.13.2 // indirect + github.com/pulumi/pulumi-eks/sdk v1.0.4 // indirect + github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.30.2 // indirect + github.com/pulumi/pulumi-random/sdk/v4 v4.13.4 // indirect github.com/rivo/uniseg v0.4.4 // indirect - github.com/rogpeppe/go-internal v1.10.0 // indirect + github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect - github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 // indirect - github.com/sergi/go-diff v1.3.1 // indirect - github.com/skeema/knownhosts v1.1.1 // indirect + github.com/samber/lo v1.38.1 // indirect + github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect + github.com/skeema/knownhosts v1.2.2 // indirect github.com/spf13/cast v1.5.1 // indirect - github.com/spf13/cobra v1.7.0 // indirect + github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/texttheater/golang-levenshtein v1.0.1 // indirect github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect - github.com/urfave/cli v1.22.2 // indirect + github.com/urfave/cli/v2 v2.10.3 // indirect + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect + github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect github.com/zclconf/go-cty v1.13.2 // indirect go.uber.org/atomic v1.11.0 // indirect - golang.org/x/crypto v0.10.0 // indirect - golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect - golang.org/x/mod v0.11.0 // indirect - golang.org/x/net v0.11.0 // indirect - golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sys v0.9.0 // indirect - golang.org/x/term v0.9.0 // indirect - golang.org/x/text v0.10.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.10.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect + golang.org/x/mod v0.14.0 // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/oauth2 v0.11.0 // indirect + golang.org/x/sync v0.5.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.15.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect - google.golang.org/grpc v1.56.0 // indirect - google.golang.org/protobuf v1.30.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + google.golang.org/grpc v1.59.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.90.1 // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect + k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect - sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600 // indirect ) diff --git a/test/go.sum b/test/go.sum index 527feca58..6acda2f4d 100644 --- a/test/go.sum +++ b/test/go.sum @@ -36,6 +36,8 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= @@ -47,27 +49,31 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/datadog-agent/test/new-e2e v0.0.0-20230629135515-95256463c610 h1:5fbeQTdzvcf64tnyz2FDOgPX/3ynuXCQMzGM5Ka/6AY= -github.com/DataDog/datadog-agent/test/new-e2e v0.0.0-20230629135515-95256463c610/go.mod h1:lWhjDI78vpbL+qRYRQ8JBbQwx7bXfVqp05VxbfdE/Y4= -github.com/DataDog/test-infra-definitions v0.0.0-20230629072331-ca7799ab15ca h1:In0LmW10UWRmzhDFXsrpvMykeuIsb9I+kZe/C8R68+g= -github.com/DataDog/test-infra-definitions v0.0.0-20230629072331-ca7799ab15ca/go.mod h1:ooZpPM5wPJNEIjDQfrWdWLlw2waB0xB8bG+J5XRDVKk= +github.com/DataDog/datadog-agent/test/new-e2e v0.50.2 h1:iDRXnDeZ0EfAdRUuAqwEKtrBSq0WU2H0UGbFoNz35mk= +github.com/DataDog/datadog-agent/test/new-e2e v0.50.2/go.mod h1:QB38Gm39iGOhs2wzGyZSIYIXUs3/BP+DjP/H6OJJu8A= +github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49 h1:X08p5axuFeIC+9UWyZukTQTvpP6YKcKxjjvB6i6NWyc= +github.com/DataDog/test-infra-definitions v0.0.0-20231113131450-99ce13afdb49/go.mod h1:PqwpYO1dh26TxKAY1TiiMLmmSxzytx3OrXtYl086m2c= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= +github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= +github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1 h1:JMDGhoQvXNTqH6Y3MC0IUw6tcZvaUdujNqzK2HYWZc8= -github.com/ProtonMail/go-crypto v0.0.0-20230528122434-6f98819771a1/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= +github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= +github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= -github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= @@ -78,10 +84,11 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= -github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= +github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0= +github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= @@ -93,39 +100,42 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= -github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo= -github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA= -github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw= -github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk= -github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0= -github.com/aws/aws-sdk-go-v2/service/ecs v1.27.4 h1:F1N0Eh5EGRRY9QpF+tMTkx8Wb59DkQWE91Xza/9dk1c= -github.com/aws/aws-sdk-go-v2/service/ecs v1.27.4/go.mod h1:0irnFofeEZwT7uTjSkNVcSQJbWRqZ9BRoxhKjt1BObM= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU= -github.com/aws/aws-sdk-go-v2/service/ssm v1.36.4 h1:3AjvCuRS8OnNVRC/UBagp1Jo2feR94+VAIKO4lz8gOQ= -github.com/aws/aws-sdk-go-v2/service/ssm v1.36.4/go.mod h1:p6MaesK9061w6NTiFmZpUzEkKUY5blKlwD2zYyErxKA= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w= -github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE= -github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg= -github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= -github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= +github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= +github.com/aws/aws-sdk-go v1.44.298 h1:5qTxdubgV7PptZJmp/2qDwD2JL187ePL7VOxsSh1i3g= +github.com/aws/aws-sdk-go v1.44.298/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk= +github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= +github.com/aws/aws-sdk-go-v2/config v1.25.10 h1:qw/e8emDtNufTkrAU86DlQ18DruMyyM7ttW6Lgwp4v0= +github.com/aws/aws-sdk-go-v2/config v1.25.10/go.mod h1:203YiAtb6XyoGxXMPsUVwEcuxCiTQY/r8P27IDjfvMc= +github.com/aws/aws-sdk-go-v2/credentials v1.16.8 h1:phw9nRLy/77bPk6Mfu2SHCOnHwfVB7WWrOa5rZIY2Fc= +github.com/aws/aws-sdk-go-v2/credentials v1.16.8/go.mod h1:MrS4SOin6adbO6wgWhdifyPiq+TX7fPPwyA/ZLC1F5M= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8 h1:tQZLSPC2Zj2CqZHonLmWEvCsbpMX5tQvaYJWHadcPek= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8/go.mod h1:5+YpvTHDFffykWr5qAGjqwoh8oVYZOddL3sSrEN7lws= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/service/ecs v1.35.1 h1:f4DtxnDnREgJADZUxuRdzGBKRH1H0G6wF6JWq0yXERY= +github.com/aws/aws-sdk-go-v2/service/ecs v1.35.1/go.mod h1:6qineQ2FiFd4AQckMmDOF/tLSQuq+Me1sZO1znKkmgc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0= +github.com/aws/aws-sdk-go-v2/service/ssm v1.44.1 h1:LwoTceR/pj+zzIuVrBrESQ5K8N0T0F3agz+yUXIoVxA= +github.com/aws/aws-sdk-go-v2/service/ssm v1.44.1/go.mod h1:N/ISupi87tK6YpOxPDTmF7i6qedc0HYPiUuUY8zU6RI= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.1 h1:V40g2daNO3l1J94JYwqfkyvQMYXi5I25fs3fNQW8iDs= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.1/go.mod h1:0ZWQJP/mBOUxkCvZKybZNz1XmdUKSBxoF0dzgfxtvDs= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1 h1:uQrj7SpUNC3r55vc1CDh3qV9wJC66lz546xM9dhSo5s= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1/go.mod h1:oyaTk5xEAOuPXX1kCD7HmIeuLqdj3Bk5yGkqGXtGi14= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.1 h1:K33V7L0XDdb23FMOZySr8bon1jou5SHn1fiv7NJ1SUg= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.1/go.mod h1:YtXUl/sfnS06VksYhr855hTQf2HphfT1Xv/EwuzbPjg= +github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= +github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= +github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= +github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -148,6 +158,12 @@ github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/charmbracelet/bubbles v0.16.1 h1:6uzpAAaT9ZqKssntbvZMlksWHruQLNxg49H5WdeuYSY= +github.com/charmbracelet/bubbles v0.16.1/go.mod h1:2QCp9LFlEsBQMvIYERr7Ww2H2bA7xen1idUDIzm/+Xc= +github.com/charmbracelet/bubbletea v0.24.2 h1:uaQIKx9Ai6Gdh5zpTbGiWpytMU+CfsPp06RaW2cx/SY= +github.com/charmbracelet/bubbletea v0.24.2/go.mod h1:XdrNrV4J8GiyshTtx3DNuYkR1FDaJmO3l2nejekbsgg= +github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZpc5Kc1E= +github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c= github.com/cheggaaa/pb v1.0.18/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo= github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30= @@ -155,8 +171,9 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -165,6 +182,8 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 h1:q2hJAaP1k2wIvVRd/hEHD7lacgqrCPS+k8g1MndzfWY= +github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -174,14 +193,15 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -193,7 +213,8 @@ github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= @@ -212,12 +233,14 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= +github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= +github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= @@ -227,17 +250,23 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU= -github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= +github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= +github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= +github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= +github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= -github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= -github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE= -github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= +github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= +github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= +github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= +github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= +github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -250,8 +279,8 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -259,8 +288,8 @@ github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= @@ -268,7 +297,8 @@ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+ github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= @@ -279,8 +309,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= -github.com/golang/glog v1.1.1 h1:jxpi2eWoU84wbX9iIEyAeeoac3FLuifZpY9tcNUD9kw= -github.com/golang/glog v1.1.1/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= +github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= +github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -314,13 +344,25 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/gonvenience/bunt v1.3.5 h1:wSQquifvwEWtzn27k1ngLfeLaStyt0k1b/K6TrlCNAs= +github.com/gonvenience/bunt v1.3.5/go.mod h1:7ApqkVBEWvX04oJ28Q2WeI/BvJM6VtukaJAU/q/pTs8= +github.com/gonvenience/neat v1.3.12 h1:xwIyRbJcG9LgcDYys+HHLH9DqqHeQsUpS5CfBUeskbs= +github.com/gonvenience/neat v1.3.12/go.mod h1:8OljAIgPelN0uPPO94VBqxK+Kz98d6ZFwHDg5o/PfkE= +github.com/gonvenience/term v1.0.2 h1:qKa2RydbWIrabGjR/fegJwpW5m+JvUwFL8mLhHzDXn0= +github.com/gonvenience/term v1.0.2/go.mod h1:wThTR+3MzWtWn7XGVW6qQ65uaVf8GHED98KmwpuEQeo= +github.com/gonvenience/text v1.0.7 h1:YmIqmgTwxnACYCG59DykgMbomwteYyNhAmEUEJtPl14= +github.com/gonvenience/text v1.0.7/go.mod h1:OAjH+mohRszffLY6OjgQcUXiSkbrIavooFpfIt1ZwAs= +github.com/gonvenience/wrap v1.1.2 h1:xPKxNwL1HCguwyM+HlP/1CIuc9LRd7k8RodLwe9YTZA= +github.com/gonvenience/wrap v1.1.2/go.mod h1:GiryBSXoI3BAAhbWD1cZVj7RZmtiu0ERi/6R6eJfslI= +github.com/gonvenience/ytbx v1.4.4 h1:jQopwyaLsVGuwdxSiN4WkXjsEaFNPJ3V4lUj7eyEpzo= +github.com/gonvenience/ytbx v1.4.4/go.mod h1:w37+MKCPcCMY/jpPNmEklD4xKqrOAVBO6kIWW2+uI6M= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -332,9 +374,8 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= @@ -353,17 +394,19 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs= +github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= +github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -375,10 +418,10 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 h1:MJG/KsmcqMwFAkh8mTnAwhyKoB+sTAnY4CACC110tbU= github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645/go.mod h1:6iZfnjpejD4L/4DwD7NryNaJyCQdzwWwH2MWhCA90Kw= -github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro= -github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78= -github.com/gruntwork-io/terratest v0.43.0 h1:/ewxlYwd/HBralCt7P2bAhYM8hdkOiFJHrMz5XdlsSY= -github.com/gruntwork-io/terratest v0.43.0/go.mod h1:vZO4J6UW023NDvl1vI+twZk9r//+QEaNT6MfkheH7z0= +github.com/gruntwork-io/go-commons v0.17.2 h1:14dsCJ7M5Vv2X3BIPKeG9Kdy6vTMGhM8L4WZazxfTuY= +github.com/gruntwork-io/go-commons v0.17.2/go.mod h1:zs7Q2AbUKuTarBPy19CIxJVUX/rBamfW8IwuWKniWkE= +github.com/gruntwork-io/terratest v0.46.16 h1:l+HHuU7lNLwoAl2sP8zkYJy0uoE2Mwha2nw+rim+OhQ= +github.com/gruntwork-io/terratest v0.46.16/go.mod h1:oywHw1cFKXSYvKPm27U7quZVzDUlA22H2xUrKCe26xM= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -406,10 +449,13 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= +github.com/homeport/dyff v1.6.0 h1:AN+ikld0Fy+qx34YE7655b/bpWuxS6cL9k852pE2GUc= +github.com/homeport/dyff v1.6.0/go.mod h1:FlAOFYzeKvxmU5nTrnG+qrlJVWpsFew7pt8L99p5q8k= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -418,6 +464,7 @@ github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -438,6 +485,7 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -446,6 +494,7 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -453,11 +502,14 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= @@ -466,24 +518,30 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3 h1:BXxTozrOU8zgC5dkpn3J6NTRdoP+hjok/e+ACr4Hibk= +github.com/mattn/go-ciede2000 v0.0.0-20170301095244-782e8c62fec3/go.mod h1:x1uk6vxTiVuNt6S5R2UYgdhpj3oKojXvOXauHZ7dEnI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= +github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.8/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= -github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= -github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 h1:ofNAzWCcyTALn2Zv40+8XitdzCgXY6e9qvXwN9W0YXg= -github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= +github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= +github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= +github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-zglob v0.0.3 h1:6Ry4EYsScDyt5di4OI6xw1bYhOqfE5S33Z1OPy+d+To= +github.com/mattn/go-zglob v0.0.3/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -497,6 +555,8 @@ github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eI github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= +github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -511,6 +571,14 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI= +github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo= +github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA= +github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo= +github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= +github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= +github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= +github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -525,13 +593,16 @@ github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= +github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= +github.com/onsi/gomega v1.28.0 h1:i2rg/p9n/UqIDAMFUJ6qIUUMcsqOuUHgbpbu235Vr1c= +github.com/onsi/gomega v1.28.0/go.mod h1:A1H2JE76sI14WIP57LMKj7FVfCHx3g3BcZVjJG8bjX8= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc= @@ -543,6 +614,8 @@ github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtb github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= +github.com/pgavlin/fx v0.1.6/go.mod h1:KWZJ6fqBBSh8GxHYqwYCf3rYE7Gp2p0N8tJp8xv9u9M= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -551,6 +624,8 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= +github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo= +github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= github.com/pkg/term v1.1.0 h1:xIAAdCMh3QIAy+5FrE8Ad8XoDhEU4ufwbaSozViP9kk= github.com/pkg/term v1.1.0/go.mod h1:E25nymQcrSllhX42Ok8MRm1+hyBdHY0dCeiKZ9jpNGw= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -580,27 +655,33 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/pulumi/pulumi-aws/sdk/v5 v5.1.2/go.mod h1:5Bl3enkEyJD5oDkNZYfduZP7aP3xFjCf7yaBdNuifEo= -github.com/pulumi/pulumi-aws/sdk/v5 v5.41.0 h1:SJwp+c3GsfnUk3lP0yJJUsQ7FE5SnHINZpUqQkgYiPQ= -github.com/pulumi/pulumi-aws/sdk/v5 v5.41.0/go.mod h1:qFeKTFSNIlMHotu9ntOWFjJBHtCiUhJeaiUB/0nVwXk= -github.com/pulumi/pulumi-awsx/sdk v1.0.2 h1:SLm2MUICM91b/02r7KTI2/4R1XRJedIeMQdeYxATe9k= -github.com/pulumi/pulumi-awsx/sdk v1.0.2/go.mod h1:jwPmIPvPTVYkq+n6Nz/QfMhNZ1cHvBSORdRYvljV9Xo= -github.com/pulumi/pulumi-command/sdk v0.7.2 h1:YmnCX2lc70kpO9DxE4TJyApL1Tq19gxAaVpThQuDthY= -github.com/pulumi/pulumi-command/sdk v0.7.2/go.mod h1:niZxKP6w3PQdwOWnRwjop2LNd1TcdIQR+LuzIEGX4kU= +github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= +github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= +github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= +github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= +github.com/pulumi/pulumi-aws/sdk/v5 v5.31.0/go.mod h1:axXtUAYEclH+SVqr/QmWFzMfJchxrrPiyMrywCcMF9A= +github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0 h1:QdJvPoUklXdNL8faCOuCrv7qmMNp68jiewbGH8ZboUU= +github.com/pulumi/pulumi-aws/sdk/v5 v5.42.0/go.mod h1:qFeKTFSNIlMHotu9ntOWFjJBHtCiUhJeaiUB/0nVwXk= +github.com/pulumi/pulumi-awsx/sdk v1.0.6 h1:oUan8VgA/pqEmbS2vXhh5Zbn7Lhs6yX5bPMzM03QuMI= +github.com/pulumi/pulumi-awsx/sdk v1.0.6/go.mod h1:2H8uPHxZbfsIg9qr6yAfiIuvNnhBUqyhxw/8mXNLDFg= +github.com/pulumi/pulumi-azure-native-sdk v1.104.0 h1:vyD4PvKSOkwL1z9WTis3ZE9XC73UM/7AyMNek4Vm1+E= +github.com/pulumi/pulumi-azure-native-sdk v1.104.0/go.mod h1:ZfkbJPR8poiJgy4IlNaa2NBjHLW37nsLY2BIbZp3lHc= +github.com/pulumi/pulumi-command/sdk v0.9.2 h1:2siCFR8pS2sSwXkeWiLrprGEtBL54FsHTzdyl125UuI= +github.com/pulumi/pulumi-command/sdk v0.9.2/go.mod h1:VeUXTI/iTgKVjRChRJbLRlBVGxAH+uymscfwzBC2VqY= github.com/pulumi/pulumi-docker/sdk/v3 v3.6.1 h1:plWLn9O6u80Vr37LoCsckyobBfcrdTU9cERor72QjqA= github.com/pulumi/pulumi-docker/sdk/v3 v3.6.1/go.mod h1:N4Yu4c49QErfucPt9Y/fGmpTryRqc0VfhyKHsGR9/g8= -github.com/pulumi/pulumi-eks/sdk v1.0.1 h1:/QstsE+ETWhx3hYVDWHhn4GT7V9aVWrPtyCjKckxB8o= -github.com/pulumi/pulumi-eks/sdk v1.0.1/go.mod h1:H1+qy3r+WqP4Bw/zSd6vb+ZoY3zjDkCq0B1IScAcxhk= +github.com/pulumi/pulumi-eks/sdk v1.0.4 h1:j2tul6k0oZHDQwHU+75Jo8Qe4neYxv2hNpo5uanywrQ= +github.com/pulumi/pulumi-eks/sdk v1.0.4/go.mod h1:eSRoTIxvvu+uyc4tXo//TCsE9qD/DUx+OSLiyZvRB/A= github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.17.0/go.mod h1:w+Y1d8uqc+gv7JYWLF4rfzvTsIIHR1SCL+GG6sX1xMM= -github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.29.1 h1:8j8eTyZjHAClfjAqDyq2VrR59VDGDFKA88/z9qavtB8= -github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.29.1/go.mod h1:l+08Lg5PzbjvVcuazOsXgZIXMES70UtirJ5boDrvcTI= -github.com/pulumi/pulumi-random/sdk/v4 v4.13.2 h1:p4Cti4RIBKA0qi+JG/AofpcVsdyCaHd5gKMU5y/3I2Q= -github.com/pulumi/pulumi-random/sdk/v4 v4.13.2/go.mod h1:cFlJw0eQnqN+62QpITEF9M08gVyzNCeXrKRsuJptFak= +github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.30.2 h1:xJu48+RW+BHHnKtBni6Vj5vKqOEgCzdZAysGbh6tVM0= +github.com/pulumi/pulumi-kubernetes/sdk/v3 v3.30.2/go.mod h1:7yCJFC/jnUwFs566f0FAY2iAzc4G1mQP8H6K+40FK4Y= +github.com/pulumi/pulumi-random/sdk/v4 v4.13.4 h1:g3jdktE5L5IDrOw4OiB+yhgxSw0okRPJnyV6PlIzTEQ= +github.com/pulumi/pulumi-random/sdk/v4 v4.13.4/go.mod h1:cFlJw0eQnqN+62QpITEF9M08gVyzNCeXrKRsuJptFak= github.com/pulumi/pulumi/sdk/v3 v3.16.0/go.mod h1:252ou/zAU1g6E8iTwe2Y9ht7pb5BDl2fJlOuAgZCHiA= -github.com/pulumi/pulumi/sdk/v3 v3.25.0/go.mod h1:VsxW+TGv2VBLe/MeqsAr9r0zKzK/gbAhFT9QxYr24cY= -github.com/pulumi/pulumi/sdk/v3 v3.36.0/go.mod h1:e1xuPnh9aKzCesrFf96DEzcybLdRWRMhKeKVBmb2lm0= -github.com/pulumi/pulumi/sdk/v3 v3.73.0 h1:GXultRLRKyoxPAluyd3RtPCjqGw1Ivc49BF20CEZuIo= -github.com/pulumi/pulumi/sdk/v3 v3.73.0/go.mod h1:BUUBfQZsH0FPuznRfFHkR+b96VlXELnn+DgidFj4XSQ= +github.com/pulumi/pulumi/sdk/v3 v3.50.1/go.mod h1:tqQ4z9ocyM/UI2VQ7ZReWR3w6dF5ffEozoHipOMcDh4= +github.com/pulumi/pulumi/sdk/v3 v3.99.0 h1:vsFoEEdweYg3Hm6/Jlj1sE2cLtauzoqAdVbLMcC7Cw8= +github.com/pulumi/pulumi/sdk/v3 v3.99.0/go.mod h1:wFM/6iAMlidgLDSF9QU+p3P+B+vg/xloFyVeZrVwA1w= +github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -609,8 +690,8 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -618,13 +699,16 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb github.com/sabhiram/go-gitignore v0.0.0-20180611051255-d3107576ba94/go.mod h1:b18R55ulyQ/h3RaWyloPyER7fWQVZvimKKhnI5OfrJQ= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 h1:uIkTLo0AGRc8l7h5l9r+GcYi9qfVPt6lD4/bhmzfiKo= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0= +github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= +github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= +github.com/santhosh-tekuri/jsonschema/v5 v5.0.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0= +github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= +github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= @@ -632,8 +716,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= -github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= +github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= +github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -650,8 +734,8 @@ github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -666,8 +750,9 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -677,8 +762,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6/go.mod h1:XDKHRm5ThF8YJjx001LtgelzsoaEcvnA7lVWz9EeX3g= github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= @@ -694,13 +779,19 @@ github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6 github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= -github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli/v2 v2.10.3 h1:oi571Fxz5aHugfBAJd5nkwSk3fzATXtMlpxdLylSCMo= +github.com/urfave/cli/v2 v2.10.3/go.mod h1:f8iq5LtQ/bLxafbdBSLPPNsgaW0l/2fYYEHhAyPlwvo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= +github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= +github.com/xanzy/ssh-agent v0.3.2/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= +github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -761,13 +852,17 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200317142112-1b76d66859c6/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220824171710-5757bc0c5503/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -778,8 +873,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= +golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -807,8 +902,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= -golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -854,19 +949,20 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= +golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -881,8 +977,8 @@ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= +golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -896,7 +992,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -917,6 +1014,7 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -955,35 +1053,40 @@ golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= -golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -996,15 +1099,15 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= -golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1068,8 +1171,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= -golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= +golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8= +golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1150,8 +1253,8 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1175,8 +1278,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= -google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= +google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1190,8 +1293,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1241,36 +1344,37 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y= -k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg= +k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= +k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= k8s.io/apiextensions-apiserver v0.23.5 h1:5SKzdXyvIJKu+zbfPc3kCbWpbxi+O+zdmAJBm26UJqI= k8s.io/apiextensions-apiserver v0.23.5/go.mod h1:ntcPWNXS8ZPKN+zTXuzYMeg731CP0heCTl6gYBxLcuQ= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM= -k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= +k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8= +k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg= k8s.io/apiserver v0.23.5/go.mod h1:7wvMtGJ42VRxzgVI7jkbKvMbuCbVbgsWFT7RyXiRNTw= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8= -k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48= +k8s.io/client-go v0.28.4 h1:Np5ocjlZcTrkyRJ3+T3PkXDpe4UpatQxj85+xjaD2wY= +k8s.io/client-go v0.28.4/go.mod h1:0VDZFpgoZfelyP5Wqu0/r/TRYcLYuJ2U1KEeoaPa1N4= k8s.io/code-generator v0.23.5/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= k8s.io/component-base v0.23.5/go.mod h1:c5Nq44KZyt1aLl0IpHX82fhsn84Sb0jjzwjpcA42bY0= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= -k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= pgregory.net/rapid v0.4.7/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= pgregory.net/rapid v0.5.5 h1:jkgx1TjbQPD/feRoK+S/mXw9e1uj6WilpHrXJowi6oA= +pgregory.net/rapid v0.5.5/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -1286,5 +1390,3 @@ sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= -sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600 h1:hfyJ5ku9yFtLVOiSxa3IN+dx5eBQT9mPmKFypAmg8XM= -sourcegraph.com/sourcegraph/appdash v0.0.0-20211028080628-e2786a622600/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= diff --git a/test/integ/operator_integ_test.go b/test/integ/operator_integ_test.go index 59b3a8031..142213cb1 100644 --- a/test/integ/operator_integ_test.go +++ b/test/integ/operator_integ_test.go @@ -118,7 +118,7 @@ func verifyOperator(t *testing.T, kubectlOptions *k8s.KubectlOptions) { } func verifyAgent(t *testing.T, kubectlOptions *k8s.KubectlOptions) { - verifyNumPodsForSelector(t, kubectlOptions, 2, "agent.datadoghq.com/component=agent") + verifyNumPodsForSelector(t, kubectlOptions, 1, "agent.datadoghq.com/component=agent") verifyNumPodsForSelector(t, kubectlOptions, 1, "agent.datadoghq.com/component=cluster-agent") verifyNumPodsForSelector(t, kubectlOptions, 1, "agent.datadoghq.com/component=cluster-checks-runner") } diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml new file mode 100644 index 000000000..a6842ac84 --- /dev/null +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -0,0 +1,124 @@ +--- +# Source: private-action-runner/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "private-action-runner-default-serviceaccount" + namespace: datadog-agent +--- +# Source: private-action-runner/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "private-action-runner-default-secrets" + namespace: datadog-agent +stringData: + config.yaml: | + ddBaseURL: https://app.datadoghq.com + urn: CHANGE_ME_URN_FROM_CONFIG + privateKey: CHANGE_ME_PRIVATE_KEY_FROM_CONFIG + modes: + - workflowAutomation + - appBuilder + port: 9016 + actionsAllowlist: + - com.datadoghq.kubernetes.core.getPod + - com.datadoghq.kubernetes.core.listPod +--- +# Source: private-action-runner/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: datadog-agent + name: "private-action-runner-default-role" +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +--- +# Source: private-action-runner/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "private-action-runner-default-rolebinding" + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "private-action-runner-default-role" +subjects: + - kind: ServiceAccount + name: "private-action-runner-default-serviceaccount" + namespace: datadog-agent +--- +# Source: private-action-runner/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: "private-action-runner-default-service" + namespace: datadog-agent +spec: + selector: + service: "private-action-runner-default-service" + ports: + - name: http + port: 9016 + targetPort: 9016 +--- +# Source: private-action-runner/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "private-action-runner-default" + namespace: datadog-agent + labels: + service: "private-action-runner-default-service" + app: "private-action-runner-default" +spec: + minReadySeconds: 10 + replicas: 1 + selector: + matchLabels: + app: "private-action-runner-default" + template: + metadata: + labels: + app: "private-action-runner-default" + service: "private-action-runner-default-service" + annotations: + config-hash: 38d507cd658bf8dcb55de19e2b1f8adac892783287bbbc1c74c33303d420f41a + spec: + serviceAccountName: "private-action-runner-default-serviceaccount" + tolerations: + - effect: NoSchedule + key: node + operator: Equal + value: nodeless + containers: + - name: runner + image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9016 + resources: + limits: + cpu: 250m + memory: 2Gi + requests: + cpu: 250m + memory: 2Gi + volumeMounts: + - name: secrets + mountPath: /etc/dd-action-runner + env: + - name: MANAGED_BY + value: "helm" + volumes: + - name: secrets + secret: + secretName: "private-action-runner-default-secrets" \ No newline at end of file diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml new file mode 100644 index 000000000..0f68c4cc1 --- /dev/null +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -0,0 +1,168 @@ +--- +# Source: private-action-runner/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "private-action-runner-default-serviceaccount" + namespace: datadog-agent +--- +# Source: private-action-runner/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "private-action-runner-default-secrets" + namespace: datadog-agent +stringData: + config.yaml: | + ddBaseURL: https://app.datadoghq.com + urn: CHANGE_ME_URN_FROM_CONFIG + privateKey: CHANGE_ME_PRIVATE_KEY_FROM_CONFIG + modes: + - workflowAutomation + - appBuilder + port: 9016 + actionsAllowlist: + - com.datadoghq.kubernetes.apps.getControllerRevision + - com.datadoghq.kubernetes.apps.listControllerRevision + - com.datadoghq.kubernetes.apps.createControllerRevision + - com.datadoghq.kubernetes.apps.updateControllerRevision + - com.datadoghq.kubernetes.apps.patchControllerRevision + - com.datadoghq.kubernetes.apps.deleteControllerRevision + - com.datadoghq.kubernetes.apps.deleteMultipleControllerRevisions + - com.datadoghq.kubernetes.apps.restartDeployment + - com.datadoghq.kubernetes.core.patchEndpoints + - com.datadoghq.kubernetes.core.getPod + - com.datadoghq.kubernetes.core.listPod + - com.datadoghq.kubernetes.customresources.deleteMultipleCustomObjects +--- +# Source: private-action-runner/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + namespace: datadog-agent + name: "private-action-runner-default-role" +rules: +- apiGroups: + - example.com + resources: + - tests + verbs: + - list + - get + - create + - patch + - update + - delete +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + verbs: + - patch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +--- +# Source: private-action-runner/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "private-action-runner-default-rolebinding" + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "private-action-runner-default-role" +subjects: + - kind: ServiceAccount + name: "private-action-runner-default-serviceaccount" + namespace: datadog-agent +--- +# Source: private-action-runner/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: "private-action-runner-default-service" + namespace: datadog-agent +spec: + selector: + service: "private-action-runner-default-service" + ports: + - name: http + port: 9016 + targetPort: 9016 +--- +# Source: private-action-runner/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "private-action-runner-default" + namespace: datadog-agent + labels: + service: "private-action-runner-default-service" + app: "private-action-runner-default" +spec: + minReadySeconds: 10 + replicas: 1 + selector: + matchLabels: + app: "private-action-runner-default" + template: + metadata: + labels: + app: "private-action-runner-default" + service: "private-action-runner-default-service" + annotations: + config-hash: bda02d4e95c0ab1a984e62d87be14d65768d938dc3ff2e59342961b37acf25fb + spec: + serviceAccountName: "private-action-runner-default-serviceaccount" + tolerations: + - effect: NoSchedule + key: node + operator: Equal + value: nodeless + containers: + - name: runner + image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9016 + resources: + limits: + cpu: 250m + memory: 2Gi + requests: + cpu: 250m + memory: 2Gi + volumeMounts: + - name: secrets + mountPath: /etc/dd-action-runner + env: + - name: MANAGED_BY + value: "helm" + volumes: + - name: secrets + secret: + secretName: "private-action-runner-default-secrets" \ No newline at end of file diff --git a/test/private-action-runner/baseline_test.go b/test/private-action-runner/baseline_test.go new file mode 100644 index 000000000..63937c1b0 --- /dev/null +++ b/test/private-action-runner/baseline_test.go @@ -0,0 +1,67 @@ +package private_action_runner + +import ( + "github.com/gruntwork-io/terratest/modules/helm" + "testing" + + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" +) + +func Test_baseline_manifests(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + snapshotName string + assertions func(t *testing.T, manifest, snapshotName string) + }{ + { + name: "Private Action Runner default", + command: common.HelmCommand{ + ReleaseName: "private-action-runner", + ChartPath: "../../charts/private-action-runner", + Values: []string{"../../charts/private-action-runner/values.yaml"}, + Overrides: map[string]string{}, + }, + snapshotName: "default", + assertions: verifyPrivateActionRunner, + }, + { + name: "Enable kubernetes actions", + command: common.HelmCommand{ + ReleaseName: "private-action-runner", + ChartPath: "../../charts/private-action-runner", + Values: []string{"../../charts/private-action-runner/values.yaml"}, + Overrides: map[string]string{ + "runners[0].kubernetesActions.controllerRevisions": "{get,list,create,update,patch,delete,deleteMultiple}", + "runners[0].kubernetesActions.customObjects": "{deleteMultiple}", + "runners[0].kubernetesActions.deployments": "{restart}", + "runners[0].kubernetesActions.endpoints": "{patch}", + "runners[0].kubernetesPermissions[0].apiGroups": "{example.com}", + "runners[0].kubernetesPermissions[0].resources": "{tests}", + "runners[0].kubernetesPermissions[0].verbs": "{list,get,create,patch,update,delete}", + }, + }, + snapshotName: "enable-kubernetes-actions", + assertions: verifyPrivateActionRunner, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + t.Log("update baselines", common.UpdateBaselines) + if common.UpdateBaselines { + helm.UpdateSnapshot(t, &helm.Options{}, manifest, tt.snapshotName) + } + + tt.assertions(t, manifest, tt.snapshotName) + }) + } +} + +func verifyPrivateActionRunner(t *testing.T, manifest string, snapshotName string) { + diffCount := helm.DiffAgainstSnapshot(t, &helm.Options{}, manifest, snapshotName) + assert.Equal(t, 0, diffCount, "manifests are different") +} diff --git a/test/private-action-runner/testmain_test.go b/test/private-action-runner/testmain_test.go new file mode 100644 index 000000000..b2b5e13c1 --- /dev/null +++ b/test/private-action-runner/testmain_test.go @@ -0,0 +1,13 @@ +package private_action_runner + +import ( + "os" + "testing" + + "github.com/DataDog/helm-charts/test/common" +) + +func TestMain(m *testing.M) { + common.ParseArgs() + os.Exit(m.Run()) +}